build/create-rpm.sh fails on gpg import

[pietrushnic]

[user@untrusted qubes-video-companion]$ DEBUG=1 ./build/create-rpm.sh 
+ set -E
+ trap exit ERR
+ '[' '' == dom0 ']'
+++ readlink -f ./build/create-rpm.sh
++ dirname /tmp/qubes-video-companion/build/create-rpm.sh
+ local_dir=/tmp/qubes-video-companion/build
+ cd /tmp/qubes-video-companion/build
+ gpg --import author.asc
gpg: key F83DD5F2: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
++ exit

Even if I comment out things related to gpg signature I eventually getting this error:

make[1]: Entering directory '/home/user/rpmbuild/BUILD/qubes-video-companion-1.0.0/doc'
pandoc -s -f rst -t man -o qubes-video-companion.1 qubes-video-companion.rst
gzip -f qubes-video-companion.1
install -d /home/user/rpmbuild/BUILDROOT/qubes-video-companion-1.0.0-1.fc26.x86_64/usr/share/man/man1
install -Dm 644 qubes-video-companion.1.gz /home/user/rpmbuild/BUILDROOT/qubes-video-companion-1.0.0-1.fc26.x86_64/usr/share/man/man1
make[1]: Leaving directory '/home/user/rpmbuild/BUILD/qubes-video-companion-1.0.0/doc'
install -d /home/user/rpmbuild/BUILDROOT/qubes-video-companion-1.0.0-1.fc26.x86_64/usr/share/licenses/qubes-video-companion
install -Dm 644 LICENSE /home/user/rpmbuild/BUILDROOT/qubes-video-companion-1.0.0-1.fc26.x86_64/usr/share/licenses/qubes-video-companion
+ /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 110000000 /home/user/rpmbuild/BUILD/qubes-video-companion-1.0.0
+ '[' noarch = noarch ']'
+ case "${QA_CHECK_RPATHS:-}" in
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1
Compiling /home/user/rpmbuild/BUILDROOT/qubes-video-companion-1.0.0-1.fc26.x86_64/usr/share/qubes-video-companion/ui/user_interface.py ...
  File "/usr/share/qubes-video-companion/ui/user_interface.py", line 33
    print('Video source does not exist:', self.video_source, file=sys.stderr)
                                                                 ^
SyntaxError: invalid syntax

error: Bad exit status from /var/tmp/rpm-tmp.uXVhIu (%install)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.uXVhIu (%install)
++ exit

[ElliotKillick]

I can see by the fc26 strings in the build log that you're trying to build this on Fedora 26 which is woefully out-of-date.

This means that the reason for the first error is the gpg command using GPG version 1 instead of 2 which is incompatible with newer ECC keys (like mine).

The second error is some incompatibility in the older version of Python on Fedora 26 meaning the package cannot build.

The package must be built on the the same version of Fedora that it will be installed on. So, if your sys-usb VM runs Fedora 33 (the newest version a stable Qubes template currently exists for) then you will have to build the package on Fedora 33 as well.

Similarly, if you want to build for Dom0, well it runs Fedora 25 in Qubes R4.0, so you will have to get a Fedora 25 AppVM from the official Qubes repo (I included instructions on how to do this in the script) and run ./create-rpm.sh dom0 so the script knows to build the RPM using the Fedora 25 spec file (as opposed to the one for building on modern versions of Fedora).

Please let me know if you have any more questions!

[pietrushnic]

Jeez, I had no idea about those dependencies. I hope to try that during the weekend. On Tuesday I would like to show something at conference instead of only my struggle with making it work. Are you available for support on some less asynchronous medium e.g. Wire? It would also be great to have your review of my presentation or even if you could join session on Tuesday.

[ElliotKillick]

Sure thing! I've never heard of Wire but it seems like a good modern secure and private communication app for the workplace. I created an account @ElliotKillick, let's see if we can connect.

[DemiMarie]

Similarly, if you want to build for Dom0, well it runs Fedora 25 in Qubes R4.0, so you will have to get a Fedora 25 AppVM from the official Qubes repo (I included instructions on how to do this in the script) and run ./create-rpm.sh dom0 so the script knows to build the RPM using the Fedora 25 spec file (as opposed to the one for building on modern versions of Fedora).

That isn’t a good idea. A much safer approach is to use qubes-builder. The Fedora 25 DNF and RPM packages are horribly insecure.

[ElliotKillick]

That isn’t a good idea. A much safer approach is to use qubes-builder. The Fedora 25 DNF and RPM packages are horribly insecure.

That's a good point! In fact, I think Demi has found a few vulnerabilities in DNF since then.

However, without Qubes Builder "set up" for this project (I've never used qubes-builder; I assume there is some setup) it puts us in a tough spot. I just merged that PR so hopefully we can get rolling with that!

[DemiMarie]

That isn’t a good idea. A much safer approach is to use qubes-builder. The Fedora 25 DNF and RPM packages are horribly insecure.

That's a good point! In fact, I think Demi has found a few vulnerabilities in DNF since then.

However, without Qubes Builder "set up" for this project (I've never used qubes-builder; I assume there is some setup) it puts us in a tough spot. I just merged that PR so hopefully we can get rolling with that!

You need to expose a top-level makefile that has the targets Qubes Builder expects

[fiddler-on-the-roof]

Using and testing R4.1.
The script can build the .rpm in Fedora-34, but have (seemingly the same) issue with gpg in Fedora-32.
So what is the current state of the project? How to build .rpm for dom0?