fedora-infrastructure

Clone
Source Code
GIT

#5614 Fail to build in Koji and "KDC has no support for encryption type" is reported
Closed: Fixed 7 years ago Opened 7 years ago by cqi.

Closed: Fixed
Reopen Issue

I'm using fedpkg-1.25-1.fc24.noarch to build new RPMs for fedpkg-1.26-3. It fails when do scratch-build.

KRB5_TRACE=/dev/stdout fedpkg -d -v scratch-build --srpm                                                                     [26/1985]
Generating an srpm
Creating repo object from /home/cqi/packages/fedora/fedpkg
Srpm found, rewriting it.
Running rpmbuild --define '_sourcedir /home/cqi/packages/fedora/fedpkg' --define '_specdir /home/cqi/packages/fedora/fedpkg' --define '_builddir /home/cqi/packages/fedora/fed
pkg' --define '_srcrpmdir /home/cqi/packages/fedora/fedpkg' --define '_rpmdir /home/cqi/packages/fedora/fedpkg' --define 'dist .fc26' --define 'fedora 26' --eval '%undefine r
hel' --define 'fc26 1' --eval '%undefine fc24' --nodeps -bs /home/cqi/packages/fedora/fedpkg/fedpkg.spec directly on the tty


Wrote: /home/cqi/packages/fedora/fedpkg/fedpkg-1.26-3.fc26.src.rpm
Initiating a koji session to http://koji.fedoraproject.org/kojihub
[21323] 1481532402.162069: Getting credentials cqi@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_1000
[21323] 1481532402.162190: Retrieving cqi@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_1000 with result: -1765328243/Matching c
redential not found (filename: /tmp/krb5cc_1000)
[21323] 1481532402.162267: Retrieving cqi@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_1000 with result: 0/Success
[21323] 1481532402.162277: Starting with TGT for client realm: cqi@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG
[21323] 1481532402.162283: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals on
[21323] 1481532402.162300: Generated subkey for TGS request: aes256-cts/34FE
[21323] 1481532402.162340: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
[21323] 1481532402.162420: Encoding request body and padata into FAST request
[21323] 1481532402.162482: Sending request (966 bytes) to FEDORAPROJECT.ORG
[21323] 1481532402.162746: Resolving hostname id.fedoraproject.org
[21323] 1481532403.110272: TLS certificate name matched "id.fedoraproject.org"
[21323] 1481532403.501103: Sending HTTPS request to https 152.19.134.142:443
[21323] 1481532404.226615: Received answer (510 bytes) from https 152.19.134.142:443
[21323] 1481532404.226636: Terminating TCP connection to https 152.19.134.142:443
[21323] 1481532404.228146: Terminating TCP connection to https 8.43.85.67:443
[21323] 1481532404.229725: Response was not from master KDC
[21323] 1481532404.229836: Decoding FAST response
[21323] 1481532404.229895: TGS request result: -1765328370/KDC has no support for encryption type
[21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off
[21323] 1481532404.229923: Generated subkey for TGS request: aes256-cts/2BEF
[21323] 1481532404.229968: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
[21323] 1481532404.230116: Encoding request body and padata into FAST request
[21323] 1481532404.231883: Sending request (966 bytes) to FEDORAPROJECT.ORG
[21323] 1481532404.231940: Resolving hostname id.fedoraproject.org
[21323] 1481532404.950699: TLS certificate name matched "id.fedoraproject.org"
[21323] 1481532405.267821: Sending HTTPS request to https 8.43.85.67:443
[21323] 1481532405.967332: Received answer (510 bytes) from https 8.43.85.67:443
[21323] 1481532405.967350: Terminating TCP connection to https 8.43.85.67:443
[21323] 1481532405.968913: Terminating TCP connection to https 185.141.165.254:443
[21323] 1481532405.970379: Response was not from master KDC
[21323] 1481532405.970465: Decoding FAST response
[21323] 1481532405.970517: TGS request result: -1765328370/KDC has no support for encryption type
Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')
... (The traceback from fedpkg is cut off)

what version of koji do you have installed?

Did you authenticate using kerberos? kinit <fasusername>@FEDORAPROJECT.ORG?

Yes, I'm using kerberos auth. Credential is already initialized.

what version of koji do you have installed?

http://koji.fedoraproject.org/kojihub

@cqi thats not the version of the rpm you have installed. make sure you have koji-1.11.0-1 as the ssl certs changed a few hours back and you need a new config

$ rpm -q koji
koji-1.11.0-1.fc24.noarch

$ fedpkg scratch-build
Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')

So the problem is probably elsewhere.

KRB5_TRACE=/dev/stdout fedpkg -d -v scratch-build --srpm
Generating an srpm
Creating repo object from /home/yarda/git-fedora/grep/master
Downloading grep-2.27.tar.xz
Full url: https://src.fedoraproject.org/repo/pkgs/grep/grep-2.27.tar.xz/md5/6138dd227c39d4a25f81eea76a44d4cb/grep-2.27.tar.xz

################################################################## 100.0%

Running: rpmbuild --define '_sourcedir /home/yarda/git-fedora/grep/master' --define '_specdir /home/yarda/git-fedora/grep/master' --define '_builddir /home/yarda/git-fedora/grep/master' --define '_srcrpmdir /home/yarda/git-fedora/grep/master' --define '_rpmdir /home/yarda/git-fedora/grep/master' --define 'dist .fc26' --define 'fedora 26' --eval '%undefine rhel' --define 'fc26 1' --eval '%undefine fc24' --nodeps -bs /home/yarda/git-fedora/grep/master/grep.spec

Zapsáno: /home/yarda/git-fedora/grep/master/grep-2.27-1.fc26.src.rpm
Initiating a koji session to https://koji.fedoraproject.org/kojihub
[13281] 1481536516.189998: ccselect module k5identity chose cache KEYRING:persistent:1000:1000 with client principal jskarvad@REDHAT.COM for server principal HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG
[13281] 1481536516.190054: Getting credentials jskarvad@REDHAT.COM -> HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:1000
[13281] 1481536516.190134: Retrieving jskarvad@REDHAT.COM -> HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.190202: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.190242: Retrieving jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM from KEYRING:persistent:1000:1000 with result: 0/Success
[13281] 1481536516.190251: Starting with TGT for client realm: jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM
[13281] 1481536516.190307: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.190315: Requesting TGT krbtgt/FEDORAPROJECT.ORG@REDHAT.COM using TGT krbtgt/REDHAT.COM@REDHAT.COM
[13281] 1481536516.190339: Generated subkey for TGS request: aes256-cts/04D2
[13281] 1481536516.190384: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4
[13281] 1481536516.190447: Encoding request body and padata into FAST request
[13281] 1481536516.190495: Sending request (940 bytes) to REDHAT.COM
[13281] 1481536516.190651: Resolving hostname kerberos.brq.redhat.com
[13281] 1481536516.225680: Sending initial UDP request to dgram 10.38.1.11:88
[13281] 1481536516.260585: Received answer (465 bytes) from dgram 10.38.1.11:88
[13281] 1481536516.260644: Response was not from master KDC
[13281] 1481536516.260665: Decoding FAST response
[13281] 1481536516.260713: TGS request result: -1765328377/Server krbtgt/FEDORAPROJECT.ORG@REDHAT.COM not found in Kerberos database
[13281] 1481536516.330261: ccselect module k5identity chose cache KEYRING:persistent:1000:1000 with client principal jskarvad@REDHAT.COM for server principal HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG
[13281] 1481536516.330311: Getting credentials jskarvad@REDHAT.COM -> HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:1000
[13281] 1481536516.330375: Retrieving jskarvad@REDHAT.COM -> HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.330413: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.330449: Retrieving jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM from KEYRING:persistent:1000:1000 with result: 0/Success
[13281] 1481536516.330455: Starting with TGT for client realm: jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM
[13281] 1481536516.330506: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found
[13281] 1481536516.330513: Requesting TGT krbtgt/FEDORAPROJECT.ORG@REDHAT.COM using TGT krbtgt/REDHAT.COM@REDHAT.COM
[13281] 1481536516.330531: Generated subkey for TGS request: aes256-cts/3DC7
[13281] 1481536516.330587: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4
[13281] 1481536516.330651: Encoding request body and padata into FAST request
[13281] 1481536516.330703: Sending request (940 bytes) to REDHAT.COM
[13281] 1481536516.330789: Resolving hostname kerberos.brq.redhat.com
[13281] 1481536516.365091: Sending initial UDP request to dgram 10.38.1.11:88
[13281] 1481536516.400181: Received answer (465 bytes) from dgram 10.38.1.11:88
[13281] 1481536516.400245: Response was not from master KDC
[13281] 1481536516.400276: Decoding FAST response
[13281] 1481536516.400331: TGS request result: -1765328377/Server krbtgt/FEDORAPROJECT.ORG@REDHAT.COM not found in Kerberos database
[13281] 1481536516.473026: Getting credentials jskarvad@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:krb_ccache_VbLjcH2
[13281] 1481536516.473122: Retrieving jskarvad@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:krb_ccache_VbLjcH2 with result: -1765328243/Matching credential not found
[13281] 1481536516.473191: Retrieving jskarvad@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:krb_ccache_VbLjcH2 with result: 0/Success
[13281] 1481536516.473200: Starting with TGT for client realm: jskarvad@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG
[13281] 1481536516.473207: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals on
[13281] 1481536516.473223: Generated subkey for TGS request: aes256-cts/B853
[13281] 1481536516.473261: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4
[13281] 1481536516.473321: Encoding request body and padata into FAST request
[13281] 1481536516.473375: Sending request (1020 bytes) to FEDORAPROJECT.ORG
[13281] 1481536516.473466: Resolving hostname id.fedoraproject.org
[13281] 1481536516.938684: TLS certificate name matched "id.fedoraproject.org"
[13281] 1481536517.141975: Sending HTTPS request to https 67.203.2.67:443
[13281] 1481536517.448871: Received answer (521 bytes) from https 67.203.2.67:443
[13281] 1481536517.448886: Terminating TCP connection to https 67.203.2.67:443
[13281] 1481536517.450296: Response was not from master KDC
[13281] 1481536517.450345: Decoding FAST response
[13281] 1481536517.450386: TGS request result: -1765328370/KDC has no support for encryption type
[13281] 1481536517.450393: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off
[13281] 1481536517.450412: Generated subkey for TGS request: aes256-cts/F13F
[13281] 1481536517.450448: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4
[13281] 1481536517.450504: Encoding request body and padata into FAST request
[13281] 1481536517.450900: Sending request (1020 bytes) to FEDORAPROJECT.ORG
[13281] 1481536517.450921: Resolving hostname id.fedoraproject.org
[13281] 1481536517.859773: TLS certificate name matched "id.fedoraproject.org"
[13281] 1481536518.166684: Sending HTTPS request to https 209.132.181.16:443
[13281] 1481536518.370462: Received answer (521 bytes) from https 209.132.181.16:443
[13281] 1481536518.370476: Terminating TCP connection to https 209.132.181.16:443
[13281] 1481536518.371741: Response was not from master KDC
[13281] 1481536518.371778: Decoding FAST response
[13281] 1481536518.371829: TGS request result: -1765328370/KDC has no support for encryption type
Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')
Traceback (most recent call last):
File "/usr/bin/fedpkg", line 16, in <module>
main()
File "/usr/lib/python2.7/site-packages/fedpkg/main.py", line 77, in main
sys.exit(client.args.command())
File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 1298, in scratch_build
return self.build()
File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 976, in build
self.cmd.koji_upload(self.args.srpm, uniquepath, callback=callback)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 2068, in koji_upload
if not self.kojisession:
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 216, in kojisession
self.load_kojisession()
File "/usr/lib/python2.7/site-packages/fedpkg/init.py", line 314, in load_kojisession
return super(Commands, self).load_kojisession(anon)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 378, in load_kojisession
self.login_koji_session(koji_config, self._kojisession)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 345, in login_koji_session
session.krb_login(proxyuser=self.runas)
File "/usr/lib/python2.7/site-packages/koji/init.py", line 2087, in krb_login
options=krbV.AP_OPTS_MUTUAL_REQUIRED)
krbV.Krb5Error: (-1765328370, 'KDC has no support for encryption type')

As dgilmore pointed out

<dgilmore> cqi: make sure https://pagure.io/rpkg/pull-request/171 is applied

That patch is committed after rpkg-1.47-3. I'm preparing environment to test it. I'll make a new package of rpkg.

As dgilmore pointed out

<dgilmore> cqi: make sure https://pagure.io/rpkg/pull-request/171 is applied

That patch is committed after rpkg-1.47-3. I'm preparing environment to test it. I'll make a new package of rpkg.

No, it doesn't work for me:
$ fedpkg -dv scratch-build
Creating repo object from /home/yarda/git-fedora/grep/master
Initiating a koji session to https://koji.fedoraproject.org/kojihub
Could not execute scratch_build: 'krb_rdns'
Traceback (most recent call last):
File "/usr/bin/fedpkg", line 16, in <module>
main()
File "/usr/lib/python2.7/site-packages/fedpkg/main.py", line 77, in main
sys.exit(client.args.command())
File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 1298, in scratch_build
return self.build()
File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 988, in build
sets, nvr_check)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 1878, in build
build_target = self.kojisession.getBuildTarget(self.target)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 216, in kojisession
self.load_kojisession()
File "/usr/lib/python2.7/site-packages/fedpkg/init.py", line 314, in load_kojisession
return super(Commands, self).load_kojisession(anon)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 366, in load_kojisession
session_opts = self.create_koji_session_opts(koji_config)
File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 312, in create_koji_session_opts
if koji_config[name] is not None:
KeyError: 'krb_rdns'

@jskarvad can you try
koji build --scratch f26 $(fedpkg giturl)

also please make sure that you do not have a /etc/kojid.conf.rpmnew file

That KeyError sounds like the PR https://pagure.io/rpkg/pull-request/171 no?

@jskarvad can you try
koji build --scratch f26 $(fedpkg giturl)

This seems to work (without the patch applied).

so you are hitting bugs in fedpkg or rpkg, what versions are installed?

also please make sure that you do not have a /etc/kojid.conf.rpmnew file

$ ls /etc/kojid.conf.rpmnew file
ls: cannot access '/etc/kojid.conf.rpmnew': No such file or directory

$ ls /etc/koji.conf.rpmnew file
ls: cannot access '/etc/koji.conf.rpmnew': No such file or directory

$ ls /etc/koji.conf.d
arm-config brewtest.conf rpmfusion.conf s390-config
brewkoji.conf ppc-config stg-config

so you are hitting bugs in fedpkg or rpkg, what versions are installed?

fedpkg-1.26-2.fc24.noarch
rpkg-1.47-3.fc24.noarch
pyrpkg-1.47-3.fc24.noarch
Edited 7 years ago by jskarvad

That KeyError sounds like the PR https://pagure.io/rpkg/pull-request/171 no?

I got the error after manually applying the PR onto pyrpkg-1.47-3.fc24.noarch

Any idea what could be wrong?

I tried to upgrade/downgrade openssl, but it doesn't help, currently I have:
openssl-1.0.2j-1.fc24.x86_64
openssl-libs-1.0.2j-1.fc24.x86_64

@jskarvad

With https://pagure.io/rpkg/pull-request/171, I succeeded to do scratch-build. Next, I'll make new rpkg and fedpkg, then please try it again.

You need either rpkg PR #171 or koji-1.11.0.

If you see "[21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off", (key part being "proxy10"), that means the krb_rdns setting did not take effect.

You need either rpkg PR #171 or koji-1.11.0.
If you see "[21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org @FEDORAPROJECT.ORG, referrals off", (key part being "proxy10"), that means the krb_rdns setting did not take effect.

Neither resolves the problem for me:
$ fedpkg scratch-build
Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')

You have a broken krb5.conf.
https://github.com/puiterwijk/KrbDebug/blob/master/KrbDebug will tell you what needs to be done to fix it.

You have a broken krb5.conf.
https://github.com/puiterwijk/KrbDebug/blob/master/KrbDebug will tell you what needs to be done to fix it.

Uh?

test_01_installed (main.TestKerberos) ... ok
test_02_using_collection (main.TestKerberos) ... ok
test_03_configuration (main.TestKerberos) ... ok
test_04_kinit (main.TestKerberos) ... ok

Ran 4 tests in 1.606s

OK

I have default config, plus our redhat krb config.

Can this issue be closed? Its unclear if the initial issue and the later one(s) were the same...

Can this issue be closed? Its unclear if the initial issue and the later one(s) were the same...

Well, I'm still hitting it, and I don't see the build from jskarvad available yet. So I'd say no :)

ETA: Manually applied pyrpkg-1.47-4.fc24.noarch.rpm and the error "KDC has no support for encryption type" no longer appears and I am able to start a scratch build. So if someone could do an update for it I'll add karma.
Edited 7 years ago by bcl

@kevin This issue can be closed. New builds of rpkg and fedpkg are already in bodhi process now.

Thanks.

:aquarius:

@kevin changed the status to Closed
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.