I'm using fedpkg-1.25-1.fc24.noarch to build new RPMs for fedpkg-1.26-3. It fails when do scratch-build.
fedpkg-1.25-1.fc24.noarch
fedpkg-1.26-3
scratch-build
KRB5_TRACE=/dev/stdout fedpkg -d -v scratch-build --srpm [26/1985] Generating an srpm Creating repo object from /home/cqi/packages/fedora/fedpkg Srpm found, rewriting it. Running rpmbuild --define '_sourcedir /home/cqi/packages/fedora/fedpkg' --define '_specdir /home/cqi/packages/fedora/fedpkg' --define '_builddir /home/cqi/packages/fedora/fed pkg' --define '_srcrpmdir /home/cqi/packages/fedora/fedpkg' --define '_rpmdir /home/cqi/packages/fedora/fedpkg' --define 'dist .fc26' --define 'fedora 26' --eval '%undefine r hel' --define 'fc26 1' --eval '%undefine fc24' --nodeps -bs /home/cqi/packages/fedora/fedpkg/fedpkg.spec directly on the tty Wrote: /home/cqi/packages/fedora/fedpkg/fedpkg-1.26-3.fc26.src.rpm Initiating a koji session to http://koji.fedoraproject.org/kojihub [21323] 1481532402.162069: Getting credentials cqi@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache FILE:/tmp/krb5cc_1000 [21323] 1481532402.162190: Retrieving cqi@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_1000 with result: -1765328243/Matching c redential not found (filename: /tmp/krb5cc_1000) [21323] 1481532402.162267: Retrieving cqi@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from FILE:/tmp/krb5cc_1000 with result: 0/Success [21323] 1481532402.162277: Starting with TGT for client realm: cqi@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [21323] 1481532402.162283: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [21323] 1481532402.162300: Generated subkey for TGS request: aes256-cts/34FE [21323] 1481532402.162340: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts [21323] 1481532402.162420: Encoding request body and padata into FAST request [21323] 1481532402.162482: Sending request (966 bytes) to FEDORAPROJECT.ORG [21323] 1481532402.162746: Resolving hostname id.fedoraproject.org [21323] 1481532403.110272: TLS certificate name matched "id.fedoraproject.org" [21323] 1481532403.501103: Sending HTTPS request to https 152.19.134.142:443 [21323] 1481532404.226615: Received answer (510 bytes) from https 152.19.134.142:443 [21323] 1481532404.226636: Terminating TCP connection to https 152.19.134.142:443 [21323] 1481532404.228146: Terminating TCP connection to https 8.43.85.67:443 [21323] 1481532404.229725: Response was not from master KDC [21323] 1481532404.229836: Decoding FAST response [21323] 1481532404.229895: TGS request result: -1765328370/KDC has no support for encryption type [21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [21323] 1481532404.229923: Generated subkey for TGS request: aes256-cts/2BEF [21323] 1481532404.229968: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts [21323] 1481532404.230116: Encoding request body and padata into FAST request [21323] 1481532404.231883: Sending request (966 bytes) to FEDORAPROJECT.ORG [21323] 1481532404.231940: Resolving hostname id.fedoraproject.org [21323] 1481532404.950699: TLS certificate name matched "id.fedoraproject.org" [21323] 1481532405.267821: Sending HTTPS request to https 8.43.85.67:443 [21323] 1481532405.967332: Received answer (510 bytes) from https 8.43.85.67:443 [21323] 1481532405.967350: Terminating TCP connection to https 8.43.85.67:443 [21323] 1481532405.968913: Terminating TCP connection to https 185.141.165.254:443 [21323] 1481532405.970379: Response was not from master KDC [21323] 1481532405.970465: Decoding FAST response [21323] 1481532405.970517: TGS request result: -1765328370/KDC has no support for encryption type Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type') ... (The traceback from fedpkg is cut off)
what version of koji do you have installed?
Did you authenticate using kerberos? kinit <fasusername>@FEDORAPROJECT.ORG?
kinit <fasusername>@FEDORAPROJECT.ORG
Yes, I'm using kerberos auth. Credential is already initialized.
http://koji.fedoraproject.org/kojihub
@cqi thats not the version of the rpm you have installed. make sure you have koji-1.11.0-1 as the ssl certs changed a few hours back and you need a new config
$ rpm -q koji koji-1.11.0-1.fc24.noarch
$ fedpkg scratch-build Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')
So the problem is probably elsewhere.
KRB5_TRACE=/dev/stdout fedpkg -d -v scratch-build --srpm Generating an srpm Creating repo object from /home/yarda/git-fedora/grep/master Downloading grep-2.27.tar.xz Full url: https://src.fedoraproject.org/repo/pkgs/grep/grep-2.27.tar.xz/md5/6138dd227c39d4a25f81eea76a44d4cb/grep-2.27.tar.xz
Running: rpmbuild --define '_sourcedir /home/yarda/git-fedora/grep/master' --define '_specdir /home/yarda/git-fedora/grep/master' --define '_builddir /home/yarda/git-fedora/grep/master' --define '_srcrpmdir /home/yarda/git-fedora/grep/master' --define '_rpmdir /home/yarda/git-fedora/grep/master' --define 'dist .fc26' --define 'fedora 26' --eval '%undefine rhel' --define 'fc26 1' --eval '%undefine fc24' --nodeps -bs /home/yarda/git-fedora/grep/master/grep.spec
Zapsáno: /home/yarda/git-fedora/grep/master/grep-2.27-1.fc26.src.rpm Initiating a koji session to https://koji.fedoraproject.org/kojihub [13281] 1481536516.189998: ccselect module k5identity chose cache KEYRING:persistent:1000:1000 with client principal jskarvad@REDHAT.COM for server principal HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG [13281] 1481536516.190054: Getting credentials jskarvad@REDHAT.COM -> HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:1000 [13281] 1481536516.190134: Retrieving jskarvad@REDHAT.COM -> HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.190202: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.190242: Retrieving jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM from KEYRING:persistent:1000:1000 with result: 0/Success [13281] 1481536516.190251: Starting with TGT for client realm: jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM [13281] 1481536516.190307: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.190315: Requesting TGT krbtgt/FEDORAPROJECT.ORG@REDHAT.COM using TGT krbtgt/REDHAT.COM@REDHAT.COM [13281] 1481536516.190339: Generated subkey for TGS request: aes256-cts/04D2 [13281] 1481536516.190384: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [13281] 1481536516.190447: Encoding request body and padata into FAST request [13281] 1481536516.190495: Sending request (940 bytes) to REDHAT.COM [13281] 1481536516.190651: Resolving hostname kerberos.brq.redhat.com [13281] 1481536516.225680: Sending initial UDP request to dgram 10.38.1.11:88 [13281] 1481536516.260585: Received answer (465 bytes) from dgram 10.38.1.11:88 [13281] 1481536516.260644: Response was not from master KDC [13281] 1481536516.260665: Decoding FAST response [13281] 1481536516.260713: TGS request result: -1765328377/Server krbtgt/FEDORAPROJECT.ORG@REDHAT.COM not found in Kerberos database [13281] 1481536516.330261: ccselect module k5identity chose cache KEYRING:persistent:1000:1000 with client principal jskarvad@REDHAT.COM for server principal HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG [13281] 1481536516.330311: Getting credentials jskarvad@REDHAT.COM -> HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:1000 [13281] 1481536516.330375: Retrieving jskarvad@REDHAT.COM -> HTTP/proxy01.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.330413: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.330449: Retrieving jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM from KEYRING:persistent:1000:1000 with result: 0/Success [13281] 1481536516.330455: Starting with TGT for client realm: jskarvad@REDHAT.COM -> krbtgt/REDHAT.COM@REDHAT.COM [13281] 1481536516.330506: Retrieving jskarvad@REDHAT.COM -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:1000 with result: -1765328243/Matching credential not found [13281] 1481536516.330513: Requesting TGT krbtgt/FEDORAPROJECT.ORG@REDHAT.COM using TGT krbtgt/REDHAT.COM@REDHAT.COM [13281] 1481536516.330531: Generated subkey for TGS request: aes256-cts/3DC7 [13281] 1481536516.330587: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [13281] 1481536516.330651: Encoding request body and padata into FAST request [13281] 1481536516.330703: Sending request (940 bytes) to REDHAT.COM [13281] 1481536516.330789: Resolving hostname kerberos.brq.redhat.com [13281] 1481536516.365091: Sending initial UDP request to dgram 10.38.1.11:88 [13281] 1481536516.400181: Received answer (465 bytes) from dgram 10.38.1.11:88 [13281] 1481536516.400245: Response was not from master KDC [13281] 1481536516.400276: Decoding FAST response [13281] 1481536516.400331: TGS request result: -1765328377/Server krbtgt/FEDORAPROJECT.ORG@REDHAT.COM not found in Kerberos database [13281] 1481536516.473026: Getting credentials jskarvad@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG using ccache KEYRING:persistent:1000:krb_ccache_VbLjcH2 [13281] 1481536516.473122: Retrieving jskarvad@FEDORAPROJECT.ORG -> host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG from KEYRING:persistent:1000:krb_ccache_VbLjcH2 with result: -1765328243/Matching credential not found [13281] 1481536516.473191: Retrieving jskarvad@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG from KEYRING:persistent:1000:krb_ccache_VbLjcH2 with result: 0/Success [13281] 1481536516.473200: Starting with TGT for client realm: jskarvad@FEDORAPROJECT.ORG -> krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG [13281] 1481536516.473207: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals on [13281] 1481536516.473223: Generated subkey for TGS request: aes256-cts/B853 [13281] 1481536516.473261: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [13281] 1481536516.473321: Encoding request body and padata into FAST request [13281] 1481536516.473375: Sending request (1020 bytes) to FEDORAPROJECT.ORG [13281] 1481536516.473466: Resolving hostname id.fedoraproject.org [13281] 1481536516.938684: TLS certificate name matched "id.fedoraproject.org" [13281] 1481536517.141975: Sending HTTPS request to https 67.203.2.67:443 [13281] 1481536517.448871: Received answer (521 bytes) from https 67.203.2.67:443 [13281] 1481536517.448886: Terminating TCP connection to https 67.203.2.67:443 [13281] 1481536517.450296: Response was not from master KDC [13281] 1481536517.450345: Decoding FAST response [13281] 1481536517.450386: TGS request result: -1765328370/KDC has no support for encryption type [13281] 1481536517.450393: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off [13281] 1481536517.450412: Generated subkey for TGS request: aes256-cts/F13F [13281] 1481536517.450448: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 [13281] 1481536517.450504: Encoding request body and padata into FAST request [13281] 1481536517.450900: Sending request (1020 bytes) to FEDORAPROJECT.ORG [13281] 1481536517.450921: Resolving hostname id.fedoraproject.org [13281] 1481536517.859773: TLS certificate name matched "id.fedoraproject.org" [13281] 1481536518.166684: Sending HTTPS request to https 209.132.181.16:443 [13281] 1481536518.370462: Received answer (521 bytes) from https 209.132.181.16:443 [13281] 1481536518.370476: Terminating TCP connection to https 209.132.181.16:443 [13281] 1481536518.371741: Response was not from master KDC [13281] 1481536518.371778: Decoding FAST response [13281] 1481536518.371829: TGS request result: -1765328370/KDC has no support for encryption type Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type') Traceback (most recent call last): File "/usr/bin/fedpkg", line 16, in <module> main() File "/usr/lib/python2.7/site-packages/fedpkg/main.py", line 77, in main sys.exit(client.args.command()) File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 1298, in scratch_build return self.build() File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 976, in build self.cmd.koji_upload(self.args.srpm, uniquepath, callback=callback) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 2068, in koji_upload if not self.kojisession: File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 216, in kojisession self.load_kojisession() File "/usr/lib/python2.7/site-packages/fedpkg/init.py", line 314, in load_kojisession return super(Commands, self).load_kojisession(anon) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 378, in load_kojisession self.login_koji_session(koji_config, self._kojisession) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 345, in login_koji_session session.krb_login(proxyuser=self.runas) File "/usr/lib/python2.7/site-packages/koji/init.py", line 2087, in krb_login options=krbV.AP_OPTS_MUTUAL_REQUIRED) krbV.Krb5Error: (-1765328370, 'KDC has no support for encryption type')
As dgilmore pointed out
<dgilmore> cqi: make sure https://pagure.io/rpkg/pull-request/171 is applied
That patch is committed after rpkg-1.47-3. I'm preparing environment to test it. I'll make a new package of rpkg.
rpkg-1.47-3
As dgilmore pointed out <dgilmore> cqi: make sure https://pagure.io/rpkg/pull-request/171 is applied That patch is committed after rpkg-1.47-3. I'm preparing environment to test it. I'll make a new package of rpkg.
No, it doesn't work for me: $ fedpkg -dv scratch-build Creating repo object from /home/yarda/git-fedora/grep/master Initiating a koji session to https://koji.fedoraproject.org/kojihub Could not execute scratch_build: 'krb_rdns' Traceback (most recent call last): File "/usr/bin/fedpkg", line 16, in <module> main() File "/usr/lib/python2.7/site-packages/fedpkg/main.py", line 77, in main sys.exit(client.args.command()) File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 1298, in scratch_build return self.build() File "/usr/lib/python2.7/site-packages/pyrpkg/cli.py", line 988, in build sets, nvr_check) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 1878, in build build_target = self.kojisession.getBuildTarget(self.target) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 216, in kojisession self.load_kojisession() File "/usr/lib/python2.7/site-packages/fedpkg/init.py", line 314, in load_kojisession return super(Commands, self).load_kojisession(anon) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 366, in load_kojisession session_opts = self.create_koji_session_opts(koji_config) File "/usr/lib/python2.7/site-packages/pyrpkg/init.py", line 312, in create_koji_session_opts if koji_config[name] is not None: KeyError: 'krb_rdns'
@jskarvad can you try koji build --scratch f26 $(fedpkg giturl)
also please make sure that you do not have a /etc/kojid.conf.rpmnew file
That KeyError sounds like the PR https://pagure.io/rpkg/pull-request/171 no?
This seems to work (without the patch applied).
so you are hitting bugs in fedpkg or rpkg, what versions are installed?
$ ls /etc/kojid.conf.rpmnew file ls: cannot access '/etc/kojid.conf.rpmnew': No such file or directory
$ ls /etc/koji.conf.rpmnew file ls: cannot access '/etc/koji.conf.rpmnew': No such file or directory
$ ls /etc/koji.conf.d arm-config brewtest.conf rpmfusion.conf s390-config brewkoji.conf ppc-config stg-config
fedpkg-1.26-2.fc24.noarch rpkg-1.47-3.fc24.noarch pyrpkg-1.47-3.fc24.noarch
I got the error after manually applying the PR onto pyrpkg-1.47-3.fc24.noarch
Any idea what could be wrong?
I tried to upgrade/downgrade openssl, but it doesn't help, currently I have: openssl-1.0.2j-1.fc24.x86_64 openssl-libs-1.0.2j-1.fc24.x86_64
@jskarvad
With https://pagure.io/rpkg/pull-request/171, I succeeded to do scratch-build. Next, I'll make new rpkg and fedpkg, then please try it again.
You need either rpkg PR #171 or koji-1.11.0.
If you see "[21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org@FEDORAPROJECT.ORG, referrals off", (key part being "proxy10"), that means the krb_rdns setting did not take effect.
You need either rpkg PR #171 or koji-1.11.0. If you see "[21323] 1481532404.229903: Requesting tickets for host/proxy10.fedoraproject.org @FEDORAPROJECT.ORG, referrals off", (key part being "proxy10"), that means the krb_rdns setting did not take effect.
Neither resolves the problem for me: $ fedpkg scratch-build Could not execute scratch_build: (-1765328370, 'KDC has no support for encryption type')
You have a broken krb5.conf. https://github.com/puiterwijk/KrbDebug/blob/master/KrbDebug will tell you what needs to be done to fix it.
Uh?
test_01_installed (main.TestKerberos) ... ok test_02_using_collection (main.TestKerberos) ... ok test_03_configuration (main.TestKerberos) ... ok test_04_kinit (main.TestKerberos) ... ok
Ran 4 tests in 1.606s
OK
I have default config, plus our redhat krb config.
Fixed by: https://koji.fedoraproject.org/koji/buildinfo?buildID=824823
Can this issue be closed? Its unclear if the initial issue and the later one(s) were the same...
Well, I'm still hitting it, and I don't see the build from jskarvad available yet. So I'd say no :)
ETA: Manually applied pyrpkg-1.47-4.fc24.noarch.rpm and the error "KDC has no support for encryption type" no longer appears and I am able to start a scratch build. So if someone could do an update for it I'll add karma.
@kevin This issue can be closed. New builds of rpkg and fedpkg are already in bodhi process now.
Thanks.
:aquarius:
@kevin changed the status to Closed
Closed
Login to comment on this ticket.