I'm attempting to tally the MCDC global election, which is encrypted. However, neither the dump link on votewiki nor the extensions/SecurePoll/cli/dump.php script outputs with any keys at all (private signing nor public encryption), so I haven't been able to use extensions/SecurePoll/cli/tally.php - it instead throws the error:
Tally error: Error executing GPG.
Use $wgSecurePollShowErrorDetail=true; in LocalSettings.php to show more detail.
The tally issue might be something else, but without the keys you have to kind of Frankenstein it back into something tallyable, which I don't think is the intended solution :)
What command (and parameters) are you running dump.php with?
After rESPO497ad380523d: Filter encryption keys out of public dumps, it would look like you need to run it with --private...
Ah, same error with --private so it's not the key issue that's causing the problem.
I'm running
mwscript extensions/SecurePoll/cli/dump.php --wiki=votewiki "Movement Charter Drafting Committee elections 2021" --private --votes > MCDC2021votes3.xml
followed by
mwscript extensions/SecurePoll/cli/tally.php --wiki=votewiki MCDC2021votes3.xml
Change 735060 had a related patch set uploaded (by Reedy; author: Reedy):
[operations/mediawiki-config@master] Set $wgSecurePollShowErrorDetail on mwmaint1002
Change 735060 merged by jenkins-bot:
[operations/mediawiki-config@master] Set $wgSecurePollShowErrorDetail on mwmaint1002
Mentioned in SAL (#wikimedia-operations) [2021-10-27T20:51:36Z] <reedy@deploy1002> Synchronized wmf-config/CommonSettings.php: T294489 (duration: 01m 59s)
Thanks for that @Reedy! The full error now reads (translated from Farsi):
Tally error: Error executing GPG: Command: #Command: 'gpg1' '--homedir' '/tmp/securepoll-777d73263db3902acca2ea7f759a25ec601c5345' '--trust-model' 'always' '--batch' '--yes' '--import' '/tmp/securepoll-777d73263db3902acca2ea7f759a25ec601c5345/key' Error: <pre>execvp: Permission denied </pre>
reedy@mwmaint1002:~$ mwscript extensions/SecurePoll/cli/tally.php --wiki=votewiki MCDC2021votes3.xml Tally error: خطا در اجرای جیپیجی: فرمان: #Command: 'gpg1' '--homedir' '/tmp/securepoll-806b9a80c6ed11648b4556662ea24f90e60ade00' '--trust-model' 'always' '--batch' '--yes' '--import' '/tmp/securepoll-806b9a80c6ed11648b4556662ea24f90e60ade00/key' خطا: <pre>execvp: Permission denied </pre>
And making that a bit more human readable..
'gpg1' '--homedir' '/tmp/securepoll-806b9a80c6ed11648b4556662ea24f90e60ade00' '--trust-model' 'always' '--batch' '--yes' '--import' '/tmp/securepoll-806b9a80c6ed11648b4556662ea24f90e60ade00/key'
Change 735062 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/extensions/SecurePoll@master] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
The presumably failed shell commands looked like:
2021-10-27 19:37:03 [0706e1297579ae60ff70b116] mwmaint1002 votewiki 1.38.0-wmf.6 exec INFO: Executing: /bin/bash '/srv/mediawiki/php-1.38.0-wmf.6/vendor/wikimedia/shellbox/src/Command/limit.sh' ''\''/usr/bin/firejail'\'' '\''--quiet'\'' '\''--profile=/srv/mediawiki/php-1.38.0-wmf.6/includes/shell/firejail.profile'\'' -- '\''gpg1'\'' '\''--homedir'\'' '\''/tmp/securepoll-71b6e2b71df3a7b03480e37287c76149443128af'\'' '\''--trust-model'\'' '\''always'\'' '\''--batch'\'' '\''--yes'\'' '\''--import'\'' '\''/tmp/securepoll-71b6e2b71df3a7b03480e37287c76149443128af/key'\''' 'SB_INCLUDE_STDERR=1;SB_CPU_LIMIT=50; SB_CGROUP='\''/sys/fs/cgroup/memory/mediawiki/job'\''; SB_MEM_LIMIT=1073741824; SB_FILE_SIZE_LIMIT=536870912; SB_WALL_CLOCK_LIMIT=180; SB_USE_LOG_PIPE=yes' 2>&1
Notably, the seccomp filter is not activated, so we should not be blocking the execvp syscall.
Since disabling firejail fixed it, I suspect something in core's firejail.profile or /etc/firejail/mediawiki.local in puppet is blocking access to a resource gpg wants/needs. Why this only just started failing I don't have a good answer for.
Change 734918 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/extensions/SecurePoll@wmf/1.38.0-wmf.6] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
Change 734918 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@wmf/1.38.0-wmf.6] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
Mentioned in SAL (#wikimedia-operations) [2021-10-27T22:06:42Z] <reedy@deploy1002> Synchronized php-1.38.0-wmf.6/extensions/SecurePoll/includes/Crypt/GpgCrypt.php: T294489 (duration: 01m 15s)
I'm not going to revert this one, it doesn't seem unreasonable to leave $wgSecurePollShowErrorDetail on mwmaint1002.
Patch deployed to .8. Probably merging into master (before the next train) so it keeps working, especially as T292685: Carry out the 2021 fawiki elections on votewiki will be tally-ing in ~2 weeks.
Leaving the task open due to
If we want to fork that into a new task, that's fine too, and then close this.
I think it would make more sense to put this in tally.php or have it vary on PHP_SAPI == "cli" instead of hardcoding a specific server's hostname. E.g. during switchover it should be mwmaint2002.
Change 735062 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@master] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
Change 736249 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/extensions/SecurePoll@wmf/1.38.0-wmf.7] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
Change 736249 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@wmf/1.38.0-wmf.7] Pass ->restrict( Shell::RESTRICT_NONE ) to GPG Shell Command
I've tallied a few polls since and they seem to tally OK. So this is probably resolvable?
WFM :)
We might want to change the debug command as per Lego... But that's not specific to this task