From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7A8CD1381F3 for ; Sun, 23 Jun 2013 08:18:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 95465E09B2; Sun, 23 Jun 2013 08:18:37 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2803EE0998 for ; Sun, 23 Jun 2013 08:18:36 +0000 (UTC) Received: from localhost (static-81-219-167-27.devs.futuro.pl [81.219.167.27]) (using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 507D033E3CC; Sun, 23 Jun 2013 08:18:34 +0000 (UTC) Date: Sun, 23 Jun 2013 10:19:38 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: phajdan.jr@gentoo.org Subject: Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error Message-ID: <20130623101938.63f2fe7d@gentoo.org> In-Reply-To: <51C63B30.7030002@gentoo.org> References: <51C26FFC.1090000@gentoo.org> <20130620111646.4ecb37d4@gentoo.org> <51C63B30.7030002@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.9.1 (GTK+ 2.24.19; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA512; boundary="Sig_/A+eX1Gu2nDSIigXP_cQ.4S6"; protocol="application/pgp-signature" X-Archives-Salt: e2d5c564-16f9-42e8-a528-3100fb3642bb X-Archives-Hash: b4e000250fece7d45e603e5f12df41b0 --Sig_/A+eX1Gu2nDSIigXP_cQ.4S6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Dnia 2013-06-22, o godz. 17:02:56 ""Pawe=C5=82 Hajdan, Jr."" napisa=C5=82(a): > On 6/20/13 2:16 AM, Micha=C5=82 G=C3=B3rny wrote: > > Doing test signatures won't cover all failures. >=20 > Do you know an example? The only one I'm aware of is when a test > signature is made very close to the expiration date, and then the real > signature would be done after it. Well, Michael explained one in the other branch of this thread quite thoroughly. Other than that, there can be random runtime errors and race conditions. I'd say it's as good as using stat() to check whether a file exists before opening it. But thinking of it, I've got another idea... How about opening 'gpg -s' in a subprocess before first commit and feeding the Manifest afterwards? As far as I can see, gpg asks for the password instantly, so likely most of the bases will be covered already, and we're be doing a single signature only. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/A+eX1Gu2nDSIigXP_cQ.4S6 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQJ8BAEBCgBmBQJRxq+dXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1RUJGMjBGOTk2RkIzQzIyQ0M2RkNBNDBC QUJGMUQ1RkY4QzgxMTBBAAoJELq/HV/4yBEK8hsQAKwseJKomuAB7LFqDTS5pJw+ fVaD5fM2xtp4SiSiFUD14BmF+Sys/qqmgXmEt8AfAlQMyPg5DrfSQ2QA0iX4YC5H vhvYN3N0FgLLwNGIWrjYGUPyU5u5K2CR1bJ4PTxAvuvRacajfM/tLcM3lAmodTzJ oCLvAwScNJw9AW72sbdlep11qzLJZ5QOg1tXGYI+AHzbfd89KJgAZaGb3d/HJ4RO gddjvSN18ENWi2Z8RWsHhxAe6y6dtvupG8z95EoTxb5bNgAjftU9fw+dPBPdSYe6 ih5y13WeKHt031e0L9kSanNh4mSyXAtsuqVPyq70hRTrkuhvQcom3UHaQQPevjPX KW43RyeSc4PFWc/LcUHb2k+VleYdB0ChwwQ4gGuLBTgBzYJVW4NIhMPea9lp+DK9 MwnAcgSI0qN0W+gF8H6vkSPC+ylZV4WBAUq1anJWuiIaYmZNxV0ZamLnTeQ6dTPu jUfG7DwWkdEaaf0bC82+97kwXcZ3UyTNrg/qqqg6KCzVn2ihZR2qU66fJOyk2XUb TJm5Yih8/R04R928O7YviywsN6WWmnFdYVvW8dmYX/vyomct1TA4vUIg86B+7Osl PuU76qN6N+Ltnz+wqhyNUet4uWZuNxZw+CYZRLdhlaEDYvj/rGuQtpojgIa8eyYk 98ESNRApVEdS3lckU+Yc =GAoY -----END PGP SIGNATURE----- --Sig_/A+eX1Gu2nDSIigXP_cQ.4S6--