public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
@ 2013-06-20  2:59 "Paweł Hajdan, Jr."
  2013-06-20  3:25 ` Zac Medico
  2013-06-20  9:16 ` Michał Górny
  0 siblings, 2 replies; 8+ messages in thread
From: "Paweł Hajdan, Jr." @ 2013-06-20  2:59 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 977 bytes --]

Today an interesting thing happened to my repoman, as I was committing a
change:

>>> Creating Manifest for /home/ph/gentoo-x86/dev-lang/v8
gpg: no default secret key: Unusable secret key
gpg: /home/ph/gentoo-x86/dev-lang/v8/Manifest: clearsign failed:
Unusable secret key
!!! !!! gpg exited with '2' status
!!! Disabled FEATURES='sign'
/var/cvsroot/gentoo-x86/dev-lang/v8/Manifest,v  <--  Manifest
new revision: 1.321; previous revision: 1.320

Indeed my private key on that machine was expired:

pub   1024D/30427902 2009-08-05 [expired: 2013-06-10]

But after refreshing it (I have extended the expiration date) it is fine:

pub   1024D/30427902 2009-08-05 [expires: 2014-02-10]

I was surprised by repoman just dropping FEATURES="sign" . I'm aware
that at that time it has to commit an updated Manifest to prevent
breakages, so if gpg fails it proceeds, but is there something it could
do to check gpg sanity before committing anything?

Paweł


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-20  2:59 [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error "Paweł Hajdan, Jr."
@ 2013-06-20  3:25 ` Zac Medico
  2013-06-20  3:27   ` Zac Medico
  2013-06-20  9:16 ` Michał Górny
  1 sibling, 1 reply; 8+ messages in thread
From: Zac Medico @ 2013-06-20  3:25 UTC (permalink / raw
  To: gentoo-dev

On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote:
> I was surprised by repoman just dropping FEATURES="sign" . I'm aware
> that at that time it has to commit an updated Manifest to prevent
> breakages, so if gpg fails it proceeds, but is there something it could
> do to check gpg sanity before committing anything?

It seems the simplest way to go would be to do a test signature before
commit, as suggested here:

https://bugs.gentoo.org/show_bug.cgi?id=298605

Is it okay to assume that everyone uses gpg-agent, so they won't have to
enter the passphrase more than once?
-- 
Thanks,
Zac


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-20  3:25 ` Zac Medico
@ 2013-06-20  3:27   ` Zac Medico
  2013-06-20  6:39     ` Michael Weber
  0 siblings, 1 reply; 8+ messages in thread
From: Zac Medico @ 2013-06-20  3:27 UTC (permalink / raw
  To: gentoo-dev

On 06/19/2013 08:25 PM, Zac Medico wrote:
> On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote:
>> I was surprised by repoman just dropping FEATURES="sign" . I'm aware
>> that at that time it has to commit an updated Manifest to prevent
>> breakages, so if gpg fails it proceeds, but is there something it could
>> do to check gpg sanity before committing anything?
> 
> It seems the simplest way to go would be to do a test signature before
> commit, as suggested here:
> 
> https://bugs.gentoo.org/show_bug.cgi?id=298605
> 
> Is it okay to assume that everyone uses gpg-agent, so they won't have to
> enter the passphrase more than once?

Or, we could skip the test signature if the GPG_AGENT_INFO variable is
not set?
-- 
Thanks,
Zac


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-20  3:27   ` Zac Medico
@ 2013-06-20  6:39     ` Michael Weber
  0 siblings, 0 replies; 8+ messages in thread
From: Michael Weber @ 2013-06-20  6:39 UTC (permalink / raw
  To: gentoo-dev

On 06/20/2013 05:27 AM, Zac Medico wrote:
> On 06/19/2013 08:25 PM, Zac Medico wrote:
>> On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote:
>>> I was surprised by repoman just dropping FEATURES="sign" . I'm aware
>>> that at that time it has to commit an updated Manifest to prevent
>>> breakages, so if gpg fails it proceeds, but is there something it could
>>> do to check gpg sanity before committing anything?
Failing at the password prompt (two chances on regular pinentry) also
results in this behaviour.

>> It seems the simplest way to go would be to do a test signature before
>> commit, as suggested here:
>>
>> https://bugs.gentoo.org/show_bug.cgi?id=298605
>>
>> Is it okay to assume that everyone uses gpg-agent, so they won't have to
>> enter the passphrase more than once?
I have a remote (ssh) test-box to work on the tree, I don't want to
cache my decrypted key there.
Having the crypted version there is bad enough, but GPG_AGENT protocol
only exchanges passwords (unlike SSH_AGENT). GPG_AGENT forwarding over
SSH can be done with a general unix domain socket forwading hack [1].

> Or, we could skip the test signature if the GPG_AGENT_INFO variable is
> not set?
It's a clue, but the key-cache can be expired and a bad password entry
can still result in failure.

[1] http://25thandclement.com/~william/projects/streamlocal.html


-- 
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber <xmw@gentoo.org>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-20  2:59 [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error "Paweł Hajdan, Jr."
  2013-06-20  3:25 ` Zac Medico
@ 2013-06-20  9:16 ` Michał Górny
  2013-06-23  0:02   ` "Paweł Hajdan, Jr."
  1 sibling, 1 reply; 8+ messages in thread
From: Michał Górny @ 2013-06-20  9:16 UTC (permalink / raw
  To: gentoo-dev; +Cc: phajdan.jr

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

Dnia 2013-06-19, o godz. 19:59:08
""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> napisał(a):

> I was surprised by repoman just dropping FEATURES="sign" . I'm aware
> that at that time it has to commit an updated Manifest to prevent
> breakages, so if gpg fails it proceeds, but is there something it could
> do to check gpg sanity before committing anything?

I'm pretty sure this was discussed already, either here or on bugzie.
Doing test signatures won't cover all failures.

IMHO the best thing to do would be to drop CVS keywords and let repoman
do normal commits instead of this two-step thing. But some of the devs
really prefer to keep them, at least until we migrate to git and have
better ways of e.g. checking the file version.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 966 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-20  9:16 ` Michał Górny
@ 2013-06-23  0:02   ` "Paweł Hajdan, Jr."
  2013-06-23  8:19     ` Michał Górny
  0 siblings, 1 reply; 8+ messages in thread
From: "Paweł Hajdan, Jr." @ 2013-06-23  0:02 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 699 bytes --]

On 6/20/13 2:16 AM, Michał Górny wrote:
> Doing test signatures won't cover all failures.

Do you know an example? The only one I'm aware of is when a test
signature is made very close to the expiration date, and then the real
signature would be done after it.

> IMHO the best thing to do would be to drop CVS keywords and let repoman
> do normal commits instead of this two-step thing. But some of the devs
> really prefer to keep them, at least until we migrate to git and have
> better ways of e.g. checking the file version.

Right, I found that it's used at least for prefix.

I'm fine with waiting until git migration - looks like that would solve
it naturally.

Paweł


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-23  0:02   ` "Paweł Hajdan, Jr."
@ 2013-06-23  8:19     ` Michał Górny
  2013-06-23 21:06       ` Zac Medico
  0 siblings, 1 reply; 8+ messages in thread
From: Michał Górny @ 2013-06-23  8:19 UTC (permalink / raw
  To: gentoo-dev; +Cc: phajdan.jr

[-- Attachment #1: Type: text/plain, Size: 973 bytes --]

Dnia 2013-06-22, o godz. 17:02:56
""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> napisał(a):

> On 6/20/13 2:16 AM, Michał Górny wrote:
> > Doing test signatures won't cover all failures.
> 
> Do you know an example? The only one I'm aware of is when a test
> signature is made very close to the expiration date, and then the real
> signature would be done after it.

Well, Michael explained one in the other branch of this thread quite
thoroughly. Other than that, there can be random runtime errors
and race conditions.

I'd say it's as good as using stat() to check whether a file exists
before opening it. But thinking of it, I've got another idea...

How about opening 'gpg -s' in a subprocess before first commit
and feeding the Manifest afterwards? As far as I can see, gpg asks for
the password instantly, so likely most of the bases will be covered
already, and we're be doing a single signature only.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 966 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
  2013-06-23  8:19     ` Michał Górny
@ 2013-06-23 21:06       ` Zac Medico
  0 siblings, 0 replies; 8+ messages in thread
From: Zac Medico @ 2013-06-23 21:06 UTC (permalink / raw
  To: gentoo-dev; +Cc: Michał Górny, phajdan.jr

On 06/23/2013 01:19 AM, Michał Górny wrote:
> Dnia 2013-06-22, o godz. 17:02:56
> ""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> napisał(a):
> 
>> On 6/20/13 2:16 AM, Michał Górny wrote:
>>> Doing test signatures won't cover all failures.
>>
>> Do you know an example? The only one I'm aware of is when a test
>> signature is made very close to the expiration date, and then the real
>> signature would be done after it.
> 
> Well, Michael explained one in the other branch of this thread quite
> thoroughly. Other than that, there can be random runtime errors
> and race conditions.
> 
> I'd say it's as good as using stat() to check whether a file exists
> before opening it. But thinking of it, I've got another idea...
> 
> How about opening 'gpg -s' in a subprocess before first commit
> and feeding the Manifest afterwards? As far as I can see, gpg asks for
> the password instantly, so likely most of the bases will be covered
> already, and we're be doing a single signature only.

The only problem I see is that repoman will have no way of knowing when
you have finished typing the pass phrase (if not using gpg-agent). So,
there may be some mixing of repoman and gpg/pinentry output in the terminal.
-- 
Thanks,
Zac


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2013-06-23 21:06 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-20  2:59 [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error "Paweł Hajdan, Jr."
2013-06-20  3:25 ` Zac Medico
2013-06-20  3:27   ` Zac Medico
2013-06-20  6:39     ` Michael Weber
2013-06-20  9:16 ` Michał Górny
2013-06-23  0:02   ` "Paweł Hajdan, Jr."
2013-06-23  8:19     ` Michał Górny
2013-06-23 21:06       ` Zac Medico

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox