From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 58FF01381F3 for ; Sun, 23 Jun 2013 21:06:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BEF9DE09DD; Sun, 23 Jun 2013 21:06:26 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DCE06E096C for ; Sun, 23 Jun 2013 21:06:25 +0000 (UTC) Received: from [192.168.26.7] (ip98-164-195-43.oc.oc.cox.net [98.164.195.43]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id F248C33E260; Sun, 23 Jun 2013 21:06:24 +0000 (UTC) Message-ID: <51C7634F.6000900@gentoo.org> Date: Sun, 23 Jun 2013 14:06:23 -0700 From: Zac Medico User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org CC: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= , phajdan.jr@gentoo.org Subject: Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error References: <51C26FFC.1090000@gentoo.org> <20130620111646.4ecb37d4@gentoo.org> <51C63B30.7030002@gentoo.org> <20130623101938.63f2fe7d@gentoo.org> In-Reply-To: <20130623101938.63f2fe7d@gentoo.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: c13904c5-b38c-4eee-aebc-d58462b663db X-Archives-Hash: 4abc28e4ba305c70d33aa0b7da4e8c1a On 06/23/2013 01:19 AM, Michał Górny wrote: > Dnia 2013-06-22, o godz. 17:02:56 > ""Paweł Hajdan, Jr."" napisał(a): > >> On 6/20/13 2:16 AM, Michał Górny wrote: >>> Doing test signatures won't cover all failures. >> >> Do you know an example? The only one I'm aware of is when a test >> signature is made very close to the expiration date, and then the real >> signature would be done after it. > > Well, Michael explained one in the other branch of this thread quite > thoroughly. Other than that, there can be random runtime errors > and race conditions. > > I'd say it's as good as using stat() to check whether a file exists > before opening it. But thinking of it, I've got another idea... > > How about opening 'gpg -s' in a subprocess before first commit > and feeding the Manifest afterwards? As far as I can see, gpg asks for > the password instantly, so likely most of the bases will be covered > already, and we're be doing a single signature only. The only problem I see is that repoman will have no way of knowing when you have finished typing the pass phrase (if not using gpg-agent). So, there may be some mixing of repoman and gpg/pinentry output in the terminal. -- Thanks, Zac