Gentoo Archives: gentoo-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-dev@l.g.o
Cc: "Michał Górny" <mgorny@g.o>, phajdan.jr@g.o
Subject: Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
Date: Sun, 23 Jun 2013 21:06:32
Message-Id: 51C7634F.6000900@gentoo.org
In Reply to: Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error by "Michał Górny"
1 On 06/23/2013 01:19 AM, Michał Górny wrote:
2 > Dnia 2013-06-22, o godz. 17:02:56
3 > ""Paweł Hajdan, Jr."" <phajdan.jr@g.o> napisał(a):
4 >
5 >> On 6/20/13 2:16 AM, Michał Górny wrote:
6 >>> Doing test signatures won't cover all failures.
7 >>
8 >> Do you know an example? The only one I'm aware of is when a test
9 >> signature is made very close to the expiration date, and then the real
10 >> signature would be done after it.
11 >
12 > Well, Michael explained one in the other branch of this thread quite
13 > thoroughly. Other than that, there can be random runtime errors
14 > and race conditions.
15 >
16 > I'd say it's as good as using stat() to check whether a file exists
17 > before opening it. But thinking of it, I've got another idea...
18 >
19 > How about opening 'gpg -s' in a subprocess before first commit
20 > and feeding the Manifest afterwards? As far as I can see, gpg asks for
21 > the password instantly, so likely most of the bases will be covered
22 > already, and we're be doing a single signature only.
23
24 The only problem I see is that repoman will have no way of knowing when
25 you have finished typing the pass phrase (if not using gpg-agent). So,
26 there may be some mixing of repoman and gpg/pinentry output in the terminal.
27 --
28 Thanks,
29 Zac