Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Shawn O. Pearce <spearce@...>

Cc: Junio C Hamano <gitster@...>, <git@...>

Subject: Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags

Date: Saturday, September 8, 2007 - 1:41 am

2007/9/7, Shawn O. Pearce <spearce@spearce.org>:
quoted text> Junio C Hamano <gitster@pobox.com> wrote:
> > "Shawn O. Pearce" <spearce@spearce.org> writes:
> >
> > > "Shawn O. Pearce" <spearce@spearce.org> wrote:
> > >> If the user has misconfigured `user.signingkey` in their .git/config
> > >> or just doesn't have any secret keys on their keyring and they ask
> > >> for a signed tag with `git tag -s` we better make sure the resulting
> > >> tag was actually signed by gpg.
> >
> > This seems to fail the test depending on the order processes
> > happen to be scheduled.  I haven't looked at it closely yet.
>
> That's not good.  I noticed stepping through the code last night
> that if gpg is misconfigured (e.g. set a bad user.signingkey in
> .git/config) it will terminate and send SIGPIPE to git-tag, which
> makes it terminate.

I haven't tested it enough, but now I know that the program is terminated
in write_or_die(gpg.in, buffer, size), and it is passing the test or not
depending on the system, because I added some code before the test
and then it worked for me and if I remove that test, it is failing again.
These messages are printed:
   gpg: skipped "BobTheMouse": secret key not available
   gpg: signing failed: secret key not available
Just after start_command and before write_in_full.

Possibly the reason is that code in write_in_full() that makes exit(0)
without a warning when EPIPE is returned, or possibly is write()
in xwrite(), that dies directly when EPIPE is received like it was for
builtin-verify-tag.c. Catching the signal EPIPE doesn't worked for me,
so I will do some checks more to trace the code more exactly
in my system.

quoted text> All my change did was implement proper error handling.  So if you
> are seeing failures now then we probably have a problem with the
> code without my patch too...

The test seems to fail also without your patch, as you say.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 2/2] git-tag -s must fail if gpg is broken and cannot..., Shawn O. Pearce, (Thu Sep 6, 12:21 am)

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and ca..., Shawn O. Pearce, (Thu Sep 6, 12:26 am)

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and ca..., Junio C Hamano, (Thu Sep 6, 2:20 am)

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and ca..., Shawn O. Pearce, (Fri Sep 7, 12:58 am)

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and ca..., Carlos Rica, (Sat Sep 8, 1:41 am)


linux-kernel:
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Linus Torvalds	Linux 2.6.25-rc4
Jon Smirl	Re: 463 kernel developers missing!
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Jarek Poplawski	Re: HTB accuracy for high speed
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags

Online users