Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags

Date: Sat, 8 Sep 2007 07:41:09 +0200
From: "Carlos Rica" <jasampler@xxxxxxxxx>
Subject: Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags

2007/9/7, Shawn O. Pearce <spearce@xxxxxxxxxxx>:
> Junio C Hamano <gitster@xxxxxxxxx> wrote:
> > "Shawn O. Pearce" <spearce@xxxxxxxxxxx> writes:
> >
> > > "Shawn O. Pearce" <spearce@xxxxxxxxxxx> wrote:
> > >> If the user has misconfigured `user.signingkey` in their .git/config
> > >> or just doesn't have any secret keys on their keyring and they ask
> > >> for a signed tag with `git tag -s` we better make sure the resulting
> > >> tag was actually signed by gpg.
> >
> > This seems to fail the test depending on the order processes
> > happen to be scheduled.  I haven't looked at it closely yet.
>
> That's not good.  I noticed stepping through the code last night
> that if gpg is misconfigured (e.g. set a bad user.signingkey in
> .git/config) it will terminate and send SIGPIPE to git-tag, which
> makes it terminate.

I haven't tested it enough, but now I know that the program is terminated
in write_or_die(gpg.in, buffer, size), and it is passing the test or not
depending on the system, because I added some code before the test
and then it worked for me and if I remove that test, it is failing again.
These messages are printed:
   gpg: skipped "BobTheMouse": secret key not available
   gpg: signing failed: secret key not available
Just after start_command and before write_in_full.

Possibly the reason is that code in write_in_full() that makes exit(0)
without a warning when EPIPE is returned, or possibly is write()
in xwrite(), that dies directly when EPIPE is received like it was for
builtin-verify-tag.c. Catching the signal EPIPE doesn't worked for me,
so I will do some checks more to trace the code more exactly
in my system.

> All my change did was implement proper error handling.  So if you
> are seeing failures now then we probably have a problem with the
> code without my patch too...

The test seems to fail also without your patch, as you say.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

References:
- [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags
  - From: Shawn O. Pearce
- Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags
  - From: Shawn O. Pearce
- Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags
  - From: Junio C Hamano
- Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags
  - From: Shawn O. Pearce

Prev by Date: Re: git-svn: Branching clarifications
Next by Date: Re: [RFC] Convert builin-mailinfo.c to use The Better String Library.
Previous by thread: Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags
Next by thread: [PATCH] Include a git-push example for creating a remote branch
Index(es):
- Date
- Thread

lists-archives.org

Re: [PATCH 2/2] git-tag -s must fail if gpg is broken and cannot sign tags