[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: Re: [gentoo-dev] repoman commit unexpectedly drops FEATURES="sign" on error
From: Zac Medico <zmedico () gentoo ! org>
Date: 2013-06-23 21:06:23
Message-ID: 51C7634F.6000900 () gentoo ! org
[Download RAW message or body]
On 06/23/2013 01:19 AM, Michał Górny wrote:
> Dnia 2013-06-22, o godz. 17:02:56
> ""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> napisał(a):
>
>> On 6/20/13 2:16 AM, Michał Górny wrote:
>>> Doing test signatures won't cover all failures.
>>
>> Do you know an example? The only one I'm aware of is when a test
>> signature is made very close to the expiration date, and then the real
>> signature would be done after it.
>
> Well, Michael explained one in the other branch of this thread quite
> thoroughly. Other than that, there can be random runtime errors
> and race conditions.
>
> I'd say it's as good as using stat() to check whether a file exists
> before opening it. But thinking of it, I've got another idea...
>
> How about opening 'gpg -s' in a subprocess before first commit
> and feeding the Manifest afterwards? As far as I can see, gpg asks for
> the password instantly, so likely most of the bases will be covered
> already, and we're be doing a single signature only.
The only problem I see is that repoman will have no way of knowing when
you have finished typing the pass phrase (if not using gpg-agent). So,
there may be some mixing of repoman and gpg/pinentry output in the terminal.
--
Thanks,
Zac
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic