[Dev] [PATCHES] libretools
Luke T. Shumaker
lukeshu at sbcglobal.net
Mon Nov 4 17:58:47 GMT 2013
Hey, sorry, I've been meaning to look over these.
> When cycling through packages and signing them, the loop doesn't
> wait pinentry-curses to block the terminal and the output gets
> scrambled. By using gpg-agent to sign a bogus file the passphrase
> gets cached and the signing loop succeeds.
> @@ -82,6 +82,10 @@ create_signature() {
> sign_packages() {
> if [ -z "${GPG_AGENT_INFO}" ]; then
> warning "It's better to use gpg-agent to sign packages in batches"
> + else
> + # Cache the passphrase by signing a bogus file
> + touch /tmp/h
> + create_signature "/tmp/h" && rm -f /tmp/h.gpg
> fi
>
> for package in $(find "${WORKDIR}/staging/" -type f -iname '*.pkg.tar.?z'); do
Like I've said before, I've been hesitant to merge your work-arounds,
because pinentry-curses works for me.
Anyway, I *think* I've tracked it down to an I/O redirection issue.
See if the version in git[^1] fixes it for you; if not, it should at least
fail more verbosely.
[^1]: Or, wait until I publish the next version; I think what's in git
right now is stable, but I have an exam tomorrow...
Also, instead of hardcoding this into librerelease, it can be
configured to run in HOOKPRERELEASE, which is the more appropriate
thing.
> sign_packages() {
> if [ -z "${GPG_AGENT_INFO}" ]; then
> - warning "It's better to use gpg-agent to sign packages in batches"
> + # Run the gpg-agent if it wasn't running
> + msg "$(gettext "Starting gpg-agent...")"
> + eval $(gpg-agent --daemon)
Two things here:
The call to gettext is superfluous; libremessages will do that for
you. I was about to refer you to libremessages(1), but I looked at it
myself, and it doesn't mention that gettext is used by the
notification routines. This has been clarified in git.
Secondly, more importantly, I think the warning is the better option.
I don't think that starting a daemon on the user's box without warning
is a suitable thing to do, expecially since after librerelease exits,
the daemon will still be running, but the user will have no way of
finding out $GPG_AGENT_INFO to communicate with it. I know that it's
better to do the right thing right away, instead of leaving it to the
user, but this is a situation where I think it's better to say "hey,
user, run `gpg-agent --daemon`!". Perhaps the warning message should
be clarified to say `gpg-agent --daemon` instead of just `gpg-agent`.
Happy hacking,
~ Luke Shumaker
More information about the Dev
mailing list