[Dev] [PATCHES] libretools

Luke T. Shumaker lukeshu at sbcglobal.net
Mon Nov 4 17:58:47 GMT 2013 

Hey, sorry, I've been meaning to look over these.

> When cycling through packages and signing them, the loop doesn't
> wait pinentry-curses to block the terminal and the output gets
> scrambled.  By using gpg-agent to sign a bogus file the passphrase
> gets cached and the signing loop succeeds.

> @@ -82,6 +82,10 @@ create_signature() {
>  sign_packages() {
>  	if [ -z "${GPG_AGENT_INFO}" ]; then
>  		warning "It's better to use gpg-agent to sign packages in batches"
> +	else
> +		# Cache the passphrase by signing a bogus file
> +		touch /tmp/h
> +		create_signature "/tmp/h" && rm -f /tmp/h.gpg
>  	fi
>  
>  	for package in $(find "${WORKDIR}/staging/" -type f -iname '*.pkg.tar.?z'); do

Like I've said before, I've been hesitant to merge your work-arounds,
because pinentry-curses works for me.

Anyway, I *think* I've tracked it down to an I/O redirection issue.
See if the version in git[^1] fixes it for you; if not, it should at least
fail more verbosely.

[^1]: Or, wait until I publish the next version; I think what's in git
right now is stable, but I have an exam tomorrow...

Also, instead of hardcoding this into librerelease, it can be
configured to run in HOOKPRERELEASE, which is the more appropriate
thing.

>  sign_packages() {
>  	if [ -z "${GPG_AGENT_INFO}" ]; then
> -		warning "It's better to use gpg-agent to sign packages in batches"
> +		# Run the gpg-agent if it wasn't running
> +		msg "$(gettext "Starting gpg-agent...")"
> +		eval $(gpg-agent --daemon)

Two things here:

The call to gettext is superfluous; libremessages will do that for
you.  I was about to refer you to libremessages(1), but I looked at it
myself, and it doesn't mention that gettext is used by the
notification routines.  This has been clarified in git.

Secondly, more importantly, I think the warning is the better option.
I don't think that starting a daemon on the user's box without warning
is a suitable thing to do, expecially since after librerelease exits,
the daemon will still be running, but the user will have no way of
finding out $GPG_AGENT_INFO to communicate with it.  I know that it's
better to do the right thing right away, instead of leaving it to the
user, but this is a situation where I think it's better to say "hey,
user, run `gpg-agent --daemon`!".  Perhaps the warning message should
be clarified to say `gpg-agent --daemon` instead of just `gpg-agent`.

Happy hacking,
~ Luke Shumaker

More information about the Dev mailing list