On 06/20/2013 05:27 AM, Zac Medico wrote: > On 06/19/2013 08:25 PM, Zac Medico wrote: >> On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote: >>> I was surprised by repoman just dropping FEATURES="sign" . I'm aware >>> that at that time it has to commit an updated Manifest to prevent >>> breakages, so if gpg fails it proceeds, but is there something it could >>> do to check gpg sanity before committing anything? Failing at the password prompt (two chances on regular pinentry) also results in this behaviour.
>> It seems the simplest way to go would be to do a test signature before >> commit, as suggested here: >> >> https://bugs.gentoo.org/show_bug.cgi?id=298605 >> >> Is it okay to assume that everyone uses gpg-agent, so they won't have to >> enter the passphrase more than once? I have a remote (ssh) test-box to work on the tree, I don't want to cache my decrypted key there. Having the crypted version there is bad enough, but GPG_AGENT protocol only exchanges passwords (unlike SSH_AGENT). GPG_AGENT forwarding over SSH can be done with a general unix domain socket forwading hack [1]. > Or, we could skip the test signature if the GPG_AGENT_INFO variable is > not set? It's a clue, but the key-cache can be expired and a bad password entry can still result in failure. [1] http://25thandclement.com/~william/projects/streamlocal.html -- Michael Weber Gentoo Developer web: https://xmw.de/ mailto: Michael Weber <x...@gentoo.org>
