GNU bug report logs - #22440
25.1.50; package.el fails to install with package-check-signature t

Previous Next

Package: emacs;

Reported by: Mark Oteiza <mvoteiza <at> udel.edu>

Date: Sat, 23 Jan 2016 00:50:02 UTC

Severity: important

Tags: security

Found in version 25.1.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #42 received at 22440 <at> debbugs.gnu.org (full text, mbox):

From: Artur Malabarba <bruce.connor.am <at> gmail.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: Mark Oteiza <mvoteiza <at> udel.edu>, ueno <at> gnu.org, 22440 <at> debbugs.gnu.org,
 Dmitry Gutov <dgutov <at> yandex.ru>
Subject: Re: bug#22440: 25.1.50;
 package.el fails to install with package-check-signature t
Date: Wed, 18 May 2016 16:24:17 -0300

Paul Eggert <eggert <at> cs.ucla.edu> writes:

> I observed the same thing, but as I have no idea how packages ought to work I didn't know whether that was expected. If not, it's a bug too -- 
> should it get a different bug report or is this all the same bug?

Yes, it's a bug. Looks like it was introduced by the commit below.
I've CC'd Daiki.

14aec913ac3f0dd408487c0e8327403e0f239964
Author:     Daiki Ueno <ueno <at> gnu.org>
AuthorDate: Wed Feb 17 16:44:16 2016 +0900

Take advantage of new GnuPG version check function

* lisp/emacs-lisp/package.el (epg-configuration-find): Declare.
(package-refresh-contents): Use `epg-configuration-find' to check if EPG
is usable.

1 file changed, 9 insertions(+), 6 deletions(-)
lisp/emacs-lisp/package.el | 15 +++++++++------

modified   lisp/emacs-lisp/package.el
@@ -1452,9 +1452,8 @@ package-initialize
 (defvar package--downloads-in-progress nil
   "List of in-progress asynchronous downloads.")
 
-(declare-function epg-check-configuration "epg-config"
-                  (config &optional minimum-version))
-(declare-function epg-configuration "epg-config" ())
+(declare-function epg-configuration-find "epg-config"
+                  (protocol &optional force))
 (declare-function epg-import-keys-from-file "epg" (context keys))
 
 ;;;###autoload
@@ -1554,11 +1553,15 @@ package-refresh-contents
   (let ((default-keyring (expand-file-name "package-keyring.gpg"
                                            data-directory))
         (inhibit-message async))
+    (if (get 'package-check-signature 'saved-value)
+        (when package-check-signature
+          (epg-configuration-find 'OpenPGP))
+      (setq package-check-signature
+            (if (epg-configuration-find 'OpenPGP)
+                'allow-unsigned)))
     (when (and package-check-signature (file-exists-p default-keyring))
       (condition-case-unless-debug error
-          (progn
-            (epg-check-configuration (epg-configuration))
-            (package-import-keyring default-keyring))
+          (package-import-keyring default-keyring)
         (error (message "Cannot import default keyring: %S" (cdr error))))))
   (package--download-and-read-archives async))
This bug report was last modified 9 years and 66 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.