GNU bug report logs - #22440
25.1.50; package.el fails to install with package-check-signature t

Previous Next

Package: emacs;

Reported by: Mark Oteiza <mvoteiza <at> udel.edu>

Date: Sat, 23 Jan 2016 00:50:02 UTC

Severity: important

Tags: security

Found in version 25.1.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #63 received at 22440 <at> debbugs.gnu.org (full text, mbox):

From: Daiki Ueno <ueno <at> gnu.org>
To: Artur Malabarba <bruce.connor.am <at> gmail.com>
Cc: Mark Oteiza <mvoteiza <at> udel.edu>, Paul Eggert <eggert <at> cs.ucla.edu>,
 22440 <at> debbugs.gnu.org, Dmitry Gutov <dgutov <at> yandex.ru>
Subject: Re: bug#22440: 25.1.50;
 package.el fails to install with package-check-signature t
Date: Thu, 19 May 2016 10:30:08 +0900

Artur Malabarba <bruce.connor.am <at> gmail.com> writes:

> Here's a proposed fix.

Thank you for taking a look at this, the patch looks good to me.

>  ;;;###autoload
> @@ -1558,12 +1558,8 @@ package-refresh-contents
>    (let ((default-keyring (expand-file-name "package-keyring.gpg"
>                                             data-directory))
>          (inhibit-message async))
> -    (if (get 'package-check-signature 'saved-value)
> -        (when package-check-signature
> -          (epg-find-configuration 'OpenPGP))
> -      (setq package-check-signature
> -            (if (epg-find-configuration 'OpenPGP)
> -                'allow-unsigned)))
> +    (when package-check-signature
> +      (epg-find-configuration 'OpenPGP))

While it was from the original code, I would suggest to check the return
value of `epg-find-configuration' or simply remove this `when' clause.

Regards,
-- 
Daiki Ueno
This bug report was last modified 9 years and 67 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.