From unknown Sat Jun 21 03:09:16 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#23513 <23513@debbugs.gnu.org> To: bug#23513 <23513@debbugs.gnu.org> Subject: Status: package.el treats empty signatures as correct Reply-To: bug#23513 <23513@debbugs.gnu.org> Date: Sat, 21 Jun 2025 10:09:16 +0000 retitle 23513 package.el treats empty signatures as correct reassign 23513 emacs submitter 23513 "L. Dixon" <_@lizzie.io> severity 23513 important tag 23513 patch security thanks From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 14:22:05 2016 Received: (at submit) by debbugs.gnu.org; 11 May 2016 18:22:06 +0000 Received: from localhost ([127.0.0.1]:47613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Ylp-0007J4-0r for submit@debbugs.gnu.org; Wed, 11 May 2016 14:22:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42746) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <_@lizzie.io>) id 1b0Qcf-0000lM-Qb for submit@debbugs.gnu.org; Wed, 11 May 2016 05:40:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <_@lizzie.io>) id 1b0QcX-0005qH-B9 for submit@debbugs.gnu.org; Wed, 11 May 2016 05:40:00 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41964) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <_@lizzie.io>) id 1b0QcX-0005ps-7u for submit@debbugs.gnu.org; Wed, 11 May 2016 05:39:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33598) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <_@lizzie.io>) id 1b0QcS-0004KM-QT for bug-gnu-emacs@gnu.org; Wed, 11 May 2016 05:39:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <_@lizzie.io>) id 1b0QcO-0005nn-Ck for bug-gnu-emacs@gnu.org; Wed, 11 May 2016 05:39:51 -0400 Received: from mail.lizzie.io ([192.241.221.211]:39338) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <_@lizzie.io>) id 1b0QcN-0005nG-Ss for bug-gnu-emacs@gnu.org; Wed, 11 May 2016 05:39:48 -0400 Date: Wed, 11 May 2016 02:39:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lizzie.io; s=mail-lizzie-io; t=1462959585; bh=NyMVDEGQPt3HoK+GwO8txNN6cohy6n5Ue5qzImuBWWI=; h=Date:From:To:Subject:From; b=dTcJfMLYIvanmgT1i8mPQkcwq6+S4Ppm5bC/l0To/v0LkIzjpLhN3A9a2jt8V32l8 YowkTPhjS/s4xvQNbZKZdny7F9tFy2Ia2RaNW6Vf/ZHIoedHGe7uEh6XfK0EYQxrfb ZyPd+gqUaWRrJ6ENxVOy/lgy2lUsuDvW9is86BjU= From: "L. Dixon" <_@lizzie.io> To: bug-gnu-emacs@gnu.org Subject: package.el treats empty signatures as correct Message-ID: <20160511093940.GA26912@empress> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Wed, 11 May 2016 14:22:03 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi! I noticed an issue in package.el checking malformed and empty signatures. It behaves as if malformed and empty signatures are correct. You can validate this by evaling the following lisp: (setq package-check-signature t) ;; or 'alllow-unsigned2 (package--check-signature-content "a" "b") ;; => nil, no signal The issue is a result of the following code (from package.el, 62d7aca, current HEAD of master) in lines 1208-1223, the definition of package--check-signature-content: (let (good-signatures had-fatal-error) ;; The .sig file may contain multiple signatures. Success if one ;; of the signatures is good. (dolist (sig (epg-context-result-for context 'verify)) ;; [elided... conditionally set good-signatures or had-fatal-error] ) (when (and (null good-signatures) had-fatal-error) (package--display-verify-error context sig-file) (signal 'bad-signature (list sig-file))))pg- epg-context-result-for returns nil for malformed or empty signatures; in this case the body of the dolist never gets evaluated for any sig, and so both good-signatures and had-fatal-error end up nil. The signal doesn't get triggered and package--check-signature-content returns normally. I've include a patch and some additional cases for the test suite. The new tests fail against HEAD of master and pass with the patch applied. This patch includes a new test/lisp/emacs-lisp/package-resources/key.sec and signatures, since I couldn't find the passphrase for the existing one and needed to sign /test/lisp/emacs-lisp/package-resources/signed/archive-contents for the new test. As a result, this patch contains binary differences and so needs to be applied with git-apply. The passphrase for the new key is 'passphrase'. Happy to use the old key if someone knows how. I also deleted the skip-unless clause in the package-test-signed, since the test runs normally without it. I may be misunderstanding something here, but I'm worried that skipping this test will mask similar issues or regressions. Thanks, Lizzie. diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index c05bb53..9fc2451 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -1218,7 +1218,7 @@ package--check-signature-content (unless (and (eq package-check-signature 'allow-unsigned) (eq (epg-signature-status sig) 'no-pubkey)) (setq had-fatal-error t)))) - (when (and (null good-signatures) had-fatal-error) + (when (or (null good-signatures) had-fatal-error) (package--display-verify-error context sig-file) (signal 'bad-signature (list sig-file))) good-signatures))) diff --git a/test/lisp/emacs-lisp/package-resources/key.pub b/test/lisp/emacs-lisp/package-resources/key.pub index a326d34..b3bd7a5 100644 --- a/test/lisp/emacs-lisp/package-resources/key.pub +++ b/test/lisp/emacs-lisp/package-resources/key.pub @@ -1,18 +1,30 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.14 (GNU/Linux) +Version: GnuPG v2 -mQENBFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d -2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz -d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E -3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/ -NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI -8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAG0HkouIFIuIEhhY2tlciA8 -anJoQGV4YW1wbGUuY29tPokBOAQTAQIAIgUCUk0HyAIbAwYLCQgHAwIGFQgCCQoL -BBYCAwECHgECF4AACgkQtpVAhgkYletuhQf+JAyHYhTZNxjq0UYlikuLX8EtYbXX -PB+03J0B73SMzEai5XsiTU2ADxqxwr7pveVK1INf+IGLiiXBlQq+4DSOvQY4xLfp -58jTOYRV1ECvlXK/JtvVOwufXREADaydf9l/MUxA5G2PPBWIuQknh3ysPSsx68OJ -SzNHFwklLn0DKc4WloE/GLDpTzimnCg7QGzuUo3Iilpjdy8EvTdI5d3jx/mGJIwI -goB+YZgyxSPM+GjDwh5DEwD7OexNqqa7RynnmU0epmlYyi9UufCHLwgiiEIzjpWi -6+iF+CQ45ZAKncovByenIUv73J3ImOudrsskeAHBmahljv1he6uV9Egj2Q== -=b5Kg +mQENBFcy0X0BCADTEpqKxj/mPhlMReSTS4Tt+Z3FIWh9J/Ry9xOXejJaOf/0IK4p +svA0fm4bIZA1sBtQw7KIu+oTVEllNIQG4qxVHHLqwQx+/F3Rk+dOk0Flk+zmBT2n +F+4KCnnrK7MOjcOMNQept4YkgZd3GPkBFCAr5RPTqxy6wn7Y1/NDzuHDUvns1FpR +GxRY5vyoghs1Yei6V1uGatNgxoEtNWMn2j60IPypnP961sGKZ8MHkeS0qeEVLbjI +PZ/qAFSYSgKg4GaC4+aRL9iABYdroMsNW/yaYTTnYp25t0X7w+eG9eKZD8hsidTj +E8ZFE/En0inCK2UhkzcAj3dAvzQJo1VV2S35ABEBAAG0HUouUi4gSGFja2VyIDxq +cmhAZXhhbXBsZS5jb20+iQE3BBMBCAAhBQJXMtF9AhsDBQsJCAcCBhUICQoLAgQW +AgMBAh4BAheAAAoJEE68tnACTKitvN8IAIw+/H6VM1yP4So6HrOcYAJgSR5prOWI +c5kywJKGtdmc3DzniFxm5X5a2ARXpqaIq+5i0xQib+8SE173XsE68bNBe0OwsyRL +BWr5Gqg7gviHk8+8FmytccPSIso3fXZYrG74LHzG93N6cdp6zfGJvxHNvuVg2Ufn +kn9KmYfBcVHrYsouvPmbv7qjCVgrD8bUIr4maAtFocycxcOez5bZGhGiPVL+I4/C +8+TpBbWWsoTXo7VNWa6dvGFBgja38WPGyshExbs/SMoCkHEnUcV6uUyIZstEugvs +aAAjLk1LVPHs+juOls1JaCuxG7oquzNh9tSAZ2ZEG0bu0T5pkO4TTc65AQ0EVzLR +fQEIANPWOPCkSJomBN4BMsOmQj1RiIPMFCRS+XNRhrsUiHY2vSvSujAkemvgzf0Z +X8CYHMgo2hSH9ehcCUZryEBHcZDzkxS3E+/rk6YZhiEarWdT4O9Oi4v5ct224BLg +h1oWBwa/ypCIF8ebtZTLkWe4jkaAjKMHpgwL/ndHRJXPIN8h3Zbb9j8v5C5Y1MkR +Ppc2Pms0zQ13hIWTI925Ctc7/rS2mm1zpu3IUGRBHiX7hooVsrPuW9LQZTkULbJo +7+CR007PalDWLbj+SKkProUBadxxox1WOhxVDX1QrCLOjxFPF8QnLGP7LRdYMqOe +uEDObIKTNmk0Z8qq2uJubnxPvnMAEQEAAYkBHwQYAQgACQUCVzLRfQIbDAAKCRBO +vLZwAkyorREAB/9c4dz/egis8m9cexeNtQ2OGrqoAt2zvJm1ke1T4j23xOa/8DiW +la/DRaQQVQvb9r3KljKqiRFZGtU60rowgep+iLoYdlXoLDbq5nUWUYFjvf13qccE +iZMbWuCn17npLYSrLd1ijYmgVGB8mPwHCLQZaXwp48uqkVHfjLJszKwBv/UAJfLO +mQiYh549ZNFpYcjaShJ76tArr0SfS9mc3+RMR3jwAAg8wqf0DVIhzo7rBdbO1dZi +9ZTQdQwnIwQao1SuWPtrRq/SWe/1XKRHBs59ZNgR1k3+FfxA5TZn5aNp8bEmHi5U +y+J78lVsI2li7FH0OmdpnCqF7RnZ1OMbkwQQ +=VM68 -----END PGP PUBLIC KEY BLOCK----- diff --git a/test/lisp/emacs-lisp/package-resources/key.sec b/test/lisp/emacs-lisp/package-resources/key.sec index d21e6ae9a452ff9b7942e2a3310f0d43eb80527b..5021d12dc8e0cb3a6b52e6f6fda1dc99b4228bb8 100644 GIT binary patch literal 2573 zcmV+o3i9=p1I7ebGSPhj2msR(nu^9h<~|urMdXu9gzfpA#UW^YC-idn6PJ22S~>sp zAg(F0@HBpI8zGQ2up3arvWUCt6I4lMG=v7?tW_Lx>cI?t{9VzL=T4JBWs~gY1wE%1 z?g|Qd>npPkjl+yJ2dTG)B!QQA82JGdAS>k))2kf1!hYD-^Fz+z!&3R|)LKy+6j* zHvo@!K)*Bzqg7SeE%^Wu0RRF12Ll31&;hve+R`ZQ|C=VXs`1`Q;Rx(XEKkD`#i??( zY`jn60G4)BCRl-=cu)Kr^dVbz2~6fZamON|x@yNTKz~BJc>i#B>?L7xFRt4oI_8Zz zlo$X;L%g{f3i&4VMm4#!Kv9%`USaKH*kSjqJU zH()})nR{bd8$JTp^Q%PJr68N#i^NL2OerwYbQhoVm{0RiLOxt#C6?-!{g>^oBYkHvsbS# zgnU#i7ZVHPm8U9Jh#(jswdCw24pFOU181z3^Iws8y;uHc0lg&gv!pg96=>OgDOAgK zIL`bgltQ!Ss*O~B-J8Ksh;!)q+;Hit{$pOt{fe1nC2kqu@?V1P7uz9_#qBMp-0da{v_onO1N1ZE{Jm-WF529~ux?7Gy;?gN$vb>IS?pU;+q8{JuD0K%cE^ zkYHA8;oh+6BGH?S?V_L#02<)KmE&3zuGubLi$=QZ67!VPk7$ zav(fva%ezhcwudDY-KKEZ*4w_0XGB_0SEvg1p-$x(R~6N0|g5S2nPZN6$l9m3jzcd z0s{d89svRufB*^!5Kg?dZ~{!It-Rj|0E|BTew8y^kKrmh9hrw}C>tf0- zy!o5Ix}ynLD-XuhBEBYQ3q_&KoW;YQ&z9L55u!a({v(gV^W^CTwU)Ak*Q2#fS+1SD zVL^g6xA9}f%E&~;yFWOo(R7M7j&?XaFNFO-oeq?D{*7md#0ME3q58 zD!Vgb_SAr9W<(oC?$JJJknR&r&Yc6s1XnWAeE|pn)7Cifq)3`31l|EM!=^$#QHX=g z6eLplb5Vx76o_^}6YuMj zrWuAI8m(tj;O|b0i}`Zhw%`)rhguc~2EWRXh!@A3wUo<|XSj|=fQ+LDrVI=IcSl5( z&mi9+-Im+-KQH7iSk%c8K9@E=Yc$ObcZ7wLBi*?Q*E{~Swwi5ortQd3WI-M!`-X}Y zva{}6($Hl&6fLr7@8FTsPS0vk)-AaHNU0C5g#l^YaibkpIviCEeNe0-&W{mK7sMwl zWBV-^STduYxIoTqf|E9BG-t}H+Tw0*d{4e}01*KI0saRA0>{~Nl3c7ox9$TMDFLq! zmQI&z_U#RTep)=02&><__EP4A2K_!D%%m3YjoR>-_UjyrS#F%xm}PdEuD{?DqyC`X z))fxKjx%>0=-D-?G&8)LvvVf-2}SmLHyv`s38O8yu#EDUQ+$d+&H()KJ%X{u*r4Q& zam(P#gMHjV{?h*jAKz2%mNq~WItrHAkVO1v#SC)|21`|5OspZUNaeT>83xXNU|%+w%%8tvTLn_Wvl zxM^m{in!{rdSfvM0YIZ~0;KLy2Fhbok8|=VlTZ#y=7Mqzi2ePp$?^5?SX{PdM{7-I zZXG+X;`c?4G$wo_;Y@HU)wL+qSNW4k^y9E)jHC;FoEiRh`Jbd zRp=}>>gIJ8QGsK<{dcLy1c{RyTHvSGx#=y0t1aDPjftRCV0@VT2MDwoX?!W;%c_x4 z-;Ad-5%M4wC9oZsY3M|ki62t2~4^bJxW z&W`H^*3Q+|V)c~JbqpsX1RA4Mu2}nPMz7LY@AX`yM+VM)WY`hbP5u@9K;<@P<)dlw ju_hiaRLkOf@>OgjX=3bA^g3s0oGOLw8QIk18+bSL%E^>a-vkH!MPozQ30XV&nzk zCQP`Iz1m!GBL>%-1s_(W$1HUu-Kss;Lv6Q+IyT*@%*j*xyz2>epV`10Bj|-2dNE8_ zvA>s}TixD4H(*tQFyiZRyT(v8OzhlugA*KeD*LmXb@NDbshFduhDx6&EJ1{Dd#!yT zB@(=eK=)#*+=Akj*|Zt$TFPv;pw7LU1?P1Yj*ZlBGf3#d6vkUz=K+E2udtsZm(LF_ zS3Kpd?Mw=5Z{iNF;aC#s5!xKdF+9rLF{hjNH;0JyxC>e zXsmi>5ruj3CuF7o-|jO-0591Kz5ycD4w4sNBG2P$jw@ zY&4{O!Ow4Rd^Ux2VV2)=PdwF^F}ZRFyD^t*qe=)6-`R0sa7-hgS^f!?ud#djlc46- zDhYoTC8m2lH)nR>%_*nJi%Q4IgprX6qFE5Sfm*y8G)tmQS-cOvp;K^KykB!D=onPh zHG4zdchYBX%Gwgl&cDARj;lAEXJOCZnuGMC5V)C)7mvg3S`}0c?wu8sO#M7RNYtHP z>-%5ymwNZ5yW>^-+KMyF1Zl7CHjfJGr1=1IK2o>^D(yf{yri`X^?SUGHsm3XJ`FN+yoAsRLK;#_JVXhF?w__UbRtD|FM`84Fo&=|^ zmyaArr&uZ3Rk=t*2EB0lTSpBy6ZRWOVh24_mX*_n68utq8z*Pn>T;63 zX`w|T_~HI`t?91wxC+>Gb^3>6n<*K4+tCPm~W8PSdUhjZmpn zJ&2~Pu{W7p4?*p$06bQTk??t1Hq|K0Eb!<7%A?jWF`r_!;t&Kwb6dyhb914!gw(~h z@4)=J8dlZmqW(=mF&0fqQ}}*e9tjF1gJvamkXUABDnWhWkwO2ap4d8}}izsSx z09hHJ8U(`X!~w(~v{-;9Jf^diL{>MHLL&m(vo8uezSDj*^?)^z0rL!`l7 z!ts*@d3SY-OKX*ToNgs;A=NouzwX%p5a&DAZ;~kqxC+j>rD6esvPu#GFs-L0ERk}gW;E5yndyI=BepVj(3S*b23u#NFqM>SJEndT zSC@I%HN%GL=WC=5?yQOo$I&t&d_=|MJ`$}44Xo))*`e+%N9Rd%J4GU^TcdaEwI<65 l0@H3W3R8f$=A<=vpcl$_f|Usoys+$ECcO*%YZ1}36Net3fp7o- literal 287 zcmV+)0pR|L0UQJX0RjL91p-n{5YK#4VQKS=3Y z4{6H*y$2N7$F>D9q<6}8W@)g4IY*tJ!pbhJKg4wt^n;h+JbBA;u0>elMy`2jx*VU| zlh?jrV-3vBGP*mmNL_W?AnwVn6@Q@p*wV7I(C;5R08N&Z^~?UH#j<8F5FJwK_IikR zqO6N|z0JA$Na2JaN;v+>WxkjrGTxewi33ub)Z`?zmIs&s$-6F-;flCj9#nf{*7e-CNTm^_t3+^EM%2i`||6aGGRI7U7YNOYtV}Ps|)h ltRz>cs){>Y*0(}mOOk(tIMaz=$yPRH;b7jH|DihEO^(>ki^l)} diff --git a/test/lisp/emacs-lisp/package-resources/signed/signed-bad-1.0.el.sig b/test/lisp/emacs-lisp/package-resources/signed/signed-bad-1.0.el.sig index 747918794cab396b0b16c3d02530f45329593e8a..0803d129514565c17b1d490a6751deae9ba98c0b 100644 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-$x*5UvP2@p=awr~PWsIAwA2mKd=eJs30OK~ba=WYKb zA40)hmr4P&3H8xkwD|?aFZUrO$6zf&Y;?;dXS?GW@Qr&Ulm|{1%i^fPV}P{{FlzPf z%TQ;SS#A}>Ad6|eLj%kG`>p;S_5NOs6LBiBp9MOq(R#})Ni zIV|E6*o6fWBswI+f{rhacb3=-rnxkOf`(CtrUhireeq}QeC7Boom!q)-tH3y^E%dy ld>L-}SVw1AD7Q+ux571(vR=snM^Ignd(QDM;n~T-E;^4-g8Kjf literal 287 zcmV+)0pR|L0UQJX0RjL91p-n{5t*q3BFN4;I!%1v33I9 z2p^^!^J_nB)#mYv#@QdKcy&CjbuXo!;>HueViXfL?7zjQ*<5?Ehl0XP=fm8^A1oYry!UqNH^J<2@A-$ubXim+sOzut6I3Tw lH2e2uU;QtGzo)(RqQbFg5?sfObwr5XeEV{EVAln2=dFOHjDY|E diff --git a/test/lisp/emacs-lisp/package-resources/signed/signed-empty-1.0.el b/test/lisp/emacs-lisp/package-resources/signed/signed-empty-1.0.el new file mode 100644 index 0000000..f23d144 --- /dev/null +++ b/test/lisp/emacs-lisp/package-resources/signed/signed-empty-1.0.el @@ -0,0 +1,33 @@ +;;; signed-empty.el --- A single-file package with an empty signature + +;; Author: J. R. Hacker +;; Version: 1.0 +;; Keywords: frobnicate +;; URL: http://doodles.au + +;;; Commentary: + +;; This package provides a minor mode to frobnicate and/or bifurcate +;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly" +;; and all your dreams will come true. + +;;; Code: + +(defgroup signed-empty nil "Simply a file" + :group 'lisp) + +(defcustom signed-empty-super-sunday t + "How great is this?" + :type 'boolean + :group 'signed-empty) + +(defvar signed-empty-sudo-sandwich nil + "Make a sandwich?") + +;;;###autoload +(define-minor-mode signed-empty-mode + "It does good things to stuff") + +(provide 'signed-empty) + +;;; signed-empty.el ends here diff --git a/test/lisp/emacs-lisp/package-resources/signed/signed-empty-1.0.el.sig b/test/lisp/emacs-lisp/package-resources/signed/signed-empty-1.0.el.sig new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/test/lisp/emacs-lisp/package-resources/signed/signed-good-1.0.el.sig b/test/lisp/emacs-lisp/package-resources/signed/signed-good-1.0.el.sig index 747918794cab396b0b16c3d02530f45329593e8a..0803d129514565c17b1d490a6751deae9ba98c0b 100644 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-$x*5UvP2@p=awr~PWsIAwA2mKd=eJs30OK~ba=WYKb zA40)hmr4P&3H8xkwD|?aFZUrO$6zf&Y;?;dXS?GW@Qr&Ulm|{1%i^fPV}P{{FlzPf z%TQ;SS#A}>Ad6|eLj%kG`>p;S_5NOs6LBiBp9MOq(R#})Ni zIV|E6*o6fWBswI+f{rhacb3=-rnxkOf`(CtrUhireeq}QeC7Boom!q)-tH3y^E%dy ld>L-}SVw1AD7Q+ux571(vR=snM^Ignd(QDM;n~T-E;^4-g8Kjf literal 287 zcmV+)0pR|L0UQJX0RjL91p-n{5t*q3BFN4;I!%1v33I9 z2p^^!^J_nB)#mYv#@QdKcy&CjbuXo!;>HueViXfL?7zjQ*<5?Ehl0XP=fm8^A1oYry!UqNH^J<2@A-$ubXim+sOzut6I3Tw lH2e2uU;QtGzo)(RqQbFg5?sfObwr5XeEV{EVAln2=dFOHjDY|E diff --git a/test/lisp/emacs-lisp/package-tests.el b/test/lisp/emacs-lisp/package-tests.el index 70e129c..67da2e1 100644 --- a/test/lisp/emacs-lisp/package-tests.el +++ b/test/lisp/emacs-lisp/package-tests.el @@ -459,15 +459,6 @@ package-test-desc-version-string (ert-deftest package-test-signed () "Test verifying package signature." - (skip-unless (ignore-errors - (let ((homedir (make-temp-file "package-test" t))) - (unwind-protect - (let ((process-environment - (cons (format "HOME=%s" homedir) - process-environment))) - (epg-check-configuration (epg-configuration)) - (epg-find-configuration 'OpenPGP)) - (delete-directory homedir t))))) (let* ((keyring (expand-file-name "key.pub" package-test-data-dir)) (package-test-data-dir (expand-file-name "package-resources/signed" package-test-file-dir))) @@ -476,6 +467,7 @@ package-test-desc-version-string (package-import-keyring keyring) (package-refresh-contents) (should (package-install 'signed-good)) + (should-error (package-install 'signed-empty)) (should-error (package-install 'signed-bad)) ;; Check if the installed package status is updated. (let ((buf (package-list-packages))) From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 14:34:31 2016 Received: (at control) by debbugs.gnu.org; 11 May 2016 18:34:31 +0000 Received: from localhost ([127.0.0.1]:47636 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Yxr-0007dz-Ge for submit@debbugs.gnu.org; Wed, 11 May 2016 14:34:31 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59184) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Yxq-0007dm-0h for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b0Yxk-0002XI-3E for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:24 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57924) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b0Yxk-0002X7-0r for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:24 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1b0Yxj-0004yq-HF for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:23 -0400 Subject: control message for bug 23513 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Wed, 11 May 2016 14:34:23 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) severity 23513 important tag 23513 security patch From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 14:34:52 2016 Received: (at control) by debbugs.gnu.org; 11 May 2016 18:34:53 +0000 Received: from localhost ([127.0.0.1]:47639 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0YyC-0007es-Of for submit@debbugs.gnu.org; Wed, 11 May 2016 14:34:52 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59268) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0YyB-0007eM-JL for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b0Yy5-0002b9-KP for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57930) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b0Yy5-0002au-HI for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:45 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1b0Yy3-0005hs-Ov for control@debbugs.gnu.org; Wed, 11 May 2016 14:34:44 -0400 Subject: control message for bug 21966 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Wed, 11 May 2016 14:34:43 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) block 21966 by 23513 From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 14:43:11 2016 Received: (at control) by debbugs.gnu.org; 11 May 2016 18:43:11 +0000 Received: from localhost ([127.0.0.1]:47650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Z6E-0007sq-Sm for submit@debbugs.gnu.org; Wed, 11 May 2016 14:43:11 -0400 Received: from eggs.gnu.org ([208.118.235.92]:35055) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Z6D-0007sd-93 for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b0Z67-0007It-A1 for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:04 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58024) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b0Z67-0007I2-78 for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:03 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1b0Z65-0002Ua-JK for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:01 -0400 Subject: control message for bug 21966 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Wed, 11 May 2016 14:43:01 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) unblock 21966 by 23513 From debbugs-submit-bounces@debbugs.gnu.org Wed May 11 14:43:21 2016 Received: (at control) by debbugs.gnu.org; 11 May 2016 18:43:21 +0000 Received: from localhost ([127.0.0.1]:47653 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Z6P-0007tG-2V for submit@debbugs.gnu.org; Wed, 11 May 2016 14:43:21 -0400 Received: from eggs.gnu.org ([208.118.235.92]:35168) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b0Z6N-0007t0-IU for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b0Z6H-0007PQ-Ls for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:14 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58028) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b0Z6H-0007PH-JY for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:13 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1b0Z6H-0002Vh-0u for control@debbugs.gnu.org; Wed, 11 May 2016 14:43:13 -0400 Subject: control message for bug 19759 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Wed, 11 May 2016 14:43:13 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) block 19759 by 23513 From debbugs-submit-bounces@debbugs.gnu.org Fri May 13 21:49:55 2016 Received: (at 23513-done) by debbugs.gnu.org; 14 May 2016 01:49:55 +0000 Received: from localhost ([127.0.0.1]:50361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b1OiJ-0002d3-Hk for submit@debbugs.gnu.org; Fri, 13 May 2016 21:49:55 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:60193) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b1OiI-0002cq-0B for 23513-done@debbugs.gnu.org; Fri, 13 May 2016 21:49:54 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 32A211612A3; Fri, 13 May 2016 18:49:47 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id x9WbAsstnljV; Fri, 13 May 2016 18:49:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 8239E1612A2; Fri, 13 May 2016 18:49:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id pZ8nKGhfTWDO; Fri, 13 May 2016 18:49:46 -0700 (PDT) Received: from [192.168.1.9] (unknown [100.32.155.148]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 6554716129C; Fri, 13 May 2016 18:49:46 -0700 (PDT) To: "L. Dixon" <_@lizzie.io> From: Paul Eggert Subject: Re: package.el treats empty signatures as correct Organization: UCLA Computer Science Department Message-ID: <57368435.1020004@cs.ucla.edu> Date: Fri, 13 May 2016 18:49:41 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: 23513-done Cc: 23513-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) Thanks for the bug report and fix! The code fix is so simple that copyrig= ht papers are not needed, so I installed it and will boldly mark this bug as= done. The test case is a bit much to accept without copyright assignment; is th= at something you and your employer would be willing to do? If so please let = me know and I'll start the ball rolling on that. I've never messed with those test-case signatures either but if I had to = guess the passphrase I would guess "test0123456789", the string used in test/lisp/epg-tests.el's epg-tests-passphrase-callback function. From debbugs-submit-bounces@debbugs.gnu.org Sat May 14 17:38:39 2016 Received: (at 23513) by debbugs.gnu.org; 14 May 2016 21:38:39 +0000 Received: from localhost ([127.0.0.1]:51783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b1hGh-0000DO-D6 for submit@debbugs.gnu.org; Sat, 14 May 2016 17:38:39 -0400 Received: from mail-wm0-f52.google.com ([74.125.82.52]:36277) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b1hGg-0000DC-6S for 23513@debbugs.gnu.org; Sat, 14 May 2016 17:38:38 -0400 Received: by mail-wm0-f52.google.com with SMTP id n129so60037456wmn.1 for <23513@debbugs.gnu.org>; Sat, 14 May 2016 14:38:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=OK+T2RUMwtz4tX1slYFXnGX2naE1XkJtjBXW+dDBgIo=; b=gg/Mj9JuS58SZthe1YzTb2PJ9m32mi7246n4Aj09SjeqdcPbCZdTtpdMT6P6n9S5FR mxrMH3SCQQVzct/uX+v8LDNLY+5bhWhDV7c8Ne4CZH6H9/phfyeOkPfMijIqIhnTq66v BQO5AGJk2x9CoGT9KmJnoiV3JmySK7ytUQGzGM3vHIFVskb9JooMfNSMtqjIXW5aKCYF Se2AEnVgYsGjFciUWVyQxHLmnxptQaDNJvDfVI+KYrxR1XkpjQVM1p+QSiCY8GsmDJtz w2FKO9UPxmcQK6f7HSbCbkzwyuLs6X/+lmdMgYJyPku8Qhh2Ee8VRNs/XqKcqboE0swC +czQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:to:references:cc:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=OK+T2RUMwtz4tX1slYFXnGX2naE1XkJtjBXW+dDBgIo=; b=deNj6AHNicwutOExBe5nDQpwirzn99kwUPsIE12PVWlQXddlVe6IG7EPzMu5NwY83O rh5uzEBtiXY1VNCiS5Dxu06RuF6cqCVTX78OAS4NLfLEPsYODjUwhZnBQ8HqRdNBsDNw VtzAtJ0XuNEAJBd2Wg5wgWD1Jvzwu0HDA9S3XXgE2V/6s/GyzpnZ6actUGrvHNl5SLsv FEczhuINUBVHTTTz0H2b3gBvmA0NYSrP7MGmIaztCwzZKR2zFRt4B5SI1A/mDRQo2jNB 449rglU7sa/FRwkdhJCoUDhFYoN0XqsC2Pb5wd37cwmAd3+cLKpUrPAjgiBvi1RSaDEM +o6w== X-Gm-Message-State: AOPr4FViTn/aUvAXmA0ED2VXNfyRFED7H21PEhy45uebbZHCTWpyuU2uFvt1BghTB/airA== X-Received: by 10.194.216.33 with SMTP id on1mr22194722wjc.120.1463261912499; Sat, 14 May 2016 14:38:32 -0700 (PDT) Received: from [192.168.1.2] ([185.105.175.24]) by smtp.googlemail.com with ESMTPSA id jr8sm25464480wjb.15.2016.05.14.14.38.31 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 14 May 2016 14:38:31 -0700 (PDT) Subject: Re: bug#23513: package.el treats empty signatures as correct To: 23513@debbugs.gnu.org, Glenn Morris References: <20160511093940.GA26912@empress> From: Dmitry Gutov Message-ID: Date: Sun, 15 May 2016 00:38:30 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1 MIME-Version: 1.0 In-Reply-To: <20160511093940.GA26912@empress> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 23513 Cc: "L. Dixon" <_@lizzie.io> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 05/11/2016 12:39 PM, L. Dixon wrote: > I also deleted the skip-unless clause in the package-test-signed, > since the test runs normally without it. I may be misunderstanding > something here, but I'm worried that skipping this test will mask > similar issues or regressions. That's definitely a cause for concern. Glenn, does Hydra lack the necessary libraries to support the package signature check? Why do we skip this test there? It seems important. From debbugs-submit-bounces@debbugs.gnu.org Mon May 16 14:39:37 2016 Received: (at 23513) by debbugs.gnu.org; 16 May 2016 18:39:37 +0000 Received: from localhost ([127.0.0.1]:54282 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b2NQW-0003wX-OQ for submit@debbugs.gnu.org; Mon, 16 May 2016 14:39:36 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37959) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b2NQU-0003wK-9o for 23513@debbugs.gnu.org; Mon, 16 May 2016 14:39:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b2NQO-00087G-AO for 23513@debbugs.gnu.org; Mon, 16 May 2016 14:39:29 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:35846) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b2NQH-000850-M9; Mon, 16 May 2016 14:39:21 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1b2NQF-0003Av-R9; Mon, 16 May 2016 14:39:19 -0400 From: Glenn Morris To: Dmitry Gutov Subject: Re: bug#23513: package.el treats empty signatures as correct References: <20160511093940.GA26912@empress> X-Spook: Gang Treasury Norvo Virus unclassified Al Jazeera Serbian X-Ran: B)c!SyV$Hc6!5fZ'm#UyTrCiq9O{~fI/'q]7nU-R&Y|MrZSnJcHPKG)5E*&+(K"W\]5P,< X-Hue: magenta X-Debbugs-No-Ack: yes X-Attribution: GM Date: Mon, 16 May 2016 14:39:19 -0400 In-Reply-To: (Dmitry Gutov's message of "Sun, 15 May 2016 00:38:30 +0300") Message-ID: <1rvb2dx2y0.fsf@fencepost.gnu.org> User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: 23513 Cc: 23513@debbugs.gnu.org, "L. Dixon" <_@lizzie.io> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) Dmitry Gutov wrote: > On 05/11/2016 12:39 PM, L. Dixon wrote: > >> I also deleted the skip-unless clause in the package-test-signed, >> since the test runs normally without it. I may be misunderstanding >> something here, but I'm worried that skipping this test will mask >> similar issues or regressions. No, that stuff is there for a reason. Please don't delete it just becauses it's not needed on your system. > That's definitely a cause for concern. Glenn, does Hydra lack the > necessary libraries to support the package signature check? Hydra's "gnupg" package is from the 2.0 series, and only provides a "gpg2" executable. epg-config--program-alist requires something from the 2.1 series. So (epg-find-configuration 'OpenPGP) fails with "no usable configuration". I have added "gnupg1" to the requirements for the coverage build in an effort to get a "gpg" executable. We'll see if this helps. (It would be easier to see if this worked if the coverage job wasn't currently failing, as it has been for two weeks, due to network-stream changes that cause a test failure - bug#23508. This is a repeated pattern that makes me think people don't actually pay much attention to the coverage job.) From debbugs-submit-bounces@debbugs.gnu.org Mon May 16 16:19:47 2016 Received: (at 23513) by debbugs.gnu.org; 16 May 2016 20:19:47 +0000 Received: from localhost ([127.0.0.1]:54446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b2OzS-0003JU-PQ for submit@debbugs.gnu.org; Mon, 16 May 2016 16:19:46 -0400 Received: from mail-wm0-f49.google.com ([74.125.82.49]:36193) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b2OzS-0003JI-0c for 23513@debbugs.gnu.org; Mon, 16 May 2016 16:19:46 -0400 Received: by mail-wm0-f49.google.com with SMTP id n129so115062460wmn.1 for <23513@debbugs.gnu.org>; Mon, 16 May 2016 13:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=5wb5I+9gGXKLyowo99gZFV4NmQTMWLzYYGgapjb1vqA=; b=0pzsbyMZEwo4kWXB0A49Du5nbm7zQTw1wmE0f2rIG79Yunwf2ob5amDLsWl9u+E+FW gDSF4/mSlanY8vYwns+NB/IrSbFwCMqcHGQsDakcM0B4E2rW6kGuM59Ua+nKudxtScZb wgPz5vqNWAjp4J0yZHL/AXYJzZ0iOUQhoGG9hfiLRTOW3YrbnsadcIjP4TGckbpnzDU9 j+lm/7L5Nhu90Y4+eu2mBVPqEY6c57ihpehv/vQCWmxi5U5CvoU1WZeko+8QhHLaZNwU /Rt5Yof7LmdM5Cgf5YF6MIjCbvesBDLt9WiKDeTl/fnqJjsur3JRrhfKqPmyh2iOc0sM fp3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:to:references:cc:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=5wb5I+9gGXKLyowo99gZFV4NmQTMWLzYYGgapjb1vqA=; b=LQOGdOKmYs0PHK0mw3hUzYtUcXG+/8ZaF9buEc4Le0hvUVIg/2k9IxC8V4mmOL1Wj4 Jyjz2BwPoYgspR04dNQAhCg2fvzaV4cEnN2rmANAbBMznGbnNzByJNWzVpHYbxxUI4CZ yDRkRX9fb7EoRhQoTxvbiyr7EBAuk6pSU7TKir2WxTqRiw8cGhw+P72UXv60fn6URerB CTlKkGJACI7hQCfMOfpaWR/EXxnLUwGLQNjapDvtH0NLVkcqT5XheOt/cnd9kfaBcjOx X51GrZil6bLU9wFi3bUGD+rHiKYJ3jediWO7bPKjjSvPe6/iKWu36dHeqhhG9Lajrbfs AynQ== X-Gm-Message-State: AOPr4FU/CnyuwRaTKlDBdvy73tEpj8OP1I1ekHU0h4WVjTPSNh+YeZBBMA8Zssf1A6TIMA== X-Received: by 10.28.189.138 with SMTP id n132mr20102813wmf.34.1463429980573; Mon, 16 May 2016 13:19:40 -0700 (PDT) Received: from [192.168.1.2] ([185.105.175.24]) by smtp.googlemail.com with ESMTPSA id k1sm3365206wjx.22.2016.05.16.13.19.38 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 16 May 2016 13:19:39 -0700 (PDT) Subject: Re: bug#23513: package.el treats empty signatures as correct To: Glenn Morris References: <20160511093940.GA26912@empress> <1rvb2dx2y0.fsf@fencepost.gnu.org> From: Dmitry Gutov Message-ID: <91f7ebef-3e86-2ab7-51ab-61377c5f4406@yandex.ru> Date: Mon, 16 May 2016 23:19:37 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1 MIME-Version: 1.0 In-Reply-To: <1rvb2dx2y0.fsf@fencepost.gnu.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 23513 Cc: 23513@debbugs.gnu.org, "L. Dixon" <_@lizzie.io> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 05/16/2016 09:39 PM, Glenn Morris wrote: >> That's definitely a cause for concern. Glenn, does Hydra lack the >> necessary libraries to support the package signature check? > > Hydra's "gnupg" package is from the 2.0 series, and only provides a > "gpg2" executable. epg-config--program-alist requires something from the > 2.1 series. So (epg-find-configuration 'OpenPGP) fails with "no usable > configuration". > > I have added "gnupg1" to the requirements for the coverage build in an > effort to get a "gpg" executable. We'll see if this helps. Thanks. Ideally, we'd have something like (skip-unless (or (getenv "HYDRA") (ignore-errors ...)), to make sure the tests like that are _not_ skipped on the CI. Individual contributors may not have gpg installed (although there's a case to be made that the package tests should just fail for them), but the CI is our last "line of defense", especially for important tests. > (It would be easier to see if this worked if the coverage job wasn't > currently failing, as it has been for two weeks, due to network-stream > changes that cause a test failure - bug#23508. This is a repeated pattern > that makes me think people don't actually pay much attention to the > coverage job.) I've noticed this failure when running tests locally, but it's far from my area of expertise. I think using a separate mailing list for the build status notifications might be a mistake. I'm not subscribed to it (not sure why; maybe I've missed the announcement), and apparently not many other people are. There's not a lot traffic there, why not just send it to emacs-devel? From unknown Sat Jun 21 03:09:16 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 14 Jun 2016 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator