From unknown Sat Aug 09 09:38:24 2025 X-Loop: help-debbugs@gnu.org Subject: bug#55506: =?UTF-8?Q?=E2=80=98tests/channels.scm=E2=80=99?= and =?UTF-8?Q?=E2=80=98tests/git-authenticate.scm=E2=80=99?= GPG-related test failures Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 18 May 2022 17:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55506 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 55506@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165289354917637 (code B ref -1); Wed, 18 May 2022 17:06:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 May 2022 17:05:49 +0000 Received: from localhost ([127.0.0.1]:33389 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7M-0004aO-B2 for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:42464) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7K-0004aF-1y for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0002Sd-O6 for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35080) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0003CP-CK for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=+rxvL1mC0hYB5au5tQa6hzM0FLvXm5nJEE4cXVSkt1w=; b=biWQwKD2qFB1/j 3xf98LK6wM7KPnOeKkHYOiS0KBY7QCvAYVGk/epoXL0UHyspdchvGBYtk5MxN8uFbWlxwX1Txjw15 OoiPcXBisz+s6vjTIqRZbJcVVMShyNR+w9b070UuMTjy8jLj6qDN0uPztg68a/3Wb8Aq+Z+ViRAu2 +7K7HA/x4gis/kY5k7wc197jh35jr+eCPyGceZ6vnjaJpja8Mp6TcKiBz/+iIBCgbF1Uzikf4tmw+ QGWhBrQdEJZKPzk/hwiykwGY/QkzeMls7fD17bWZn2JFbFf5CSxz6wLSmsL9v+ToUbuo5VrX71isM 692AHihf6X5nPEk0jUgQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49374 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN73-0007EI-Pm for bug-guix@gnu.org; Wed, 18 May 2022 13:05:40 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 29 =?UTF-8?Q?Flor=C3=A9al?= an 230 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 18 May 2022 19:05:28 +0200 Message-ID: <87y1yy22lj.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Since recently, some authentication-related tests in =E2=80=98tests/channels.scm=E2=80=99 and =E2=80=98tests/git-authenticate.sc= m=E2=80=99 fail for me: --8<---------------cut here---------------start------------->8--- gpg: keybox '/tmp/guix-directory.9C2KC5/pubring.kbx' created gpg: /tmp/guix-directory.9C2KC5/trustdb.gpg: trustdb created gpg: key 771F49CBFAAE072D: public key "Ed Two-Fifty " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 771F49CBFAAE072D: "Ed Two-Fifty " not c= hanged gpg: key 771F49CBFAAE072D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 gpg: key 82240EDCAB80DA83: public key "Charlie Guix " = imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 82240EDCAB80DA83: "Charlie Guix " not changed gpg: key 82240EDCAB80DA83: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 hint: Using 'master' as the name for the initial branch. This default branc= h name hint: is subject to change. To configure the initial branch name to use in = all hint: of your new repositories, which will suppress this warning, call: hint:=20 hint: git config --global init.defaultBranch hint:=20 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this comman= d: hint:=20 hint: git branch -m Initialized empty Git repository in /tmp/guix-directory.y6IOfw/.git/ error: gpg failed to sign the data fatal: failed to write commit object test-name: authenticate-channel, wrong first commit signer location: /home/ludo/src/guix/tests/channels.scm:479 source: + (test-equal + "authenticate-channel, wrong first commit signer" + #t + (with-fresh-gnupg-setup + (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (with-temporary-git-repository + directory + `((add ".guix-channel" + ,(object->string + '(channel + (version 0) + (keyring-reference "master")))) + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint %ed25519-public-key-file) + (name "Charlie")))))) + (add "signer.key" + ,(call-with-input-file + %ed25519-public-key-file + get-string-all)) + (commit + "first commit" + (signer + ,(key-fingerprint %ed25519-public-key-file))) + (add "random" ,(random-text)) + (commit + "second commit" + (signer + ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository + directory + repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (intro (make-channel-introduction + (commit-id-string commit1) + (openpgp-public-key-fingerprint + (read-openpgp-packet %ed25519-2-public-key-file= )))) + (channel + (channel + (name 'example) + (url (string-append "file://" directory)) + (introduction intro)))) + (guard (c ((formatted-message? c) + (and (string-contains + (formatted-message-string c) + "initial commit") + (equal? + (formatted-message-arguments c) + (list (oid->string (commit-id commit1)) + (key-fingerprint %ed25519-public-key-fi= le) + (key-fingerprint + %ed25519-2-public-key-file)))))) + (authenticate-channel + channel + directory + (commit-id-string commit2) + #:keyring-reference-prefix + "") + 'failed)))))) expected-value: #t actual-value: #f actual-error: + (%exception + #<&invoke-error program: "git" arguments: ("-C" "/tmp/guix-directory.y6= IOfw" "commit" "-m" "first commit" "--gpg-sign=3D44D3 1E21 AF71 38F9 B632 = 280A 771F 49CB FAAE 072D") exit-status: 128 term-signal: #f stop-signal: #f= >) result: FAIL --8<---------------cut here---------------end--------------->8--- Notice =E2=80=9Cerror: gpg failed to sign the data=E2=80=9D, which comes fr= om Git. When stracing, we see this: --8<---------------cut here---------------start------------->8--- 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAA= E072D 3", 66) =3D 66 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A77= 1F49CBFAAE072D 3\n", 8192) =3D 67 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 read(3, "", 8192) =3D 0 13587 brk(0x13bf000) =3D 0x13bf000 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAA= E 072D\": Unusable secret key", 86) =3D 86 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F= 49CB FAAE 072D\": Unusable secret key\n", 12245) =3D 87 13587 write(2, "[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A 771F 49C= B FAAE 072D", 70 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 70 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A= 771F 49CB FAAE 072D\n", 12158) =3D 71 13587 write(2, "[GNUPG:] FAILURE sign 54", 24 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 24 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] FAILURE sign 54\n", 12087) =3D 25 13587 write(2, "gpg: signing failed: Unusable secret key", 40 --8<---------------cut here---------------end--------------->8--- It=E2=80=99s not clear to me why we get =E2=80=9CUnusable secret key=E2=80= =9D. I suppose this came up as a result of a recent Git or GnuPG update. This is with: --8<---------------cut here---------------start------------->8--- $ gpg --version gpg (GnuPG) 2.2.32 libgcrypt 1.8.8 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/ludo/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ git --version git version 2.36.0 $ guix describe Generation 214 May 02 2022 21:44:14 (current) guix 6b588da repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 6b588da368c77cde82ea2f22ca315116228777ad --8<---------------cut here---------------end--------------->8--- (The =E2=80=98guix=E2=80=99 package skips these tests because it lacks depe= ndencies on Git and GnuPG.) Ludo=E2=80=99. From unknown Sat Aug 09 09:38:24 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#55506: closed (Re: bug#55506: =?UTF-8?Q?=E2=80=98tests/channels.scm=E2=80=99?= and =?UTF-8?Q?=E2=80=98tests/git-authenticate.scm=E2=80=99?= GPG-related test failures) Message-ID: References: <87a6be1oj6.fsf@gnu.org> <87y1yy22lj.fsf@inria.fr> X-Gnu-PR-Message: they-closed 55506 X-Gnu-PR-Package: guix Reply-To: 55506@debbugs.gnu.org Date: Wed, 18 May 2022 22:10:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1652911802-24070-1" This is a multi-part message in MIME format... ------------=_1652911802-24070-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #55506: =E2=80=98tests/channels.scm=E2=80=99 and =E2=80=98tests/git-authent= icate.scm=E2=80=99 GPG-related test failures which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 55506@debbugs.gnu.org. --=20 55506: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D55506 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1652911802-24070-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 55506-done) by debbugs.gnu.org; 18 May 2022 22:09:27 +0000 Received: from localhost ([127.0.0.1]:33827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrRrD-0006FE-9w for submit@debbugs.gnu.org; Wed, 18 May 2022 18:09:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33312) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrRrB-0006F0-O8 for 55506-done@debbugs.gnu.org; Wed, 18 May 2022 18:09:26 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41458) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrRr6-00057V-Bk for 55506-done@debbugs.gnu.org; Wed, 18 May 2022 18:09:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=EJXMeCr6+VBJlDrtX/qVnxa03hyLDKGe+AcSta9gOvI=; b=jKTHNwW1gaNyza+SQ8kZ rzhRculX7jkgHLY2OpUVNBNaeUFeUIbFc0HKrzQzv0lSnttX8UIV4ulEXb1DDk9i8w0H6V4JZFnCJ JgzKlg8B2vqhgyJaQpdKb5cq8NnlyZgvnTdX7mAJ1dfJwvxK9Yq1Kr4MFFu/tZGGA4e/fwOaQK20r H1B67aHXSTEsJm3Wq5AOf26A9v81votR6BFcHbIPTmlqzNyI63MFYwUvPUFSYdoLNLcNrE3aYuztH Mr5l3JuxjbuVPgDrrWZ3dlTAD8QirfKdtZpXKbvya7dzZLXQsqzNWPjLpoih/vTv8qCoWtkj73EcZ jDfnu1EOvJWlUw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:60612 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrRr5-0005oW-Vj for 55506-done@debbugs.gnu.org; Wed, 18 May 2022 18:09:20 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 55506-done@debbugs.gnu.org Subject: Re: bug#55506: =?utf-8?Q?=E2=80=98tests=2Fchannels=2Escm=E2=80=99?= and =?utf-8?Q?=E2=80=98tests=2Fgit-authenticate=2Escm=E2=80=99?= GPG-related test failures References: <87y1yy22lj.fsf@inria.fr> Date: Thu, 19 May 2022 00:09:17 +0200 In-Reply-To: <87y1yy22lj.fsf@inria.fr> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?= =?utf-8?Q?'s?= message of "Wed, 18 May 2022 19:05:28 +0200") Message-ID: <87a6be1oj6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55506-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > Notice =E2=80=9Cerror: gpg failed to sign the data=E2=80=9D, which comes = from Git. > > When stracing, we see this: > > 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBF= AAE072D 3", 66) =3D 66 > 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN= }]) > 13587 write(2, "\n", 1 > 13581 read(7, > 13587 <... write resumed>) =3D 1 > 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A= 771F49CBFAAE072D 3\n", 8192) =3D 67 > 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 = > 13587 read(3, "", 8192) =3D 0 > 13587 brk(0x13bf000) =3D 0x13bf000 > 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB F= AAE 072D\": Unusable secret key", 86) =3D 86 Turns out those keys all had an expiration date (I guess that=E2=80=99s wha= t gpg does by default), and one of them expired a few weeks ago. I removed the expiration date with =E2=80=98gpg --edit-key=E2=80=99 and exp= orted the resulting public keys (=E2=80=9COpenPGP certificates=E2=80=9D) as tests/key= s/*.pub. Fixed in 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37. Ludo=E2=80=99. ------------=_1652911802-24070-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 May 2022 17:05:49 +0000 Received: from localhost ([127.0.0.1]:33389 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7M-0004aO-B2 for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:42464) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7K-0004aF-1y for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0002Sd-O6 for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35080) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0003CP-CK for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=+rxvL1mC0hYB5au5tQa6hzM0FLvXm5nJEE4cXVSkt1w=; b=biWQwKD2qFB1/j 3xf98LK6wM7KPnOeKkHYOiS0KBY7QCvAYVGk/epoXL0UHyspdchvGBYtk5MxN8uFbWlxwX1Txjw15 OoiPcXBisz+s6vjTIqRZbJcVVMShyNR+w9b070UuMTjy8jLj6qDN0uPztg68a/3Wb8Aq+Z+ViRAu2 +7K7HA/x4gis/kY5k7wc197jh35jr+eCPyGceZ6vnjaJpja8Mp6TcKiBz/+iIBCgbF1Uzikf4tmw+ QGWhBrQdEJZKPzk/hwiykwGY/QkzeMls7fD17bWZn2JFbFf5CSxz6wLSmsL9v+ToUbuo5VrX71isM 692AHihf6X5nPEk0jUgQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49374 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN73-0007EI-Pm for bug-guix@gnu.org; Wed, 18 May 2022 13:05:40 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-guix@gnu.org Subject: =?utf-8?Q?=E2=80=98tests=2Fchannels=2Escm=E2=80=99?= and =?utf-8?Q?=E2=80=98tests=2Fgit-authenticate=2Escm=E2=80=99?= GPG-related test failures X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 29 =?utf-8?Q?Flor=C3=A9al?= an 230 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 18 May 2022 19:05:28 +0200 Message-ID: <87y1yy22lj.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Since recently, some authentication-related tests in =E2=80=98tests/channels.scm=E2=80=99 and =E2=80=98tests/git-authenticate.sc= m=E2=80=99 fail for me: --8<---------------cut here---------------start------------->8--- gpg: keybox '/tmp/guix-directory.9C2KC5/pubring.kbx' created gpg: /tmp/guix-directory.9C2KC5/trustdb.gpg: trustdb created gpg: key 771F49CBFAAE072D: public key "Ed Two-Fifty " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 771F49CBFAAE072D: "Ed Two-Fifty " not c= hanged gpg: key 771F49CBFAAE072D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 gpg: key 82240EDCAB80DA83: public key "Charlie Guix " = imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 82240EDCAB80DA83: "Charlie Guix " not changed gpg: key 82240EDCAB80DA83: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 hint: Using 'master' as the name for the initial branch. This default branc= h name hint: is subject to change. To configure the initial branch name to use in = all hint: of your new repositories, which will suppress this warning, call: hint:=20 hint: git config --global init.defaultBranch hint:=20 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this comman= d: hint:=20 hint: git branch -m Initialized empty Git repository in /tmp/guix-directory.y6IOfw/.git/ error: gpg failed to sign the data fatal: failed to write commit object test-name: authenticate-channel, wrong first commit signer location: /home/ludo/src/guix/tests/channels.scm:479 source: + (test-equal + "authenticate-channel, wrong first commit signer" + #t + (with-fresh-gnupg-setup + (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (with-temporary-git-repository + directory + `((add ".guix-channel" + ,(object->string + '(channel + (version 0) + (keyring-reference "master")))) + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint %ed25519-public-key-file) + (name "Charlie")))))) + (add "signer.key" + ,(call-with-input-file + %ed25519-public-key-file + get-string-all)) + (commit + "first commit" + (signer + ,(key-fingerprint %ed25519-public-key-file))) + (add "random" ,(random-text)) + (commit + "second commit" + (signer + ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository + directory + repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (intro (make-channel-introduction + (commit-id-string commit1) + (openpgp-public-key-fingerprint + (read-openpgp-packet %ed25519-2-public-key-file= )))) + (channel + (channel + (name 'example) + (url (string-append "file://" directory)) + (introduction intro)))) + (guard (c ((formatted-message? c) + (and (string-contains + (formatted-message-string c) + "initial commit") + (equal? + (formatted-message-arguments c) + (list (oid->string (commit-id commit1)) + (key-fingerprint %ed25519-public-key-fi= le) + (key-fingerprint + %ed25519-2-public-key-file)))))) + (authenticate-channel + channel + directory + (commit-id-string commit2) + #:keyring-reference-prefix + "") + 'failed)))))) expected-value: #t actual-value: #f actual-error: + (%exception + #<&invoke-error program: "git" arguments: ("-C" "/tmp/guix-directory.y6= IOfw" "commit" "-m" "first commit" "--gpg-sign=3D44D3 1E21 AF71 38F9 B632 = 280A 771F 49CB FAAE 072D") exit-status: 128 term-signal: #f stop-signal: #f= >) result: FAIL --8<---------------cut here---------------end--------------->8--- Notice =E2=80=9Cerror: gpg failed to sign the data=E2=80=9D, which comes fr= om Git. When stracing, we see this: --8<---------------cut here---------------start------------->8--- 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAA= E072D 3", 66) =3D 66 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A77= 1F49CBFAAE072D 3\n", 8192) =3D 67 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 read(3, "", 8192) =3D 0 13587 brk(0x13bf000) =3D 0x13bf000 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAA= E 072D\": Unusable secret key", 86) =3D 86 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F= 49CB FAAE 072D\": Unusable secret key\n", 12245) =3D 87 13587 write(2, "[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A 771F 49C= B FAAE 072D", 70 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 70 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A= 771F 49CB FAAE 072D\n", 12158) =3D 71 13587 write(2, "[GNUPG:] FAILURE sign 54", 24 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 24 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] FAILURE sign 54\n", 12087) =3D 25 13587 write(2, "gpg: signing failed: Unusable secret key", 40 --8<---------------cut here---------------end--------------->8--- It=E2=80=99s not clear to me why we get =E2=80=9CUnusable secret key=E2=80= =9D. I suppose this came up as a result of a recent Git or GnuPG update. This is with: --8<---------------cut here---------------start------------->8--- $ gpg --version gpg (GnuPG) 2.2.32 libgcrypt 1.8.8 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/ludo/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ git --version git version 2.36.0 $ guix describe Generation 214 May 02 2022 21:44:14 (current) guix 6b588da repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 6b588da368c77cde82ea2f22ca315116228777ad --8<---------------cut here---------------end--------------->8--- (The =E2=80=98guix=E2=80=99 package skips these tests because it lacks depe= ndencies on Git and GnuPG.) Ludo=E2=80=99. ------------=_1652911802-24070-1--