GNU bug report logs - #72319
ELPA archive download fails with signature error during rebuild

Previous Next

Full log

View this message in rfc822 format

From: Daniel Mendler <mail <at> daniel-mendler.de>
To: 72319 <at> debbugs.gnu.org
Cc: Stefan Monnier <monnier <at> iro.umontreal.ca>
Subject: bug#72319: ELPA archive download fails with signature error during rebuild
Date: Sat, 27 Jul 2024 12:51:07 +0200

The ELPA archive download fails during package archive rebuilding. The
rebuilding process on the ELPA server happens twice every day (e.g., in
the morning at 09:00 UTC or 11:00 local time in my time zone). As a
package maintainer I receive mails that new package releases have been
created at that time.

When I execute M-x package-upgrade-all shortly afterwards, approximately
in the time frame from 11:00 to 11:10, I observe the following failures:

Failed to download ‘gnu’ archive.
Failed to download ‘nongnu’ archive.

Failed to verify signature archive-contents.sig:
Bad signature from 645357D2883A0966 GNU ELPA Signing Agent (2023) <elpasign <at> elpa.gnu.org>
Command output:
gpg: Signature made Fri 26 Jul 2024 11:10:06 AM CEST
gpg:                using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
gpg: BAD signature from "GNU ELPA Signing Agent (2023) <elpasign <at> elpa.gnu.org>" [unknown]

I've already discussed with Stefan about this problem. The issue seems
to be that the archive-contents file is updated during the archive building
process, while the signature is only updated in the end. Ideally the
update of the archive-contents file should happen a little more
atomically: First build a new archive-contents file, sign it, and then
replace the old files as the final step.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.