Re: [PATCH v6 2/4] gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Lehtonen <markus.lehtonen@linux.intel.com>
To: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>,
	 openembedded-core@lists.openembedded.org
Subject: Re: [PATCH v6 2/4] gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor
Date: Tue, 23 Feb 2016 12:26:40 +0200	[thread overview]
Message-ID: <1456223200.2298.41.camel@linux.intel.com> (raw)
In-Reply-To: <ccea554cd4fef5dcffc2e9edfb69a8b606907716.1455895912.git.adrian.ratiu@ni.com>

Hi,

Resending as my I got a strange "Only members may post to the list."
error yesterday...

On Fri, 2016-02-19 at 17:43 +0200, Ioan-Adrian Ratiu wrote:
> Starting from v2.1 passing passwords directly to gpg does not work
> anymore [1], instead a loopback interface must be used otherwise
> gpg >2.1 will error out with:
> "gpg: signing failed: Inappropriate ioctl for device"
> 
> gpg <2.1 does not work with the new --pinentry-mode arg and gives an
> invalid option error, so we detect what is the running version of gpg
> and pass it accordingly.
> 
> [1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
> 
> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
> ---
>  meta/lib/oe/gpg_sign.py | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 
> diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
> index ef47d1a..9f6b0f0 100644
> --- a/meta/lib/oe/gpg_sign.py
> +++ b/meta/lib/oe/gpg_sign.py
> @@ -66,6 +66,12 @@ class LocalSigner(object):
>          if armor:
>              cmd += ['--armor']
>  
> +        #gpg > 2.1 supports password pipes only through the loopback
> interface
> +        #gpg < 2.1 errors out if given unknown parameters
> +        gpg_ver = self.get_gpg_version()
> +        if gpg_ver > 2.1:
> +            cmd += ['--pinentry-mode', 'loopback']
> +

As far as I can tell get_gpg_version returns a string. However, you
compare that with a float. This should give more correct behavior:
+        if gpg_ver > "2.1":



Thanks,
  Markus


>          try:
>              keypipe = os.pipe()
>  
> @@ -99,6 +105,20 @@ class LocalSigner(object):
>              raise Exception("Failed to sign '%s'" % input_file)
>  
>  
> +    def get_gpg_version(self):
> +        """Return the gpg version"""
> +        import subprocess
> +
> +        job = subprocess.Popen([self.gpg_bin, "--version"],
> stdout=subprocess.PIPE)
> +        (stdout, _) = job.communicate()
> +
> +        if job.returncode:
> +            raise bb.build.FuncFailed("Could not get gpg version (is
> %s installed?)" %
> +                                      self.gpg_bin)
> +
> +        return stdout.split()[2]
> +
> +
>      def verify(self, sig_file):
>          """Verify signature"""
>          cmd = self.gpg_bin + " --verify "

next prev parent reply	other threads:[~2016-02-23 10:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-19 15:43 [OE-core][PATCH v6 0/4] IPK signing for the gpg_sign module Ioan-Adrian Ratiu
2016-02-19 15:45 ` [PATCH " Ioan-Adrian Ratiu
2016-02-19 15:43 ` [OE-core][PATCH v6 1/4] gpg_sign: add local ipk package signing functionality Ioan-Adrian Ratiu
2016-02-19 15:45   ` [PATCH " Ioan-Adrian Ratiu
2016-02-23 10:25   ` Markus Lehtonen
     [not found]   ` <1456148023.2298.22.camel@linux.intel.com>
2016-03-01 16:05     ` [OE-core][PATCH " Ioan-Adrian Ratiu
2016-02-19 15:43 ` [OE-core][PATCH v6 2/4] gpg_sign: detach_sign: fix gpg > 2.1 STDIN file descriptor Ioan-Adrian Ratiu
2016-02-19 15:45   ` [PATCH " Ioan-Adrian Ratiu
2016-02-23 10:26   ` Markus Lehtonen [this message]
     [not found]   ` <1456148220.2298.25.camel@linux.intel.com>
2016-02-25  9:27     ` [OE-core][PATCH " Burton, Ross
     [not found]       ` <1456393133.2298.51.camel@linux.intel.com>
2016-02-25  9:42         ` Burton, Ross
2016-02-19 15:43 ` [OE-core][PATCH v6 3/4] gpg_sign: export_pubkey: add signature type support Ioan-Adrian Ratiu
2016-02-19 15:45   ` [PATCH " Ioan-Adrian Ratiu
2016-02-19 15:43 ` [OE-core][PATCH v6 4/4] package_manager: sign IPK package feeds Ioan-Adrian Ratiu
2016-02-19 15:45   ` [PATCH " Ioan-Adrian Ratiu
2016-02-23 10:28 ` [PATCH v6 0/4] IPK signing for the gpg_sign module Markus Lehtonen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1456223200.2298.41.camel@linux.intel.com \
    --to=markus.lehtonen@linux.intel.com \
    --cc=adrian.ratiu@ni.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.