From: Michael J Gruber <git@drmicha.warpmail.net>
To: Jeff King <peff@peff.net>
Cc: Steven Noonan <steven@uplinklabs.net>,
Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: tests do not work with gpg 2.1
Date: Tue, 02 Dec 2014 13:55:31 +0100 [thread overview]
Message-ID: <547DB6C3.5010704@drmicha.warpmail.net> (raw)
In-Reply-To: <20141128165009.GA4728@peff.net>
Jeff King schrieb am 28.11.2014 um 17:50:
> [updated subject, as this is not specific to the v2.2.0 release at all]
>
> On Fri, Nov 28, 2014 at 10:48:51AM +0100, Michael J Gruber wrote:
>
>> Are you running gnome_keyring_deamon by any chance? It think it runs by
>> default in Gnome, claims to offer gpg_agent functionality but does not
>> seem to do so fully. I.e., its presence may keep gpg2.1 from starting
>> its own gpg-agent. But gpg2.1 ("gnupg modern branch") needs a new
>> gpg-agent which knows how to handle secret keys for gpg2.1.
>>
>> (I may take a shot at trying, but I'm on Fedora - they're slow and
>> special in all things gpg/crypto. And compiling gpg2.1 means compiling
>> all the bits and pieces that monster consists of these days...)
>
> I'm not running the gnome daemon (I do normally run gpg-agent, though),
> and I can reproduce.
You get the passphrase prompt, Steven didn't, if I understood correctly.
You can continue successfully by hitting OK, Steven coudn't hit anything...
> I wanted to try experimenting today with making sure GPG_AGENT_INFO was
> unset in the environment. But despite nothing changing (i.e., before I
> even cleared that variable), I'm getting totally different results.
>
> Now when I run t4202, I get no agent prompt, and just:
>
> ok 40 - dotdot is a parent directory
>
> expecting success:
> test_when_finished "git reset --hard && git checkout master" &&
> git checkout -b signed master &&
> echo foo >foo &&
> git add foo &&
> git commit -S -m signed_commit &&
> git log --graph --show-signature -n1 signed >actual &&
> grep "^| gpg: Signature made" actual &&
> grep "^| gpg: Good signature" actual
>
> Switched to a new branch 'signed'
> gpg: skipped "C O Mitter <committer@example.com>": No secret key
> gpg: signing failed: No secret key
> error: gpg failed to sign the data
> fatal: failed to write commit object
That is how things turned for Steven, afaik.
> And then a subsequent run gives me:
>
> rm: cannot remove '/home/peff/compile/git/t/trash directory.t4202-log/gpghome/private-keys-v1.d/19D48118D24877F59C2AE86FEC8C3E90694B2631.key': Permission denied
> rm: cannot remove '/home/peff/compile/git/t/trash directory.t4202-log/gpghome/private-keys-v1.d/E0C803F8BC3BCC4990E174E05936A7636E888899.key': Permission denied
> rm: cannot remove '/home/peff/compile/git/t/trash directory.t4202-log/gpghome/private-keys-v1.d/FCFAC48BF12AC0FCC32B69AB90AA7B1891382C29.key': Permission denied
> rm: cannot remove '/home/peff/compile/git/t/trash directory.t4202-log/gpghome/private-keys-v1.d/D50A866904B91C0C49A3F6059584F4A09807D330.key': Permission denied
> FATAL: Cannot prepare test area
>
> It seems that it creates the private-keys directory without the 'x' bit:
>
> $ ls -ld trash*/gpghome/private-keys-v1.d
> drw------- 2 peff peff 4096 Nov 28 11:45 trash directory.t4202-log/gpghome/private-keys-v1.d/
>
> So that's weird, and doubly so that it is behaving differently than it
> was last night. Obviously _something_ must have change. Maybe something
> related to the state of my running agent, I guess.
>
> -Peff
>
I think if you unset GPG_AGENT_INFO, gpg2.1 thinks there is no agent,
starts it's own and talks to it via a socket directly (no env variable).
Now that one seems come with different options (regarding pinentry) so
that it can't even ask you for a passphrase.
That private-keys directory is from the first run of gpg2.1 on a pre-2.1
GPGHOME. It converts the old secring db to that new dir of entries and
uses that instead.
Regarding the umask: That may actually be fallout from
e7f224f (t/lib-gpg: make gpghome files writable, 2014-10-24)
where I didn't expect directories to be present in gpghome. Maybe i
should change
chmod 0700 gpghome
chmod 0600 gpghome/*
to
chmod -R o+w gpghome/
though I felt somehow safer with the explicit permissions.
Michael
next prev parent reply other threads:[~2014-12-02 12:55 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-26 23:09 [ANNOUNCE] Git v2.2.0 Junio C Hamano
2014-11-27 21:32 ` Steven Noonan
2014-11-28 4:46 ` Jeff King
2014-11-28 9:48 ` Michael J Gruber
2014-11-28 16:50 ` tests do not work with gpg 2.1 Jeff King
2014-12-02 12:55 ` Michael J Gruber [this message]
2014-12-02 13:40 ` [PATCH] t/lib-gpg: adjust permissions for gnupg 2.1 Michael J Gruber
2014-12-02 21:07 ` Jeff King
2014-12-02 23:57 ` Junio C Hamano
2014-12-03 0:05 ` Jeff King
2014-12-03 16:21 ` Junio C Hamano
2014-12-03 11:23 ` Michael J Gruber
2014-12-03 16:45 ` Junio C Hamano
2014-12-02 21:21 ` tests do not work with gpg 2.1 Jeff King
2014-12-02 21:30 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=547DB6C3.5010704@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=steven@uplinklabs.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).