From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#28202: 26.0.50; Loading package.el should not start a subprocess Date: Mon, 15 Jul 2019 14:05:00 +0200 Message-ID: <87y30zbj0z.fsf@mouse.gnus.org> References: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="8080"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 28202@debbugs.gnu.org To: Philipp Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jul 15 14:06:08 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hmzk8-0001xA-QF for geb-bug-gnu-emacs@m.gmane.org; Mon, 15 Jul 2019 14:06:08 +0200 Original-Received: from localhost ([::1]:37964 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hmzk7-0004MZ-MQ for geb-bug-gnu-emacs@m.gmane.org; Mon, 15 Jul 2019 08:06:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:59198) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hmzk3-0004KZ-Q1 for bug-gnu-emacs@gnu.org; Mon, 15 Jul 2019 08:06:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hmzk2-0004sG-9x for bug-gnu-emacs@gnu.org; Mon, 15 Jul 2019 08:06:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:37931) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hmzk2-0004s5-5s for bug-gnu-emacs@gnu.org; Mon, 15 Jul 2019 08:06:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hmzk1-0004pa-Ti for bug-gnu-emacs@gnu.org; Mon, 15 Jul 2019 08:06:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 15 Jul 2019 12:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28202 X-GNU-PR-Package: emacs Original-Received: via spool by 28202-submit@debbugs.gnu.org id=B28202.156319230918460 (code B ref 28202); Mon, 15 Jul 2019 12:06:01 +0000 Original-Received: (at 28202) by debbugs.gnu.org; 15 Jul 2019 12:05:09 +0000 Original-Received: from localhost ([127.0.0.1]:46749 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hmzjA-0004ng-Jl for submit@debbugs.gnu.org; Mon, 15 Jul 2019 08:05:09 -0400 Original-Received: from quimby.gnus.org ([80.91.231.51]:41522) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hmzj7-0004nU-Ot for 28202@debbugs.gnu.org; Mon, 15 Jul 2019 08:05:06 -0400 Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hmzj3-0007Gm-5Q; Mon, 15 Jul 2019 14:05:03 +0200 In-Reply-To: (Philipp's message of "Wed, 23 Aug 2017 12:13:44 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:163095 Archived-At: Philipp writes: > Loading package.el initializes the variable `package-check-signature', > which starts a GnuPG subprocess. This process might then be affected by > https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1285390, causing > infinite hangs that can only be worked around by restarting the > machine. I think that in general loading packages should not start > subprocesses to increase robustness. Possible the initialization of > `package-check-signature' should be delayed until signature checks are > actually attempted. Yes, definitely. Packages should never execute anything when loaded -- and especially not something as complicated as gpg. Does the following patch make sense? It defaults the value to allow-unsigned, which will then lead to the epg checking being run (which will execute gpg). The execution is cached in epg, though, so it'll just be run once anyway. This does mean though, that if you don't have gpg installed, the `package-check-signature' value will still be `allow-signature', but it'll act as if it's nil. Currently, it would default to nil, and that may be confusing. Perhaps I could change the default to 'check-available or something and then actually set the variable if it is that? Opinions? diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 9a350aadac..c4309b700e 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -331,10 +331,7 @@ package-gnupghome-dir :risky t :version "26.1") -(defcustom package-check-signature - (if (and (require 'epg-config) - (epg-find-configuration 'OpenPGP)) - 'allow-unsigned) +(defcustom package-check-signature 'allow-unsigned "Non-nil means to check package signatures when installing. More specifically the value can be: - nil: package signatures are ignored. @@ -353,6 +350,14 @@ package-check-signature :risky t :version "27.1") +(defun package-check-signature () + (if (eq package-check-signature 'allow-unsigned) + (progn + (require 'epg-config) + (and (epg-find-configuration 'OpenPGP) + 'allow-unsigned)) + package-check-signature)) + (defcustom package-unsigned-archives nil "List of archives where we do not check for package signatures." :type '(repeat (string :tag "Archive name")) @@ -1279,15 +1284,15 @@ package--check-signature-content (dolist (sig (epg-context-result-for context 'verify)) (if (eq (epg-signature-status sig) 'good) (push sig good-signatures) - ;; If package-check-signature is allow-unsigned, don't + ;; If `package-check-signature' is allow-unsigned, don't ;; signal error when we can't verify signature because of ;; missing public key. Other errors are still treated as ;; fatal (bug#17625). - (unless (and (eq package-check-signature 'allow-unsigned) + (unless (and (eq (package-check-signature) 'allow-unsigned) (eq (epg-signature-status sig) 'no-pubkey)) (setq had-fatal-error t)))) (when (or (null good-signatures) - (and (eq package-check-signature 'all) + (and (eq (package-check-signature) 'all) had-fatal-error)) (package--display-verify-error context sig-file) (signal 'bad-signature (list sig-file))) @@ -1318,7 +1323,7 @@ package--check-signature :async async :noerror t ;; Connection error is assumed to mean "no sig-file". :error-form (let ((allow-unsigned - (eq package-check-signature 'allow-unsigned))) + (eq (package-check-signature) 'allow-unsigned))) (when (and callback allow-unsigned) (funcall callback nil)) (when unwind (funcall unwind)) @@ -1602,7 +1607,7 @@ package--download-one-archive (local-file (expand-file-name file dir))) (when (listp (read content)) (make-directory dir t) - (if (or (not package-check-signature) + (if (or (not (package-check-signature)) (member name package-unsigned-archives)) ;; If we don't care about the signature, save the file and ;; we're done. @@ -1654,7 +1659,7 @@ package-refresh-contents (let ((default-keyring (expand-file-name "package-keyring.gpg" data-directory)) (inhibit-message (or inhibit-message async))) - (when (and package-check-signature (file-exists-p default-keyring)) + (when (and (package-check-signature) (file-exists-p default-keyring)) (condition-case-unless-debug error (package-import-keyring default-keyring) (error (message "Cannot import default keyring: %S" (cdr error)))))) @@ -1901,7 +1906,7 @@ package-install-from-archive (file (concat (package-desc-full-name pkg-desc) (package-desc-suffix pkg-desc)))) (package--with-response-buffer location :file file - (if (or (not package-check-signature) + (if (or (not (package-check-signature)) (member (package-desc-archive pkg-desc) package-unsigned-archives)) ;; If we don't care about the signature, unpack and we're -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no