From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#22089: installs packages with bad signatures Date: Thu, 03 Dec 2015 18:10:09 -0500 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1449184279 20533 80.91.229.3 (3 Dec 2015 23:11:19 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 3 Dec 2015 23:11:19 +0000 (UTC) To: 22089@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Dec 04 00:11:10 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1a4d1o-0004Hz-MQ for geb-bug-gnu-emacs@m.gmane.org; Fri, 04 Dec 2015 00:11:08 +0100 Original-Received: from localhost ([::1]:37852 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4d1n-0008S1-SL for geb-bug-gnu-emacs@m.gmane.org; Thu, 03 Dec 2015 18:11:07 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44564) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4d1k-0008Rv-4t for bug-gnu-emacs@gnu.org; Thu, 03 Dec 2015 18:11:05 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a4d1i-0000mo-VW for bug-gnu-emacs@gnu.org; Thu, 03 Dec 2015 18:11:04 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:48210) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4d1i-0000mi-SP for bug-gnu-emacs@gnu.org; Thu, 03 Dec 2015 18:11:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1a4d1i-0006Ao-DA for bug-gnu-emacs@gnu.org; Thu, 03 Dec 2015 18:11:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 03 Dec 2015 23:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 22089 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: submit@debbugs.gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.144918421423661 (code B ref -1); Thu, 03 Dec 2015 23:11:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 3 Dec 2015 23:10:14 +0000 Original-Received: from localhost ([127.0.0.1]:37918 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1a4d0w-00069Z-4M for submit@debbugs.gnu.org; Thu, 03 Dec 2015 18:10:14 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:34391) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1a4d0u-00069Q-3A for submit@debbugs.gnu.org; Thu, 03 Dec 2015 18:10:12 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a4d0t-0000Zd-2p for submit@debbugs.gnu.org; Thu, 03 Dec 2015 18:10:12 -0500 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:44625) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4d0s-0000ZX-WA for submit@debbugs.gnu.org; Thu, 03 Dec 2015 18:10:11 -0500 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1a4d0r-00042Y-NW; Thu, 03 Dec 2015 18:10:09 -0500 X-Spook: Jiang Zemin Al Jazeera Trafficking Flood Customs and X-Ran: 4&ZS](%G3"2XUN_+cK=BtJP8t]/%.`Y\vb1wO2h/exFux,C8[Nfe=hJ-;V>%B3$m\a;Zri X-Hue: black X-Attribution: GM User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:109567 Archived-At: Package: emacs Version: 25.0.50 Severity: important Emacs happily installs packages with bad gpg signatures. This has been flagged by the test-suite and automated builds for the past several weeks. (I feel like asking why we even have those things, for all the attention they seem to get.) This seems to be the first failure. http://hydra.nixos.org/build/27800227 Here is the diff from the previous build, with several package changes: http://hydra.nixos.org/api/scmdiff?type=git&rev2=937565268a5dc3377d4c9bff6d48eb3645a77160&rev1=70f1fda4ae6abb5e11dcf281738c25f6f5b06061&uri=git%3A%2F%2Fgit.sv.gnu.org%2Femacs.git&branch= Here's a standalone recipe in the emacs-25 branch: cd test/automated mkdir /tmp/foo HOME=/tmp/foo ../../src/emacs -Q (setq package-archives `(("gnu" . ,(expand-file-name "data/package/signed/")))) (package-import-keyring "data/package/key.pub") (package-initialize) (package-refresh-contents) (package-install 'signed-bad) M-x list-packages -> signed-bad installed