From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id WEbvEqonhWImhgAAbAwnHQ (envelope-from ) for ; Wed, 18 May 2022 19:06:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id kGfhEqonhWJYNAAAauVa8A (envelope-from ) for ; Wed, 18 May 2022 19:06:50 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 860D52BB47 for ; Wed, 18 May 2022 19:06:49 +0200 (CEST) Received: from localhost ([::1]:42682 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nrN8I-0002hm-Fa for larch@yhetil.org; Wed, 18 May 2022 13:06:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58732) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7b-0002gG-0e for bug-guix@gnu.org; Wed, 18 May 2022 13:06:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39492) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nrN7a-0003Hf-FC for bug-guix@gnu.org; Wed, 18 May 2022 13:06:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nrN7a-0004at-AR for bug-guix@gnu.org; Wed, 18 May 2022 13:06:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#55506: =?UTF-8?Q?=E2=80=98tests/channels.scm=E2=80=99?= and =?UTF-8?Q?=E2=80=98tests/git-authenticate.scm=E2=80=99?= GPG-related test failures Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 18 May 2022 17:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55506 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 55506@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165289354917637 (code B ref -1); Wed, 18 May 2022 17:06:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 May 2022 17:05:49 +0000 Received: from localhost ([127.0.0.1]:33389 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7M-0004aO-B2 for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:42464) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nrN7K-0004aF-1y for submit@debbugs.gnu.org; Wed, 18 May 2022 13:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0002Sd-O6 for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35080) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN7J-0003CP-CK for bug-guix@gnu.org; Wed, 18 May 2022 13:05:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=+rxvL1mC0hYB5au5tQa6hzM0FLvXm5nJEE4cXVSkt1w=; b=biWQwKD2qFB1/j 3xf98LK6wM7KPnOeKkHYOiS0KBY7QCvAYVGk/epoXL0UHyspdchvGBYtk5MxN8uFbWlxwX1Txjw15 OoiPcXBisz+s6vjTIqRZbJcVVMShyNR+w9b070UuMTjy8jLj6qDN0uPztg68a/3Wb8Aq+Z+ViRAu2 +7K7HA/x4gis/kY5k7wc197jh35jr+eCPyGceZ6vnjaJpja8Mp6TcKiBz/+iIBCgbF1Uzikf4tmw+ QGWhBrQdEJZKPzk/hwiykwGY/QkzeMls7fD17bWZn2JFbFf5CSxz6wLSmsL9v+ToUbuo5VrX71isM 692AHihf6X5nPEk0jUgQ==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49374 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nrN73-0007EI-Pm for bug-guix@gnu.org; Wed, 18 May 2022 13:05:40 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 29 =?UTF-8?Q?Flor=C3=A9al?= an 230 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 18 May 2022 19:05:28 +0200 Message-ID: <87y1yy22lj.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1652893610; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=+rxvL1mC0hYB5au5tQa6hzM0FLvXm5nJEE4cXVSkt1w=; b=lhJD8FeM+7LwBmGPIemoy9JdX6XS3Joh+TP/njC7lvV2NlAcWgmQSrbkUo9gbcIUcE6kxp yB13WnMp7t08WfT97nmhmufhHwk1X+UccaXoZyNCMvweRYjvvx+TbOjffiXrfb8Sx22NaE WQMXdk8ufkp1FkzKYN/s4JPsCCEBHKERtoZLXTbsvbxzZ1QUNrfcQw2ZFrRnj7lcWJKaEQ Qw+iuNJDfo0gBf3ah0xQKCEs+tVwZq3w4HjbleDloLO4zJaHDfOmiYHT5hbmZdkAmhkOT0 OI5E2K1s43MSifqIzqibYgm/ZvXQQWIkqSTdmFSS+2bhpGuBq0Y1gc4adCexUg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1652893610; a=rsa-sha256; cv=none; b=ogTXv2TjAfox++p5emkrRE2dF+G8aIKambYx14kpHDxS5LE1vY/+Nff2FDXvpp+EfDsgZI Znq04NVI6MUaQIt/x5h5r9aVQN1/Ye6L+F1J51qUjq8Jn4JwyH53VJ8rNE3Xybh1V20joh 7kxTM+jLJ08SE2YTCFkrkWz9uL5X+5bL+9WyLwF62oCrk4a7zzwxFYkfwvSdONN/aT7rAh IhMgHQzYNNSkHVXJJuGI0AcL9niamZYTuJwl6ohIfoql9VrsXjBxlJGkubpqyPgr6REn3W 3keQdU39SkdByocMEQBgN8cC4Q4n0/B7CCWVPFiPTOq9UbZ/j6klqFlv31kkCg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=biWQwKD2; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.44 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=biWQwKD2; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 860D52BB47 X-Spam-Score: -2.44 X-Migadu-Scanner: scn1.migadu.com X-TUID: 89meZmNWG91s Hi! Since recently, some authentication-related tests in =E2=80=98tests/channels.scm=E2=80=99 and =E2=80=98tests/git-authenticate.sc= m=E2=80=99 fail for me: --8<---------------cut here---------------start------------->8--- gpg: keybox '/tmp/guix-directory.9C2KC5/pubring.kbx' created gpg: /tmp/guix-directory.9C2KC5/trustdb.gpg: trustdb created gpg: key 771F49CBFAAE072D: public key "Ed Two-Fifty " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 771F49CBFAAE072D: "Ed Two-Fifty " not c= hanged gpg: key 771F49CBFAAE072D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 gpg: key 82240EDCAB80DA83: public key "Charlie Guix " = imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 82240EDCAB80DA83: "Charlie Guix " not changed gpg: key 82240EDCAB80DA83: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 hint: Using 'master' as the name for the initial branch. This default branc= h name hint: is subject to change. To configure the initial branch name to use in = all hint: of your new repositories, which will suppress this warning, call: hint:=20 hint: git config --global init.defaultBranch hint:=20 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this comman= d: hint:=20 hint: git branch -m Initialized empty Git repository in /tmp/guix-directory.y6IOfw/.git/ error: gpg failed to sign the data fatal: failed to write commit object test-name: authenticate-channel, wrong first commit signer location: /home/ludo/src/guix/tests/channels.scm:479 source: + (test-equal + "authenticate-channel, wrong first commit signer" + #t + (with-fresh-gnupg-setup + (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (with-temporary-git-repository + directory + `((add ".guix-channel" + ,(object->string + '(channel + (version 0) + (keyring-reference "master")))) + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint %ed25519-public-key-file) + (name "Charlie")))))) + (add "signer.key" + ,(call-with-input-file + %ed25519-public-key-file + get-string-all)) + (commit + "first commit" + (signer + ,(key-fingerprint %ed25519-public-key-file))) + (add "random" ,(random-text)) + (commit + "second commit" + (signer + ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository + directory + repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (intro (make-channel-introduction + (commit-id-string commit1) + (openpgp-public-key-fingerprint + (read-openpgp-packet %ed25519-2-public-key-file= )))) + (channel + (channel + (name 'example) + (url (string-append "file://" directory)) + (introduction intro)))) + (guard (c ((formatted-message? c) + (and (string-contains + (formatted-message-string c) + "initial commit") + (equal? + (formatted-message-arguments c) + (list (oid->string (commit-id commit1)) + (key-fingerprint %ed25519-public-key-fi= le) + (key-fingerprint + %ed25519-2-public-key-file)))))) + (authenticate-channel + channel + directory + (commit-id-string commit2) + #:keyring-reference-prefix + "") + 'failed)))))) expected-value: #t actual-value: #f actual-error: + (%exception + #<&invoke-error program: "git" arguments: ("-C" "/tmp/guix-directory.y6= IOfw" "commit" "-m" "first commit" "--gpg-sign=3D44D3 1E21 AF71 38F9 B632 = 280A 771F 49CB FAAE 072D") exit-status: 128 term-signal: #f stop-signal: #f= >) result: FAIL --8<---------------cut here---------------end--------------->8--- Notice =E2=80=9Cerror: gpg failed to sign the data=E2=80=9D, which comes fr= om Git. When stracing, we see this: --8<---------------cut here---------------start------------->8--- 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAA= E072D 3", 66) =3D 66 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A77= 1F49CBFAAE072D 3\n", 8192) =3D 67 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 read(3, "", 8192) =3D 0 13587 brk(0x13bf000) =3D 0x13bf000 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAA= E 072D\": Unusable secret key", 86) =3D 86 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F= 49CB FAAE 072D\": Unusable secret key\n", 12245) =3D 87 13587 write(2, "[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A 771F 49C= B FAAE 072D", 70 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 70 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A= 771F 49CB FAAE 072D\n", 12158) =3D 71 13587 write(2, "[GNUPG:] FAILURE sign 54", 24 13581 poll([{fd=3D5, events=3DPOLLIN}, {fd=3D7, events=3DPOLLIN}], 2, -1 13587 <... write resumed>) =3D 24 13581 <... poll resumed>) =3D 1 ([{fd=3D7, revents=3DPOLLIN}]) 13587 write(2, "\n", 1 13581 read(7, 13587 <... write resumed>) =3D 1 13581 <... read resumed>"[GNUPG:] FAILURE sign 54\n", 12087) =3D 25 13587 write(2, "gpg: signing failed: Unusable secret key", 40 --8<---------------cut here---------------end--------------->8--- It=E2=80=99s not clear to me why we get =E2=80=9CUnusable secret key=E2=80= =9D. I suppose this came up as a result of a recent Git or GnuPG update. This is with: --8<---------------cut here---------------start------------->8--- $ gpg --version gpg (GnuPG) 2.2.32 libgcrypt 1.8.8 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/ludo/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ git --version git version 2.36.0 $ guix describe Generation 214 May 02 2022 21:44:14 (current) guix 6b588da repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 6b588da368c77cde82ea2f22ca315116228777ad --8<---------------cut here---------------end--------------->8--- (The =E2=80=98guix=E2=80=99 package skips these tests because it lacks depe= ndencies on Git and GnuPG.) Ludo=E2=80=99.