From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: pre-push signature hook error reporting [was Re: [PATCH v6] gnu: python-sphinx: Update to 1.4.8.] Date: Tue, 17 Jan 2017 14:38:11 -0500 Message-ID: <20170117193811.GA6560@jasmine> References: <20170105161431.9803-1-dannym@scratchpost.org> <878tqpjw93.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <8760lj5eb6.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170113152400.GA24322@jasmine> <20170117031414.GB23513@jasmine> <20170117123424.714a23b5@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44178) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cTZaF-0000NF-7p for guix-devel@gnu.org; Tue, 17 Jan 2017 14:38:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cTZaA-0007X4-D1 for guix-devel@gnu.org; Tue, 17 Jan 2017 14:38:19 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:57924) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cTZaA-0007Wh-6t for guix-devel@gnu.org; Tue, 17 Jan 2017 14:38:14 -0500 Content-Disposition: inline In-Reply-To: <20170117123424.714a23b5@scratchpost.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Danny Milosavljevic Cc: guix-devel@gnu.org On Tue, Jan 17, 2017 at 12:34:28PM +0100, Danny Milosavljevic wrote: > Leo Famulari wrote: > > In Git 2.11.0, it seems that `git verify-commit` can't tell the user > > which commits failed verification: > > We should report that upstream and add the one line that does tell the > user which commits failed verification upstream (for example print > argv[i-1] in line 92). Well, it does print the output of `gpg`, but parsing that is error-prone. I'm sure Git would take a patch that did the right thing, however. > Uhhh it's already very slow... so even slower doesn't matter anymore > (HIG guideline maximum duration is 2 seconds, so we are way off > anyhow). Do you notice it in practice? Or do you mean that 40 seconds is already very slow? Remember that typical usage does not involve checking every commit, but only the handful of new commits; this is *much* faster. Checking all commits is just the benchmark I chose before starting because I wanted any performance difference to be starkly illustrated. > Do we think that failures are likely? Yes, we've seen *bad* signatures pushed to Savannah recently, so I think it's important for everyone to check their commits before pushing. > Also, git seems to invoke the gpg executable for each and every > commit. It would be interesting whether gpg-interface.c > verify_signed_buffer could be adapted to either invoke gpg once or to > just use a library instead (gpgme ?). Indeed, that would be better. > Long term we could also cache the checking result - I think that's > something more difficult in the face of keys that expire. It would > have to store at least the expiration date, the public key and the > list of commit hashes that were checked and validated successfully. Agreed. But this hook is only a convenience tool to prevent mistakes. We need to revamp `guix pull` to handle this properly.