From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: Bad signature on commit 6a34f4ccc8a5d (gnu:
	python-prompt-toolkit: Update to 1.0.9.)
Date: Thu, 29 Dec 2016 12:13:21 -0500
Message-ID: <20161229171321.GA7043@jasmine>
References: <20161229021015.GA16162@jasmine> <20161229024733.GA9193@jasmine>
	<20387f2e-ea7d-fb62-5b2f-09ec3e0a37f2@tobias.gr>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="Pd0ReVV5GZGQvF3a"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34960)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cMeGd-0008KF-ND
	for guix-devel@gnu.org; Thu, 29 Dec 2016 12:13:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cMeGa-0004lq-J0
	for guix-devel@gnu.org; Thu, 29 Dec 2016 12:13:27 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:47577)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1cMeGa-0004ld-AQ
	for guix-devel@gnu.org; Thu, 29 Dec 2016 12:13:24 -0500
Content-Disposition: inline
In-Reply-To: <20387f2e-ea7d-fb62-5b2f-09ec3e0a37f2@tobias.gr>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: guix-devel@gnu.org


--Pd0ReVV5GZGQvF3a
Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 29, 2016 at 04:04:49AM +0100, Tobias Geerinckx-Rice wrote:
> Signing seems to fail both seldom and pseudo-randomly. Oh, and
> silently[1]. My favourite kind of bug.
>=20
> I'm guessing this is what happens:
>=20
>   $
>   $ git commit, am or cherry-pick && git log --show-signatures
>       ...everything looks good and signed! Let's push!
>   $ git fetch --all && git rebase upstream/master
>       ...now signing some non-HEAD commit silently fails...
>   $ git push upstream
>       ...badness.
>=20
> Good night,
>=20
> T G-R
>=20
> [1]: until you check the log, of course.
>=20
> PS:
>   nckx@ubuntu~$ $ /usr/bin/gpg2 --version
>   gpg (GnuPG) 2.1.15
>   libgcrypt 1.7.2-beta
> but I doubt that matters much now. I don't use Guix's gpg [yet].

It would be nice to figure out why it fails. It seems specific to your
setup somehow (since there are no other broken signatures in the log),
but I have no idea where to start. Perhaps with the beta version of
libgcrypt.

Especially since it seems specific to your setup, can you evaluate the
pre-push hook that's attached, and start using the hook if you're
satisfied that it's correct?

--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=pre-push

#!/bin/sh

# A hook script that prevents the user from pushing unsigned commits.

# Called by "git push" after it has checked the remote status, but before
# anything has been pushed.  If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>

z40=0000000000000000000000000000000000000000

# Only use the hook when pushing to Savannah.
case "$2" in
*git.sv.gnu.org*)
	break
	;;
*)
	exit 0
	;;
esac

while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Check if push candidate commits are PGP signed.
		git verify-commit $(git rev-list $range) >/dev/null 2>&1

		exit $?
	fi
done

exit 0

--6c2NcOVqGQ03X4Wi--

--Pd0ReVV5GZGQvF3a
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhlRDEACgkQJkb6MLrK
fwis5Q/+PwBW945F8sxC29qO64w1Y65JxSz2tvQKnvxq0yjMwRzVEafmzDAIz1PW
j65nvWNltetzVDeQkAS98MLOxwVL6LpDV8Rp8nc0ZDOJdGX6dXHBwsZxhtmH4Vm7
DqqePOeV40i6oe19St9AXL1xX4RpnHW4kOT0mKBD7Zxn1tmSq0+cGgIP8JFoxKdH
xpPHP/UWO6+Vv1DoD1f80t4KsOwXES/07zLveoINRbJDMrcXgckTCyk7GX6KheRu
UfR3zLXk59lZ2finTgXaq1jpEUhWumfKnINOYucSB+yt1hnAEd/lSoD731xmzoFc
v1ZVRV3Afd4ta2eHh8YOYXxCvXIsR/gpZTf40L1NmTEEpoeqimVkSEIRnsB0ovUK
tuk6zqwde0atPDZ3CViWyw/PdF8+X9PAiUyzB3ko5cAVngueQlRVoO4WhHiSEe9k
eFDtIbIMGar8qH25zH59tD2kuA7DxWlixBOxqqCeimcjU/v5MaS91giKLtOaca0y
jnso0ngSarPs2twJ71qqWEPnB9pihGT3QmJgajttlf+6n84GXuGFViJnK+Ea0QwW
pfLZf8Mvs25Li7+r39lSKEJ9cIjAwMEL99gtvjrKSMCA1YIb5KfXSKW9IzVVClEJ
u3LYF2LguC2uE93zmHpXlWMsEdvoPbnRk7PvW8RKTj/ztrYK8ac=
=sNjB
-----END PGP SIGNATURE-----

--Pd0ReVV5GZGQvF3a--