Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 208135 - repoman is incorrectly skipping Manifest signing when commit is done from category dir
Summary: repoman is incorrectly skipping Manifest signing when commit is done from cat...
Status: RESOLVED WONTFIX
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Repoman (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-30 05:01 UTC by Tavis Rudd
Modified: 2022-07-12 03:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Rudd 2008-01-30 05:01:27 UTC 
Repoman skips Manifest signing if the developer is in a category directory when they issue the commit command.  Thus, many developers are probably configuring repoman to sign Manifests, assuming that it is, and then not noticing that it decided to skip the signing.  Repoman should be tweaked to correctly handle this.

Less than 50% of recently updated Manifests have been signed.  See http://forums.gentoo.org/viewtopic-p-4794095.html#4794095 for more stats on Manifest signing.  If you look at the commits on sys-libs/ncurses/Manifest you see that it flips back and forth between signed and unsigned even though all the  devs were using repoman
http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-libs/ncurses/Manifest?rev=1.214&view=log

The relevant code starts on line 2082: 
"... # Force an unsigned commit when more than one Manifest needs to be signed. ..."


Reproducible: Always

Steps to Reproduce:
Comment 1 Zac Medico gentoo-dev 2008-01-31 03:27:49 UTC 
I've tried to test this by doing a category level commit in --pretend mode and it printed out all the expected gpg commands to sign the manifests. However, the code will bail out on the manifest commit if any kind of error occurs during the signing. Did you receive any error message when this happened to you?
Comment 2 Tavis Rudd 2008-01-31 03:46:54 UTC 
I might be misreading the code, but it seems in the case of a category level commit it does the Manifest commit first on line 2092, sets manifest_commit_required=False, and then continues on to sign it on lines 2110 onwards.  If I'm reading this right, the final commit would do nothing since the commit has already been done.  

Lines 2082-2101 look like vestigial code that can be removed, as lines 2110 onwards do what 2082 claims it can't.

I'm not a gentoo dev so I can't actually test it live.
Comment 3 Chris Gianelloni 2009-08-31 19:41:47 UTC 
Well, you only need *a* repository with ebuilds to test this.  You do not necessarily need *Gentoo's* repository.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-04-06 23:45:41 UTC 
Is this still a problem? I'll review soon.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-12 03:18:22 UTC 
repoman support has been removed per bug 835013.

Please file a new bug (or, I suppose, reopen this one) if you feel this check is still applicable to pkgcheck and doesn't already exist.