Summary: | improve git gpg checking message | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | SpanKY <vapier> |
Component: | Git | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | CONFIRMED --- | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
SpanKY
2016-01-02 05:38:33 UTC
looks like it went through now. so let's go with feature requests: (1) add to the end of the rejection message something like: If you just update your key in ldap, then it can take ~15 minutes to sync. Please consult <wiki page> for more details. (2) correctly handle unknown keys. the error just says "remote: No signature found" which is clearly incorrect -- it should say something like: Signature found with unknown key 0xXXXXXXXX (In reply to SpanKY from comment #1) > (1) add to the end of the rejection message something like: > If you just update your key in ldap, then it can take ~15 minutes to sync. > Please consult <wiki page> for more details. Messsage added. > (2) correctly handle unknown keys. the error just says "remote: No > signature found" which is clearly incorrect -- it should say something like: > Signature found with unknown key 0xXXXXXXXX The code DOES correctly handle this. Your commit was NOT signed, as evidenced by Git setting GIT_PUSH_CERT_STATUS=N I don't know why your 'git push --signed' did not sign it, but it wasn't a server-side error. Here's the entire script for you (before I changed the message). ===== #!/bin/sh # ---------------------------------------------------------------------- # standard stuff die() { echo "$@" >&2; exit 1; } warn() { echo "$@" >&2; } fail_signed_push() { warn "$@" warn "Your push was not signed with a known key." warn "You must use git push --signed with a known key." for var in \ GIT_PUSH_CERT_KEY \ GIT_PUSH_CERT_NONCE \ GIT_PUSH_CERT_NONCE_SLOP \ GIT_PUSH_CERT_NONCE_STATUS \ GIT_PUSH_CERT_SIGNER \ GIT_PUSH_CERT_STATUS \ ; do warn "Variable $var='${!var}'" done exit 1 } # ---------------------------------------------------------------------- case $GIT_PUSH_CERT_STATUS in # Good G) ;; # Bad B) fail_signed_push "Bad signature" ;; # Untrusted good U) ;; # TODO: deny this later #U) fail_signed_push "Good but untrusted signature" ;; # No signature N) fail_signed_push "No signature found" ;; # Future-proof *) fail_signed_push "Unknown GIT_PUSH_CERT_STATUS" ;; esac exit 0 ==== (In reply to Robin Johnson from comment #2) i'm pretty sure it was signed. i ran a script: while ! git push --signed ; do sleep 5m ; done it failed a few times before working. i doubt something on my side randomly started signing. |