git-ubuntu

import-local might need gpg key for <email address hidden>

Bug #1705542 reported by Andreas Hasenack
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git-ubuntu
Fix Released
Medium
Nish Aravamudan
git-ubuntu lp-beta

Bug Description

I have this in my ~/.gitconfig:
[commit]
    gpgsign = true

I tried locally importing a dsc file, but it blew up because at some point git needed the private gpg key for the importer ID, which I shouldn't (and don't) have:
$ git ubuntu import-local artful ~/x/libpam-ccreds_10-6build1.dsc
07/20/2017 14:31:45 - INFO:Using git repository at /tmp/tmpshx0pg2c

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

You need a passphrase to unlock the secret key for
user: "Andreas Hasenack <email address hidden>"
1024-bit DSA key, ID F3DDC290, created 2000-03-28

07/20/2017 14:31:50 - ERROR:Command exited 1: git commit-tree e1bf2c71f059a61f5f5d15b944d00fdc288b3afd -F /tmp/tmpqh6vnhs5
07/20/2017 14:31:50 - ERROR:stdout:
07/20/2017 14:31:50 - ERROR:stderr: gpg: skipped "usd-importer <email address hidden>": secret key not available
  gpg: signing failed: secret key not available
  error: gpg failed to sign the data
07/20/2017 14:31:50 - ERROR:Unable to commit tree, savedtemp commit message as /tmp/tmpps110vro
Traceback (most recent call last):
  File "/snap/git-ubuntu/95/gitubuntu/git_repository.py", line 945, in commit_tree_hash
    cp = run(commit_tree, env=commit_env)
  File "/snap/git-ubuntu/95/gitubuntu/run.py", line 67, in run
    raise e
  File "/snap/git-ubuntu/95/gitubuntu/run.py", line 52, in run
    stdout=stdout, stderr=stderr, stdin=stdin)
  File "/snap/git-ubuntu/95/usr/lib/python3.5/subprocess.py", line 708, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['git', 'commit-tree', 'e1bf2c71f059a61f5f5d15b944d00fdc288b3afd', '-F', '/tmp/tmpqh6vnhs5']' returned non-zero exit status 1

Related branches

~nacc/git-ubuntu:lp1705542-do-not-gpg-sign-import-commits
Nish Aravamudan: Approve
Server Team CI bot: Approve (continuous-integration)
Diff: 13 lines (+1/-1)
1 file modified
gitubuntu/git_repository.py (+1/-1)
Revision history for this message
Nish Aravamudan (nacc) wrote : Re: [Bug 1705542] [NEW] import-local might need gpg key for ubuntu-server@lists.ubuntu.com

On 20.07.2017 [17:34:23 -0000], Andreas Hasenack wrote:
> Public bug reported:
>
> I have this in my ~/.gitconfig:
> [commit]
> gpgsign = true

Can you provide the DSC file as an attachment to this bug? And perhaps
the corresponding files for the srcpkg so that is reasonably importable.

Thanks,
Nish

Revision history for this message
Andreas Hasenack (ahasenack) wrote :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :
Revision history for this message
Robie Basak (racb) wrote :

I think that the importer really needs to manually set gpgsign=false for the commits it creates, since the imported commits are supposed (in our design) to be "authored" by their respective original uploaders, and of course we can't sign those. So the importer by design is supposed to be using unsigned commits.

Changed in usd-importer:
status: New → Triaged
importance: Undecided → Medium
milestone: none → 1.0
tags: added: onboarding-ux
Revision history for this message
Nish Aravamudan (nacc) wrote :

+1 -- although import-local is bascially unused right now. I am sure there are other ways to break our UI by having weird .gitconfig options (e.g., the above git-config option should really be more specific than sign all commits, it should be sign commits authored by ... a list of me-aliases).

In any case, this only affects the importer code, so I think we would just wrap git_run in the importer code to set gpgsign=false (we don't want that to necesarily be the case in the repository's .git/config).

Nish Aravamudan (nacc)
Changed in usd-importer:
status: Triaged → In Progress
assignee: nobody → Nish Aravamudan (nacc)
Nish Aravamudan (nacc)
Changed in usd-importer:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.