Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sdist --sign does not work #2102

Closed
wereHamster opened this issue May 5, 2016 · 7 comments
Closed

sdist --sign does not work #2102

wereHamster opened this issue May 5, 2016 · 7 comments
Assignees
@dysinger
Labels
component: signing type: bug
Milestone
P2: Should

Comments

@wereHamster
Copy link 

Error extracting a GPG fingerprint unable to extract fingerprint from output
:

The problem appears to be that stack expects certain output from gpg --verify - <path> (a line with "Primary key fingerprint:") but it's not there. The actual output is this:

$ cat sig | gpg --verify - <path>
gpg: Signature made Thu May  5 13:44:35 2016 CEST using RSA key ID 67FB0B4A
gpg: Good signature from "Tomas Carnecky <...>"

Looking through the code, stack should probably use gpg --status-fd=X insead of parsing the standard output. See also https://www.gnupg.org/documentation/manuals/gnupg/Automated-signature-checking.html and https://www.gnupg.org/documentation/manuals/gnupg/Unattended-Usage.html
@mgsloan mgsloan added this to the P1: Must milestone May 5, 2016
@mgsloan
Copy link
Contributor

mgsloan commented May 5, 2016

Pinging @dysinger

@dysinger dysinger self-assigned this May 9, 2016
@dysinger
Copy link
Contributor

dysinger commented May 9, 2016

If fixed this with a patch to both stable & master (about the same time you filed this). The problem is that the full fingerprint isn't being shown in the sign/verify combo.

If you add

with-fingerprint

to your gpg.conf it will work until we get the next release out. Sorry about this.

@mgsloan
Copy link
Contributor

mgsloan commented May 14, 2016

Seems like this is resolved! Closing

@mgsloan mgsloan closed this as completed May 14, 2016
@qrilka
Copy link
Contributor

qrilka commented Jul 11, 2016

Using stack-1.1.2 I get the same error message.
Adding with-fingerprint to gpg.conf doesn't change the situation

@mgsloan
Copy link
Contributor

mgsloan commented Jul 19, 2016

Pinging @dysinger

@mgsloan mgsloan reopened this Jul 19, 2016
@mgsloan mgsloan modified the milestones: P2: Should, P1: Must Jul 19, 2016
@ju1m
Copy link

ju1m commented Aug 21, 2016

Hit this bug with stack cebe10e845fed4420b6224d97dcabf20477bbd4b, this workaround seems to work: LANG=C stack sdist --sign

@snoyberg
Copy link
Contributor

snoyberg commented Apr 1, 2019

Removing this code in #4677, closing

@snoyberg snoyberg closed this as completed Apr 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dysinger dysinger

Labels
component: signing type: bug
Projects
None yet
Milestone
P2: Should
Development

No branches or pull requests
6 participants
@dysinger @mgsloan @wereHamster @snoyberg @qrilka @ju1m