Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many debug lines for signature verification #3328

Open
jaimergp opened this issue Jun 17, 2024 · 1 comment · May be fixed by #3335
Open

Too many debug lines for signature verification #3328

jaimergp opened this issue Jun 17, 2024 · 1 comment · May be fixed by #3335

Comments

@jaimergp
Copy link
Contributor

In v2beta3 I'm seeing millions of lines like these in the CI logs:

debug    libmamba No signatures available for '21cmfast-3.3.1-py310h19eaa8d_0.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py310h19eaa8d_0.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py310h19eaa8d_1.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py310h19eaa8d_1.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py311hc701e3d_0.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py311hc701e3d_0.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py311hc701e3d_1.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py311hc701e3d_1.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py38h0db86a8_0.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py38h0db86a8_0.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py38h0db86a8_1.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py38h0db86a8_1.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py39h72d3284_0.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py39h72d3284_0.conda
debug    libmamba No signatures available for '21cmfast-3.3.1-py39h72d3284_1.conda'. Downloading without verifying artifacts.
debug    libmamba Adding package record to repo 21cmfast-3.3.1-py39h72d3284_1.conda

I think it's printing one for each record found in the repodata, which I feel it's a bit too much. I wonder if we really need those? Maybe a summary would be enough: "Added XXXX package records to repo YYY. ZZZ/XXX are not signed and will be downloaded without verification".

This makes me wonder as well whether signature verification is happening for the whole repodata. This might be too much of an overhead, specially if we consider that we only need to verify the records that are part of the solution. Is it reasonable to defer?
@Hind-M
Copy link
Member

Hind-M commented Jun 17, 2024
edited
Loading

Yeah, those logs were added because the signature verification was recently added in mamba, but I agree that this is too much...
I will send a PR to fix this. Thanks for reporting :)
And IINM, the signature verification is only happening for the requested packages when enabling the verify-artifacts flag.

@jaimergp jaimergp changed the title Too many debug lines for signature verification / defer to the solved solution only? Too many debug lines for signature verification Jun 17, 2024
@jaimergp jaimergp mentioned this issue Jun 18, 2024
Draft
9 tasks
@Hind-M Hind-M linked a pull request Jul 2, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove logs for every package Hind-M/mamba
2 participants
@jaimergp @Hind-M