FS#65240 : Allow repo-{add,remove} with key "Foo Bar <foo@bar.com>"

Historical bug tracker for the Pacman package manager.

The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues

This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.

FS#65240 - Allow repo-{add,remove} with key "Foo Bar <foo@bar.com>"

Attached to Project: Pacman
Opened by Johannes Ernst (jernst) - Wednesday, 22 January 2020, 21:11 GMT
Last edited by Allan McRae (Allan) - Friday, 23 December 2022, 15:03 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Recently makepkg has started to emit a warning when the PACKAGER is only an e-mail address ("foo@bar.com") and does not specify a composite with a name ("Foo Bar <foo@bar.com>").

It would be nice if repo-{add,remove} could use the same value as makepkg's PACKAGER for argument --key, e.g. repo-add -k "Foo Bar <foo@bar.com>" ...

This currently fails due to invalid string splitting somewhere in the bash script (create-signature, var SIGNWITHKEY).

This task depends upon

Closed by Allan McRae (Allan)
Friday, 23 December 2022, 15:03 GMT
Reason for closing: Fixed
Additional comments about closing: GPGKEY takes the varied format. PACKAGER is a different field.

Comments (6)
Related Tasks (0/0)

Comment by Allan McRae (Allan) - Thursday, 23 January 2020, 00:10 GMT

The --key argument is implemented as taking PGP key ID. So more like the GPGKEY value in makepkg.conf than the PACKAGER one.

Comment by Johannes Ernst (jernst) - Thursday, 23 January 2020, 00:13 GMT

Maybe GPGKEY then should also work the same way. gpg -u appears to accept either "foo@bar.com" or "Foo Bar <foo@bar.com>".

Comment by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 01:09 GMT

But I'm pretty sure makepkg's --key option doesn't accept this any more than repo-add does.

if ! gpg --list-key ${GPGKEY} &>/dev/null; then

and

if [[ -n $GPGKEY ]]; then
SIGNWITHKEY="-u ${GPGKEY}"
fi

gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?

It's actually the same code used for both, with trivial formatting differences and message output tweaks.

Comment by Johannes Ernst (jernst) - Thursday, 23 January 2020, 20:00 GMT

Maybe there are two things: PACKAGER vs the identifier for the gpg key. Is there any reason why those should have different allowed syntax?

Comment by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 20:19 GMT

For one, PACKAGER definitely cannot use a hexadecimal uid.

Comment by Eli Schwartz (eschwartz) - Monday, 15 June 2020, 21:39 GMT

As of https://git.archlinux.org/pacman.git/commit/?id=899d39b635d46f9e2daff1aada75ea07f08fef64 the $GPGKEY/--key value can contain whitespace and be any valid gnupg argument to -u. This applies to both makepkg and repo-add.

This still doesn't have anything to do with PACKAGER though.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Pacman

FS#65240 - Allow repo-{add,remove} with key "Foo Bar <foo@bar.com>"

Details

Loading...