Pacman

Historical bug tracker for the Pacman package manager.

The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues

This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
Tasklist

FS#65240 - Allow repo-{add,remove} with key "Foo Bar <foo@bar.com>"

Attached to Project: Pacman
Opened by Johannes Ernst (jernst) - Wednesday, 22 January 2020, 21:11 GMT
Last edited by Allan McRae (Allan) - Friday, 23 December 2022, 15:03 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Recently makepkg has started to emit a warning when the PACKAGER is only an e-mail address ("foo@bar.com") and does not specify a composite with a name ("Foo Bar <foo@bar.com>").

It would be nice if repo-{add,remove} could use the same value as makepkg's PACKAGER for argument --key, e.g. repo-add -k "Foo Bar <foo@bar.com>" ...

This currently fails due to invalid string splitting somewhere in the bash script (create-signature, var SIGNWITHKEY).
This task depends upon

Closed by  Allan McRae (Allan)
Friday, 23 December 2022, 15:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  GPGKEY takes the varied format. PACKAGER is a different field.
Comment by Allan McRae (Allan) - Thursday, 23 January 2020, 00:10 GMT
The --key argument is implemented as taking PGP key ID. So more like the GPGKEY value in makepkg.conf than the PACKAGER one.
Comment by Johannes Ernst (jernst) - Thursday, 23 January 2020, 00:13 GMT
Maybe GPGKEY then should also work the same way. gpg -u appears to accept either "foo@bar.com" or "Foo Bar <foo@bar.com>".
Comment by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 01:09 GMT
But I'm pretty sure makepkg's --key option doesn't accept this any more than repo-add does.

if ! gpg --list-key ${GPGKEY} &>/dev/null; then

and

if [[ -n $GPGKEY ]]; then
SIGNWITHKEY="-u ${GPGKEY}"
fi

gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?

It's actually the same code used for both, with trivial formatting differences and message output tweaks.
Comment by Johannes Ernst (jernst) - Thursday, 23 January 2020, 20:00 GMT
Maybe there are two things: PACKAGER vs the identifier for the gpg key. Is there any reason why those should have different allowed syntax?
Comment by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 20:19 GMT
For one, PACKAGER definitely cannot use a hexadecimal uid.
Comment by Eli Schwartz (eschwartz) - Monday, 15 June 2020, 21:39 GMT
As of https://git.archlinux.org/pacman.git/commit/?id=899d39b635d46f9e2daff1aada75ea07f08fef64 the $GPGKEY/--key value can contain whitespace and be any valid gnupg argument to -u. This applies to both makepkg and repo-add.

This still doesn't have anything to do with PACKAGER though.

Loading...