From gwking at metabang.com Wed Sep 6 19:43:41 2006 From: gwking at metabang.com (Gary King) Date: Wed, 6 Sep 2006 15:43:41 -0400 Subject: [asdf-install-devel] Suggestion for key-not-found message In-Reply-To: <20060831205316.215870@gmx.net> References: <20060831205316.215870@gmx.net> Message-ID: <9E823B4A-0744-4F1E-BFDE-BAF7A3C10254@metabang.com> Hi Florian, Thanks for these comments and corrections for ASDF-Install. I'll try to incorporate these tonight. On Aug 31, 2006, at 4:53 PM, Florian Jenn wrote: > Hi, > > thanks for asdf-install! > > I just downloaded gzipped tar of asdf-install from http://common- > lisp.net/project/asdf-install/ and would like to make a small > suggestion. (Hope this wasn't already addressed elsewhere.) > > When a GPG key is missing, the key-not-found condition prints a > slightly strange report: > > No key found for key id 0x(DE0FE85FD83A7DA1 17 2 00 1100902426 > 9). Try some command like > gpg --recv-keys 0x(DE0FE85FD83A7DA1 17 2 00 1100902426 9) > > Taking the car of errsig in verify-gpg-signature/string would fix > this: > > ;; test for obvious key/sig problems > (let ((errsig (header-value :errsig tags))) > (and errsig (error 'key-not-found :key-id (car errsig)))) > > Additionally, I've found that (at least with the Slime debugger, > running CMUCL) *print-circle* has to be turned off, to avoid "#1#" > output. > > Further on, ~/.asdf-install-dir is not created when asdf-install > ask whether to create the trusted-uids.lisp file. > > Also, *gnu-tar-program* should be "/bin/tar", otherwise asdf- > install isn't able to find this command. E.g.: > > Warning: Cannot find tar command "tar" > > Error in function ASDF-INSTALL::EXTRACT: > Unable to extract tarball CHEMICAL-COMPOUNDS.asdf-install-tmp. > > > My system: > > Debian Sarge 3.1 > Slime version: Paul van Eynde's Debian package version > 1:20060618-0bpo1 > CMU Common Lisp CVS 19c 19c-release-patch-1 + minimal debian > patches (19C) > GPG: 1.4.1 > > > Yours, > Florian > -- > > > Echte DSL-Flatrate dauerhaft f?r 0,- Euro*. Nur noch kurze Zeit! > "Feel free" mit GMX DSL: http://www.gmx.net/de/go/dsl > _______________________________________________ > asdf-install-devel mailing list > asdf-install-devel at common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/asdf-install-devel From gwking at metabang.com Fri Sep 8 05:39:13 2006 From: gwking at metabang.com (Gary King) Date: Fri, 8 Sep 2006 01:39:13 -0400 Subject: [asdf-install-devel] Suggestion for key-not-found message In-Reply-To: <20060831205316.215870@gmx.net> References: <20060831205316.215870@gmx.net> Message-ID: Hi Florian, I'm going through your notes below and adding the changes to ASDF- Install. They are all very helpful. Thanks, On Aug 31, 2006, at 4:53 PM, Florian Jenn wrote: > thanks for asdf-install! Thanks but the true heros are Dan Barlow and Edit Weitz. > When a GPG key is missing, the key-not-found condition prints a > slightly strange report: > > No key found for key id 0x(DE0FE85FD83A7DA1 17 2 00 1100902426 > 9). Try some command like > gpg --recv-keys 0x(DE0FE85FD83A7DA1 17 2 00 1100902426 9) This has bugged me for a while but I've never felt certain that it wasn't correct (though odd looking) gpg syntax. I'm glad I'm not the only one. > Further on, ~/.asdf-install-dir is not created when asdf-install > ask whether to create the trusted-uids.lisp file. I'm adding a call to ensure-directories-exist. > Also, *gnu-tar-program* should be "/bin/tar", otherwise asdf- > install isn't able to find this command. E.g.: Yes! -- Gary Warren King, metabang.com (413) 885 9127, gwkkwg on Skype -------------- next part -------------- An HTML attachment was scrubbed... URL: From gwking at metabang.com Sat Sep 9 23:24:48 2006 From: gwking at metabang.com (Gary King) Date: Sat, 9 Sep 2006 19:24:48 -0400 Subject: [asdf-install-devel] Re: Patch for asdf-install verify bug In-Reply-To: References: <025ED800-5ABA-4990-A5A0-1D2149D3F840@gmail.com> <1431421B-6676-45B7-B251-B2383B78C2A2@metabang.com> Message-ID: On Sep 8, 2006, at 9:48 AM, Daniel Dickison wrote: > Hey! Well that would be the reason: my copy of installer.lisp > doesn't have > (return-from verify t) > after (close stream) at ;;; B. This is from the most current > version from the common-lisp.net darcs repository. Oh no. My bad and my apologies. -- Gary Warren King, metabang.com (413) 885 9127, gwkkwg on Skype -------------- next part -------------- An HTML attachment was scrubbed... URL: From pjb at informatimago.com Fri Sep 15 23:43:45 2006 From: pjb at informatimago.com (Pascal Bourguignon) Date: Sat, 16 Sep 2006 01:43:45 +0200 (CEST) Subject: [asdf-install-devel] darcs patch: Removed an infinite loop in verify-gpg-signature/url Message-ID: <20060915234345.597009001@thalassa.informatimago.com> Sat Sep 16 01:43:01 CEST 2006 Pascal Bourguignon * Removed an infinite loop in verify-gpg-signature/url -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 8002 bytes Desc: A darcs patch for your repository! URL: From pjb at informatimago.com Fri Sep 15 23:40:54 2006 From: pjb at informatimago.com (Pascal Bourguignon) Date: Sat, 16 Sep 2006 01:40:54 +0200 (CEST) Subject: [asdf-install-devel] Infinite loop in VERIFY-GPG-SIGNATURE/URL Message-ID: <20060915234054.C4EB69001@thalassa.informatimago.com> When (VERIFY-GPG-SIGNATURES-P URL) return NIL (for example, when *VERIFY-GPG-SIGNATURES* is NIL), the following function never exits. (defun verify-gpg-signature/url (url file-name) (block verify (loop (restart-case (when (verify-gpg-signatures-p url) (let ((sig-url (concatenate 'string url ".asc"))) (destructuring-bind (response headers stream) (url-connection sig-url) (unwind-protect (flet (#-:digitool (read-signature (data stream) (read-sequence data stream)) #+:digitool (read-signature (data stream) (multiple-value-bind (reader arg) (ccl:stream-reader stream) (let ((byte 0)) (dotimes (i (length data)) (unless (setf byte (funcall reader arg)) (error 'download-error :url sig-url :response 200)) (setf (char data i) (code-char byte))))))) (if (= response 200) (let ((data (make-string (parse-integer (header-value :content-length headers) :junk-allowed t)))) (read-signature data stream) (verify-gpg-signature/string data file-name)) (error 'download-error :url sig-url :response response))) (close stream))))) (install-anyways (&rest rest) :report "Don't check GPG signature for this package" (declare (ignore rest)) (return-from verify t)) (retry-gpg-check (&rest args) :report "Retry GPG check \(e.g., after fixing the network connection\)" (declare (ignore args)) nil))))) I'd sugest to do the test first thing: (when (verify-gpg-signatures-p url) (loop (restart-case ... ))) Also, the RETURN-FROM could use the function block name, or LOOP could be named: (LOOP :NAMED VERIFY :DO ...). -- __Pascal Bourguignon__ http://www.informatimago.com/ Small brave carnivores Kill pine cones and mosquitoes Fear vacuum cleaner From gwking at metabang.com Sat Sep 16 18:31:23 2006 From: gwking at metabang.com (Gary King) Date: Sat, 16 Sep 2006 14:31:23 -0400 Subject: [asdf-install-devel] Infinite loop in VERIFY-GPG-SIGNATURE/URL In-Reply-To: <20060915234054.C4EB69001@thalassa.informatimago.com> References: <20060915234054.C4EB69001@thalassa.informatimago.com> Message-ID: <032AF1BC-779E-466D-9BFD-0C1167ACB73A@metabang.com> Hi Pascal, Right you are. Thanks and thanks for the patch. I'm unburying my old GPG key at the moment (hard drive failure / backup mistake -- whoopts) so I can't update the ASDF-Installable version at the moment. I'm also in the midst of refactoring a bunch of the GPG code so that this patch no longer applies. I will, however, add a test to make sure that things work regardless of whether or not verify-gpg-signatures-p returns t or nil. thanks again, On Sep 15, 2006, at 7:40 PM, Pascal Bourguignon wrote: > > When (VERIFY-GPG-SIGNATURES-P URL) return NIL (for example, when > *VERIFY-GPG-SIGNATURES* is NIL), the following function never exits. > > (defun verify-gpg-signature/url (url file-name) > (block verify > (loop > (restart-case > (when (verify-gpg-signatures-p url) > (let ((sig-url (concatenate 'string url ".asc"))) > (destructuring-bind (response headers stream) > (url-connection sig-url) > (unwind-protect > (flet (#-:digitool > (read-signature (data stream) > (read-sequence data stream)) > #+:digitool > (read-signature (data stream) > (multiple-value-bind (reader arg) > (ccl:stream-reader stream) > (let ((byte 0)) > (dotimes (i (length data)) > (unless (setf byte (funcall > reader arg)) > (error 'download-error :url > sig-url > :response 200)) > (setf (char data i) (code-char > byte))))))) > (if (= response 200) > (let ((data (make-string (parse-integer > (header- > value :content-length headers) > :junk-allowed > t)))) > (read-signature data stream) > (verify-gpg-signature/string data > file-name)) > (error 'download-error :url sig-url > :response response))) > (close stream))))) > (install-anyways (&rest rest) > :report "Don't check GPG signature for this package" > (declare (ignore rest)) > (return-from verify t)) > (retry-gpg-check (&rest args) > :report "Retry GPG check \(e.g., after fixing the > network connection\)" > (declare (ignore args)) > nil))))) > > > I'd sugest to do the test first thing: > > (when (verify-gpg-signatures-p url) > (loop > (restart-case > ... > ))) > > Also, the RETURN-FROM could use the function block name, > or LOOP could be named: (LOOP :NAMED VERIFY :DO ...). > > > -- > __Pascal Bourguignon__ http:// > www.informatimago.com/ > Small brave carnivores > Kill pine cones and mosquitoes > Fear vacuum cleaner > _______________________________________________ > asdf-install-devel mailing list > asdf-install-devel at common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/asdf-install-devel -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM