[asdf-install-devel] Infinite loop in VERIFY-GPG-SIGNATURE/URL

Gary King gwking at metabang.com
Sat Sep 16 18:31:23 UTC 2006 

Hi Pascal,

Right you are. Thanks and thanks for the patch. I'm unburying my old  
GPG key at the moment (hard drive failure / backup mistake --  
whoopts) so I can't update the ASDF-Installable version at the  
moment. I'm also in the midst of refactoring a bunch of the GPG code  
so that this patch no longer applies.

I will, however, add a test to make sure that things work regardless  
of whether or not verify-gpg-signatures-p returns t or nil.

thanks again,

On Sep 15, 2006, at 7:40 PM, Pascal Bourguignon wrote:

>
> When (VERIFY-GPG-SIGNATURES-P URL) return NIL (for example, when
> *VERIFY-GPG-SIGNATURES* is NIL), the following function never exits.
>
> (defun verify-gpg-signature/url (url file-name)
>   (block verify
>     (loop
>        (restart-case
>            (when (verify-gpg-signatures-p url)
>              (let ((sig-url (concatenate 'string url ".asc")))
>                (destructuring-bind (response headers stream)
>                    (url-connection sig-url)
>                  (unwind-protect
>                       (flet (#-:digitool
>                              (read-signature (data stream)
>                                (read-sequence data stream))
>                              #+:digitool
>                              (read-signature (data stream)
>                                (multiple-value-bind (reader arg)
>                                    (ccl:stream-reader stream)
>                                  (let ((byte 0))
>                                    (dotimes (i (length data))
>                                      (unless (setf byte (funcall  
> reader arg))
>                                        (error 'download-error :url  
> sig-url
>                                               :response 200))
>                                      (setf (char data i) (code-char  
> byte)))))))
>                         (if (= response 200)
>                             (let ((data (make-string (parse-integer
>                                                       (header- 
> value :content-length headers)
>                                                       :junk-allowed  
> t))))
>                               (read-signature data stream)
>                               (verify-gpg-signature/string data  
> file-name))
>                             (error 'download-error :url sig-url
>                                    :response response)))
>                    (close stream)))))
>          (install-anyways (&rest rest)
>            :report "Don't check GPG signature for this package"
>            (declare (ignore rest))
>            (return-from verify t))
>          (retry-gpg-check (&rest args)
>            :report "Retry GPG check \(e.g., after fixing the  
> network connection\)"
>            (declare (ignore args))
>            nil)))))
>
>
> I'd sugest to do the test first thing:
>
> (when (verify-gpg-signatures-p url)
>   (loop
>     (restart-case
>        ...
>       )))
>
> Also, the RETURN-FROM could use the function block name,
> or LOOP could be named: (LOOP :NAMED VERIFY :DO ...).
>
>
> -- 
> __Pascal Bourguignon__                     http:// 
> www.informatimago.com/
> Small brave carnivores
> Kill pine cones and mosquitoes
> Fear vacuum cleaner
> _______________________________________________
> asdf-install-devel mailing list
> asdf-install-devel at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/asdf-install-devel

--
Gary Warren King, metabang.com
Cell: (413) 885 9127
Fax: (206) 338-4052
gwkkwg on Skype * garethsan on AIM

More information about the asdf-install-devel mailing list