[opensuse-buildservice] [PATCH] build: Fix signature verification
There is no 'en_EN' locale, so osc build fails with The following package could not be verified: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_EN) Firthermore, it is not a good idea to treat any warning message as error, so do not fail of there is something different than the expected rpm -K output. Signed-off-by: Michal Marek <mmarek@suse.cz> --- osc/fetch.py | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/osc/fetch.py b/osc/fetch.py index 2e39833..c565bfb 100644 --- a/osc/fetch.py +++ b/osc/fetch.py @@ -268,7 +268,7 @@ def verify_pacs_old(pac_list): # save locale first (we rely on English rpm output here) saved_LC_ALL = os.environ.get('LC_ALL') - os.environ['LC_ALL'] = 'en_EN' + os.environ['LC_ALL'] = 'C' o = subprocess.Popen(['rpm', '-K'] + pac_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).stdout @@ -280,10 +280,7 @@ def verify_pacs_old(pac_list): for line in o.readlines(): if not 'OK' in line: - print - print >>sys.stderr, 'The following package could not be verified:' print >>sys.stderr, line - sys.exit(1) if 'NOT OK' in line: print -- 1.7.3.4 -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, On 2010-12-31 15:48:52 +0100, Michal Marek wrote:
There is no 'en_EN' locale, so osc build fails with
The following package could not be verified: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_EN)
Firthermore, it is not a good idea to treat any warning message as error, so do not fail of there is something different than the expected rpm -K output.
Signed-off-by: Michal Marek <mmarek@suse.cz> --- osc/fetch.py | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/osc/fetch.py b/osc/fetch.py index 2e39833..c565bfb 100644 --- a/osc/fetch.py +++ b/osc/fetch.py @@ -268,7 +268,7 @@ def verify_pacs_old(pac_list):
# save locale first (we rely on English rpm output here) saved_LC_ALL = os.environ.get('LC_ALL') - os.environ['LC_ALL'] = 'en_EN' + os.environ['LC_ALL'] = 'C'
Looks ok to me.
o = subprocess.Popen(['rpm', '-K'] + pac_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).stdout @@ -280,10 +280,7 @@ def verify_pacs_old(pac_list): for line in o.readlines():
if not 'OK' in line: - print - print >>sys.stderr, 'The following package could not be verified:' print >>sys.stderr, line - sys.exit(1)
I don't agree with this change. IMHO the build should fail if "rpm --checksig" fails (even if it's "just" a missing gpg key). If you don't like this check you can easily disable it with "osc build --no-verify...". Is there a specific warning which shouldn't be treated as an error? (Btw. is there a specific reason why you use this "old" verify method?) Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2.1.2011 22:59, Marcus Hüwe wrote:
Hi,
On 2010-12-31 15:48:52 +0100, Michal Marek wrote:
There is no 'en_EN' locale, so osc build fails with
The following package could not be verified: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_EN)
Firthermore, it is not a good idea to treat any warning message as error, so do not fail of there is something different than the expected rpm -K output.
Signed-off-by: Michal Marek <mmarek@suse.cz> --- osc/fetch.py | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/osc/fetch.py b/osc/fetch.py index 2e39833..c565bfb 100644 --- a/osc/fetch.py +++ b/osc/fetch.py @@ -268,7 +268,7 @@ def verify_pacs_old(pac_list):
# save locale first (we rely on English rpm output here) saved_LC_ALL = os.environ.get('LC_ALL') - os.environ['LC_ALL'] = 'en_EN' + os.environ['LC_ALL'] = 'C'
Looks ok to me.
o = subprocess.Popen(['rpm', '-K'] + pac_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).stdout @@ -280,10 +280,7 @@ def verify_pacs_old(pac_list): for line in o.readlines():
if not 'OK' in line: - print - print >>sys.stderr, 'The following package could not be verified:' print >>sys.stderr, line - sys.exit(1)
I don't agree with this change. IMHO the build should fail if "rpm --checksig" fails (even if it's "just" a missing gpg key). If you don't like this check you can easily disable it with "osc build --no-verify...". Is there a specific warning which shouldn't be treated as an error?
Agreed. Probably correct way would be to check if for each $package, there is "$package:.... (?!NOT) OK ..." in the output and fail if some packages were not reported, instead of looking for packages that rpm complains about.
(Btw. is there a specific reason why you use this "old" verify method?)
No, what's the new method? Thanks for the review. Michal -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Marcus Hüwe -
Michal Marek