From: Michael J Gruber <git@drmicha.warpmail.net>
To: Stephan Hugel <urschrei@gmail.com>
Cc: Daniel Johnson <computerdruid@gmail.com>, git@vger.kernel.org
Subject: Re: Error when verifying tags signed using 1.7.3.1
Date: Tue, 05 Oct 2010 17:07:11 +0200 [thread overview]
Message-ID: <4CAB3F1F.4030108@drmicha.warpmail.net> (raw)
In-Reply-To: <AANLkTikVYSwGjJUgA8KUdNrkHL3+1mSjv8efLwO5+C9E@mail.gmail.com>
Stephan Hugel venit, vidit, dixit 05.10.2010 15:28:
> On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>>> Daniel,
>>>>> Those are the exact steps I'm using.
>>>>>
>>>>> When I run tag -v on existing tags, I don't see the
>>>>>
>>>>> -----BEGIN PGP MESSAGE-----
>>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>>
>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>>> =/0PJ
>>>>> -----END PGP MESSAGE——
>>>>>
>>>>> block. It's only present on tags created using the current version.
>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>>> is happy to use the same key for en/decryption and signing. I've also
>>>>> verified that none of the subkeys are expired, and that the trust db
>>>>> is OK.
>>>>
>>>> If you have the tests available, can you try running t7004 to see if it fails
>>>> there too?
>>>>
>>> I rebuilt and installed from source
>>> Passed all 105 tests in t7004-tag.sh
>>> Problem remains with tags I create
>>>
>>> This would seem to imply a problem with my key, even though nothing
>>> else is complaining about it.
>>
>> Here's a very basic way to check: If foo is your tag, do
>>
>> git cat-file tag foo > a
>> git cat-file tag foo > a.sig
>>
>> From the file "a", delete the signature (everything lines between and
>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
>> your favorite sed/awk/perl magic.
>>
>> a is the data on which git invoked gpg for signing the tag. (I'm not
>> sure why gpg can't notice the inline sig directly but that doesn't
>> matter; maybe because it is none ;))
>>
>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
>> that, maybe with --verbose, you may find out whether the tag object is
>> bogus or git misunderstands gpg's response. If your key is on a key
>> server you can also share the file a.sig with us so that we can check.
>>
>> Michael
>>
> Michael,
> When I do this, gpg is able to verify the signature. So does this mean
> that gnupg is failing to ignore the PGP block (possibly because it
> expects "SIGNATURE", not "MESSAGE"?)
Do you have "MESSAGE" in there???
Can you share the output of "git verify-tag --verbose yourtag" with us?
In any case, this command should give the same as the edited "a" above
on stdout, and gpg's repsonse on stderr. It should not contain any
"----BEGIN/END...".
You haven't tinkered with your gpg options lately, have you? ;)
Michael
next prev parent reply other threads:[~2010-10-05 15:07 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-04 22:13 Error when verifying tags signed using 1.7.3.1 Stephan Hugel
2010-10-04 22:51 ` Daniel Johnson
2010-10-04 23:04 ` Stephan Hugel
2010-10-04 23:59 ` Daniel Johnson
2010-10-05 0:17 ` Stephan Hugel
2010-10-05 8:00 ` Michael J Gruber
2010-10-05 13:28 ` Stephan Hugel
2010-10-05 15:07 ` Michael J Gruber [this message]
2010-10-05 15:19 ` Stephan Hugel
2010-10-05 15:39 ` Michael J Gruber
2010-10-05 15:40 ` [PATCH] tag,verify-tag: do not trip over rfc1991 signatures Michael J Gruber
2010-10-05 20:28 ` Junio C Hamano
2010-10-05 20:42 ` Michael J Gruber
2010-10-05 20:51 ` Stephan Hugel
2010-10-05 20:56 ` Michael J Gruber
2010-11-06 11:04 ` [PATCH 0/5] Handling of " Michael J Gruber
2010-11-06 11:04 ` [PATCH 1/5] t/t7004-tag: test handling " Michael J Gruber
2010-11-09 17:17 ` Junio C Hamano
2010-11-09 17:23 ` Michael J Gruber
2010-11-10 0:19 ` Junio C Hamano
2010-11-10 8:23 ` Michael J Gruber
2010-11-06 11:04 ` [PATCH 2/5] verify-tag: factor out signature detection Michael J Gruber
2010-11-06 17:40 ` Thiago Farina
2010-11-06 11:04 ` [PATCH 3/5] tag: factor out sig detection for body edits Michael J Gruber
2010-11-06 11:04 ` [PATCH 4/5] tag: factor out sig detection for tag display Michael J Gruber
2010-11-06 11:04 ` [PATCH 5/5] tag: recognize rfc1991 signatures Michael J Gruber
2010-11-06 17:46 ` Thiago Farina
2010-11-08 19:27 ` Junio C Hamano
2010-11-10 11:17 ` [PATCHv2 0/5] Handling of " Michael J Gruber
2010-11-10 11:17 ` [PATCHv2 1/5] t/t7004-tag: test handling " Michael J Gruber
2010-11-10 11:17 ` [PATCHv2 2/5] verify-tag: factor out signature detection Michael J Gruber
2010-11-10 11:17 ` [PATCHv2 3/5] tag: factor out sig detection for body edits Michael J Gruber
2010-11-10 11:17 ` [PATCHv2 4/5] tag: factor out sig detection for tag display Michael J Gruber
2010-11-10 11:17 ` [PATCHv2 5/5] tag: recognize rfc1991 signatures Michael J Gruber
2010-11-10 17:41 ` [PATCHv2 0/5] Handling of " Junio C Hamano
2010-10-05 20:42 ` [PATCH] tag,verify-tag: do not trip over " Todd Zullinger
2010-10-05 20:47 ` Michael J Gruber
2010-10-05 15:45 ` Error when verifying tags signed using 1.7.3.1 Stephan Hugel
2010-10-05 9:41 ` Pat Thoyts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CAB3F1F.4030108@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=computerdruid@gmail.com \
--cc=git@vger.kernel.org \
--cc=urschrei@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).