bug#35739: Bad signature from GNU ELPA

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2
Recipe from 'emacs -Q': [M-x package-list-packages RET].

Symptoms: The package list is displayed but an *Error* buffer pops up:

Failed to verify signature archive-contents.sig:
Bad signature from 474F05837FBDEF9B GNU ELPA Signing Agent (2014) <[hidden email]>
Command output:
gpg: Signature made 05/14/19 22:10:03 GMT Summer Time
gpg:                using DSA key CA442C00F91774F17F59D9B0474F05837FBDEF9B
gpg: BAD signature from "GNU ELPA Signing Agent (2014) <[hidden email]>" [unknown]

GPG version:

gpg (GnuPG) 2.2.11
libgcrypt 1.8.4
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/buster/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


In GNU Emacs 27.0.50 (build 7, x86_64-w64-mingw32)
 of 2019-05-12 built on MACHINE
Repository revision: 9e1bb6a2f6c2462b9652ffce706c549269740307
Repository branch: buster
Windowing system distributor 'Microsoft Corp.', version 10.0.18890
System Description: Microsoft Windows 10 Pro (v10.0.1903.18890.1000)

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Importing package-keyring.gpg...done
Package refresh done
error in process filter: package--check-signature-content: Failed to verify signature: "archive-contents.sig"
error in process filter: Failed to verify signature: "archive-contents.sig"

Configured using:
 'configure --config-cache --with-modules --without-pop --without-dbus
 --without-gconf --without-gsettings CFLAGS=-O3'

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY W32NOTIFY ACL GNUTLS LIBXML2
ZLIB TOOLKIT_SCROLL_BARS MODULES THREADS JSON PDUMPER LCMS2 GMP

Important settings:
  value of $EMACSLOADPATH: c:\emacs-lisp;
  value of $LANG: ENG
  locale-coding-system: cp1252

Major mode: Package Menu

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug sendmail help-mode mm-archive message
dired dired-loaddefs format-spec rfc822 mml mml-sec epa derived
gnus-util rmail rmail-loaddefs text-property-search time-date mailabbrev
gmm-utils mailheader mm-decode mm-bodies mm-encode mail-utils gnutls
network-stream url-http mail-parse rfc2231 rfc2047 rfc2045 mm-util
ietf-drums mail-prsvr url-gw nsm rmc puny url-cache url-auth url
url-proxy url-privacy url-expand url-methods url-history url-cookie
url-domsuf url-util mailcap epg finder-inf package easymenu epg-config
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json subr-x map url-vars seq byte-opt gv
bytecomp byte-compile cconv cl-loaddefs cl-lib elec-pair mule-util
tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow isearch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook jka-cmpr-hook
help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads w32notify w32 lcms2 multi-tty make-network-process
emacs)

Memory information:
((conses 16 76305 10007)
 (symbols 48 8292 1)
 (strings 32 24152 2632)
 (string-bytes 1 719178)
 (vectors 16 12539)
 (vector-slots 8 154153 12968)
 (floats 8 25 327)
 (intervals 56 2362 126)
 (buffers 992 13))

Reply | Threaded
Open this post in threaded view
|

bug#35739: Acknowledgement (Bad signature from GNU ELPA)

Richard Copley-2
I wrote:

>Repository revision: 9e1bb6a2f6c2462b9652ffce706c549269740307
>Repository branch: buster

This is a local branch with some irrelevant patches on top of this recent
commit in the FSF master branch:

fsf/master 29531785a17acf519070b73b488ad87ddd94aff7
Author:     Noam Postavsky <[hidden email]>
AuthorDate: Sun May 5 13:24:15 2019 -0400
Commit:     Noam Postavsky <[hidden email]>
CommitDate: Sun May 12 08:05:01 2019 -0400

Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Noam Postavsky
In reply to this post by Richard Copley-2
retitle 35739 [w32] Bad signature from GNU ELPA for archive-contents
quit

Richard Copley <[hidden email]> writes:

> Recipe from 'emacs -Q': [M-x package-list-packages RET].
>
> Symptoms: The package list is displayed but an *Error* buffer pops up:
>
> Failed to verify signature archive-contents.sig:
> Bad signature from 474F05837FBDEF9B GNU ELPA Signing Agent (2014) <
> [hidden email]>
> Command output:
> gpg: Signature made 05/14/19 22:10:03 GMT Summer Time
> gpg:                using DSA key CA442C00F91774F17F59D9B0474F05837FBDEF9B
> gpg: BAD signature from "GNU ELPA Signing Agent (2014) <
> [hidden email]>" [unknown]

> gpg (GnuPG) 2.2.11

> In GNU Emacs 27.0.50 (build 7, x86_64-w64-mingw32)
>  of 2019-05-12 built on MACHINE

I can reproduce on my Windows machine, but not on GNU/Linux.  Maybe some
line endings are getting converted?

I also noticed that doing (setq package-check-signature nil), M-x
package-refresh-contents, (setq package-check-signature t), lets
packages be installed successfully.  It's only the archive-contents that
fails to verify.




Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2

On Tue, 14 May 2019 at 23:04, Noam Postavsky <[hidden email]> wrote:
I can reproduce on my Windows machine, but not on GNU/Linux.  Maybe some
line endings are getting converted?

Thanks, that seems to be it: the attached patch gets rid of the bug (but obviously isn't TRT).


35739-test.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2
On Tue, 14 May 2019 at 23:26, Richard Copley <[hidden email]> wrote:

On Tue, 14 May 2019 at 23:04, Noam Postavsky <[hidden email]> wrote:
I can reproduce on my Windows machine, but not on GNU/Linux.  Maybe some
line endings are getting converted?

Thanks, that seems to be it: the attached patch gets rid of the bug (but obviously isn't TRT).

... and (apologies) I don't have a copyright assignment on file, so I'll have to
leave it to Somebody to do TRT.

TIA, Somebody!
Buster.

Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Eli Zaretskii
In reply to this post by Richard Copley-2
> From: Richard Copley <[hidden email]>
> Date: Tue, 14 May 2019 23:26:27 +0100
> Cc: [hidden email]
>
> Thanks, that seems to be it: the attached patch gets rid of the bug (but obviously isn't TRT).
>
> diff --git a/lisp/url/url-handlers.el b/lisp/url/url-handlers.el
> index e35d999e0f..f8af2ce88c 100644
> --- a/lisp/url/url-handlers.el
> +++ b/lisp/url/url-handlers.el
> @@ -334,11 +334,11 @@ url-insert-buffer-contents
>        (when replace
>          (delete-region (point-min) start)
>          (delete-region (point) (point-max)))
> -      (unless (cadr size-and-charset)
> -        ;; If the headers don't specify any particular charset, use the
> -        ;; usual heuristic/rules that we apply to files.
> -        (decode-coding-inserted-region (point-min) (point) url
> -                                       visit beg end replace))
> +      ;; (unless (cadr size-and-charset)
> +      ;;   ;; If the headers don't specify any particular charset, use the
> +      ;;   ;; usual heuristic/rules that we apply to files.
> +      ;;   (decode-coding-inserted-region (point-min) (point) url
> +      ;;                                  visit beg end replace))
>        (let ((inserted (car size-and-charset)))
>          (when (fboundp 'after-insert-file-set-coding)
>            (let ((insval (after-insert-file-set-coding inserted visit)))

I don't see how disabling decoding could make sense, can you explain?
What does this code do on GNU/Linux?



Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Eli Zaretskii
In reply to this post by Richard Copley-2
> From: Richard Copley <[hidden email]>
> Date: Tue, 14 May 2019 23:42:31 +0100
> Cc: [hidden email]
>
> ... and (apologies) I don't have a copyright assignment on file, so I'll have to
> leave it to Somebody to do TRT.

The change is small enough for us not to be bothered by that.

Thanks.



Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2
In reply to this post by Eli Zaretskii
On Wed, 15 May 2019 at 03:42, Eli Zaretskii <[hidden email]> wrote:
> From: Richard Copley <[hidden email]>
> Date: Tue, 14 May 2019 23:26:27 +0100
> Cc: [hidden email]
>
> Thanks, that seems to be it: the attached patch gets rid of the bug (but obviously isn't TRT).
>
> diff --git a/lisp/url/url-handlers.el b/lisp/url/url-handlers.el
> index e35d999e0f..f8af2ce88c 100644
> --- a/lisp/url/url-handlers.el
> +++ b/lisp/url/url-handlers.el
> @@ -334,11 +334,11 @@ url-insert-buffer-contents
>        (when replace
>          (delete-region (point-min) start)
>          (delete-region (point) (point-max)))
> -      (unless (cadr size-and-charset)
> -        ;; If the headers don't specify any particular charset, use the
> -        ;; usual heuristic/rules that we apply to files.
> -        (decode-coding-inserted-region (point-min) (point) url
> -                                       visit beg end replace))
> +      ;; (unless (cadr size-and-charset)
> +      ;;   ;; If the headers don't specify any particular charset, use the
> +      ;;   ;; usual heuristic/rules that we apply to files.
> +      ;;   (decode-coding-inserted-region (point-min) (point) url
> +      ;;                                  visit beg end replace))
>        (let ((inserted (car size-and-charset)))
>          (when (fboundp 'after-insert-file-set-coding)
>            (let ((insval (after-insert-file-set-coding inserted visit)))

I don't see how disabling decoding could make sense, can you explain?

Not in detail, it's not an area of expertise of mine. We call
(decode-coding-region (point-min) (point-max) 'undecided) on the
payload of "https://elpa.gnu.org/packages/archive-contents",
which is raw text. The resulting buffer's buffer-file-coding-
system is iso-latin-1-dos.
 
What does this code do on GNU/Linux?

The same. The resulting coding system is iso-latin-1-unix.

Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2
In reply to this post by Eli Zaretskii
On Wed, 15 May 2019 at 03:42, Eli Zaretskii <[hidden email]> wrote:
> From: Richard Copley <[hidden email]>
> Date: Tue, 14 May 2019 23:42:31 +0100
> Cc: [hidden email]
>
> ... and (apologies) I don't have a copyright assignment on file, so I'll have to
> leave it to Somebody to do TRT.

The change is small enough for us not to be bothered by that.

OK, then I have another reason to leave it to someone else: I don't
understand the code in "package.el" and "url.el" well enough to be
confident making changes there.

The attached patch is less stupid, in that it doesn't have the
potential to break all the users of url-retrieve. Still, I'm not
asserting it's a sound or complete fix, or recommending it for
inclusion in Emacs. It does get rid of the error from my recipe.

35739.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Stefan Monnier
> --- a/lisp/emacs-lisp/package.el
> +++ b/lisp/emacs-lisp/package.el
> @@ -1225,7 +1225,7 @@ package--with-work-buffer
>                                                                     (goto-char (point-min))
>                                                                     (unless (search-forward-regexp "^\r?\n\r?" nil 'noerror)
>                                                                       (error "Error retrieving: %s %S" ,url-sym "incomprehensible buffer")))
> -                                                                 (url-insert-buffer-contents ,b-sym ,url-sym)
> +                                                                 (url-insert ,b-sym)
>                                                                   (kill-buffer ,b-sym)
>                                                                   (goto-char (point-min)))))
>                                                 nil

[ Boy, this macro looks awfully deeply indented.
  We need to rewrite this to fit into the usual 80 columns.  ]

That actually looks very good [it would also need to change the other
url-insert-file-contents in that macro, of course].

Eli, do you think this could also be a fix for bug#34909?

E.g. something like the patch below?


        Stefan
       

diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 949ad711ae..8a16dba1c2 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -1202,40 +1182,45 @@ package--with-work-buffer
     (let ((url-sym (make-symbol "url"))
           (b-sym (make-symbol "b-sym")))
       `(cl-macrolet ((unless-error (body-2 &rest before-body)
-                                   (let ((err (make-symbol "err")))
-                                     `(with-temp-buffer
-                                        (when (condition-case ,err
-                                                  (progn ,@before-body t)
-                                                ,(list 'error ',error-form
-                                                       (list 'unless ',noerror-1
-                                                             `(signal (car ,err) (cdr ,err)))))
-                                          ,@body-2)))))
+                        (let ((err (make-symbol "err")))
+                          `(with-temp-buffer
+                             (set-buffer-multibyte nil)
+                             (when (condition-case ,err
+                                       (progn ,@before-body t)
+                                     ,(list 'error ',error-form
+                                            (list 'unless ',noerror-1
+                                                  `(signal (car ,err)
+                                                           (cdr ,err)))))
+                               ,@body-2)))))
          (if (string-match-p "\\`https?:" ,url-1)
              (let ((,url-sym (concat ,url-1 ,file)))
                (if ,async
                    (unless-error nil
-                                 (url-retrieve ,url-sym
-                                               (lambda (status)
-                                                 (let ((,b-sym (current-buffer)))
-                                                   (require 'url-handlers)
-                                                   (unless-error ,body
-                                                                 (when-let* ((er (plist-get status :error)))
-                                                                   (error "Error retrieving: %s %S" ,url-sym er))
-                                                                 (with-current-buffer ,b-sym
-                                                                   (goto-char (point-min))
-                                                                   (unless (search-forward-regexp "^\r?\n\r?" nil 'noerror)
-                                                                     (error "Error retrieving: %s %S" ,url-sym "incomprehensible buffer")))
-                                                                 (url-insert-buffer-contents ,b-sym ,url-sym)
-                                                                 (kill-buffer ,b-sym)
-                                                                 (goto-char (point-min)))))
-                                               nil
-                                               'silent))
-                 (unless-error ,body (url-insert-file-contents ,url-sym))))
+                     (url-retrieve
+                      ,url-sym
+                      (lambda (status)
+                        (let ((,b-sym (current-buffer)))
+                          (require 'url-handlers)
+                          (unless-error ,body
+                            (when-let* ((er (plist-get status :error)))
+                              (error "Error retrieving: %s %S" ,url-sym er))
+                            (with-current-buffer ,b-sym
+                              (goto-char (point-min))
+                              (unless (search-forward-regexp "^\r?\n\r?" nil t)
+                                (error "Error retrieving: %s %S"
+                                       ,url-sym "incomprehensible buffer")))
+                            (url-insert ,b-sym)
+                            (kill-buffer ,b-sym)
+                            (goto-char (point-min)))))
+                      nil
+                      'silent))
+                 (unless-error ,body (url-insert ,url-sym))))
            (unless-error ,body
-                         (let ((url (expand-file-name ,file ,url-1)))
-                           (unless (file-name-absolute-p url)
-                             (error "Location %s is not a url nor an absolute file name" url))
-                           (insert-file-contents url))))))))
+             (let ((url (expand-file-name ,file ,url-1)))
+               (unless (file-name-absolute-p url)
+                 (error "Location %s is not a url nor an absolute file name"
+                        url))
+               (insert-file-contents url))))))))
 
 (define-error 'bad-signature "Failed to verify signature")
 
@@ -1294,7 +1279,8 @@ package--check-signature
     (package--with-response-buffer location :file sig-file
       :async async :noerror t
       ;; Connection error is assumed to mean "no sig-file".
-      :error-form (let ((allow-unsigned (eq package-check-signature 'allow-unsigned)))
+      :error-form (let ((allow-unsigned
+                         (eq package-check-signature 'allow-unsigned)))
                     (when (and callback allow-unsigned)
                       (funcall callback nil))
                     (when unwind (funcall unwind))
@@ -1303,8 +1289,9 @@ package--check-signature
       ;; OTOH, an error here means "bad signature", which we never
       ;; suppress.  (Bug#22089)
       (unwind-protect
-          (let ((sig (package--check-signature-content (buffer-substring (point) (point-max))
-                                                       string sig-file)))
+          (let ((sig (package--check-signature-content
+                      (buffer-substring (point) (point-max))
+                      string sig-file)))
             (when callback (funcall callback sig))
             sig)
         (when unwind (funcall unwind))))))
@@ -1581,15 +1568,18 @@ package--download-one-archive
                 (member name package-unsigned-archives))
             ;; If we don't care about the signature, save the file and
             ;; we're done.
-            (progn (let ((coding-system-for-write 'utf-8))
-                     (write-region content nil local-file nil 'silent))
-                   (package--update-downloads-in-progress archive))
+            (progn
+             (cl-assert (not enable-multibyte-characters))
+             (let ((coding-system-for-write 'binary))
+               (write-region content nil local-file nil 'silent))
+             (package--update-downloads-in-progress archive))
           ;; If we care, check it (perhaps async) and *then* write the file.
           (package--check-signature
            location file content async
            ;; This function will be called after signature checking.
            (lambda (&optional good-sigs)
-             (let ((coding-system-for-write 'utf-8))
+             (cl-assert (not enable-multibyte-characters))
+             (let ((coding-system-for-write 'binary))
                (write-region content nil local-file nil 'silent))
              ;; Write out good signatures into archive-contents.signed file.
              (when good-sigs
@@ -1903,7 +1893,8 @@ package-install-from-archive
                ;; Update the old pkg-desc which will be shown on the description buffer.
                (setf (package-desc-signed pkg-desc) t)
                ;; Update the new (activated) pkg-desc as well.
-               (when-let* ((pkg-descs (cdr (assq (package-desc-name pkg-desc) package-alist))))
+               (when-let* ((pkg-descs (cdr (assq (package-desc-name pkg-desc)
+                                                 package-alist))))
                  (setf (package-desc-signed (car pkg-descs)) t))))))))))
 
 (defun package-installed-p (package &optional min-version)
@@ -2477,10 +2468,12 @@ describe-package-1
               (replace-match ""))))
 
       (if (package-installed-p desc)
-          ;; For installed packages, get the description from the installed files.
+          ;; For installed packages, get the description from the
+          ;; installed files.
           (insert (package--get-description desc))
 
-        ;; For non-built-in, non-installed packages, get description from the archive.
+        ;; For non-built-in, non-installed packages, get description from
+        ;; the archive.
         (let* ((basename (format "%s-readme.txt" name))
                readme-string)
 
diff --git a/lisp/url/url-handlers.el b/lisp/url/url-handlers.el
index e35d999e0f..783466ca70 100644
--- a/lisp/url/url-handlers.el
+++ b/lisp/url/url-handlers.el
@@ -299,7 +299,8 @@ url-file-local-copy
 (defun url-insert (buffer &optional beg end)
   "Insert the body of a URL object.
 BUFFER should be a complete URL buffer as returned by `url-retrieve'.
-If the headers specify a coding-system, it is applied to the body before it is inserted.
+If the headers specify a coding-system (and current buffer is multibyte),
+it is applied to the body before it is inserted.
 Returns a list of the form (SIZE CHARSET), where SIZE is the size in bytes
 of the inserted text and CHARSET is the charset that was specified in the header,
 or nil if none was found.
@@ -311,12 +312,13 @@ url-insert
                      (buffer-substring (+ (point-min) beg)
                                        (if end (+ (point-min) end) (point-max)))
    (buffer-string))))
-         (charset (mail-content-type-get (mm-handle-type handle)
-                                          'charset)))
+         (charset (if enable-multibyte-characters
+                      (mail-content-type-get (mm-handle-type handle)
+                                             'charset))))
     (mm-destroy-parts handle)
-    (if charset
-        (insert (mm-decode-string data (mm-charset-to-coding-system charset)))
-      (insert data))
+    (insert (if charset
+                (mm-decode-string data (mm-charset-to-coding-system charset))
+              data))
     (list (length data) charset)))
 
 (defvar url-http-codes)




Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Eli Zaretskii
In reply to this post by Richard Copley-2
> From: Richard Copley <[hidden email]>
> Date: Wed, 15 May 2019 07:46:12 +0100
> Cc: Noam Postavsky <[hidden email]>, [hidden email]
>
>  I don't see how disabling decoding could make sense, can you explain?
>
> Not in detail, it's not an area of expertise of mine. We call
> (decode-coding-region (point-min) (point-max) 'undecided) on the
> payload of "https://elpa.gnu.org/packages/archive-contents",
> which is raw text. The resulting buffer's buffer-file-coding-
> system is iso-latin-1-dos.
>  
>
>  What does this code do on GNU/Linux?
>
> The same. The resulting coding system is iso-latin-1-unix.

That URL seems to bring ASCII text.  Are you saying that GPG produces
a wrong signature because EOL format is significant for it?  (Please
forgive silly questions about GPG: I seldom if ever use it.)

In any case, if we don't want EOL conversion, we should bind
inhibit-eol-conversion to a non-nil value, and change nothing else.
But this should not be done in url-insert-buffer-contents, it should
be done in package.el, because the former is a general utility and not
necessarily needs to inhibit EOL conversion for all of its callers.



Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Eli Zaretskii
In reply to this post by Stefan Monnier
> From: Stefan Monnier <[hidden email]>
> Cc: Eli Zaretskii <[hidden email]>,  [hidden email],  Noam Postavsky <[hidden email]>
> Date: Wed, 15 May 2019 10:03:57 -0400
>
> That actually looks very good [it would also need to change the other
> url-insert-file-contents in that macro, of course].
>
> Eli, do you think this could also be a fix for bug#34909?
>
> E.g. something like the patch below?

I don't know.  I don't yet have a handle on what happens here, and
therefore I don't understand how replacing url-insert-buffer-contents
with url-insert should fix that.  I'm probably missing something.



Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Richard Copley-2
In reply to this post by Eli Zaretskii

On Wed, 15 May 2019, 15:40 Eli Zaretskii, <[hidden email]> wrote:
> From: Richard Copley <[hidden email]>
> Date: Wed, 15 May 2019 07:46:12 +0100
> Cc: Noam Postavsky <[hidden email]>, [hidden email]
>
>  I don't see how disabling decoding could make sense, can you explain?
>
> Not in detail, it's not an area of expertise of mine. We call
> (decode-coding-region (point-min) (point-max) 'undecided) on the
> payload of "https://elpa.gnu.org/packages/archive-contents",
> which is raw text. The resulting buffer's buffer-file-coding-
> system is iso-latin-1-dos.

>
>  What does this code do on GNU/Linux?
>
> The same. The resulting coding system is iso-latin-1-unix.

That URL seems to bring ASCII text.  Are you saying that GPG produces
a wrong signature because EOL format is significant for it?  (Please
forgive silly questions about GPG: I seldom if ever use it.)

Getting the signature involves applying a hash function to the bytes
in question. It's desirable that two different byte sequences give rise
to two different signatures, even if the difference is a carriage return.

In any case, if we don't want EOL conversion, we should bind
inhibit-eol-conversion to a non-nil value, and change nothing else.
But this should not be done in url-insert-buffer-contents, it should
be done in package.el, because the former is a general utility and not
necessarily needs to inhibit EOL conversion for all of its callers.

Of course. I was confirming Noam's hunch, not suggesting a change.
Sorry that wasn't clear.

Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Stefan Monnier
In reply to this post by Eli Zaretskii
> I don't know.  I don't yet have a handle on what happens here, and
> therefore I don't understand how replacing url-insert-buffer-contents
> with url-insert should fix that.  I'm probably missing something.

After playing some more with it, I found a few problems, tracked down
the origin of the decoding (which was introduced for the case where we
download the <pkg>-readme.txt description file) and installed a patch
into master which should fix this right.

Now the question is how to adapt the fix for emacs-26: the patch
I installed is too invasive for emacs-26, I think.

Maybe we can patch over the problem by using `last-coding-system` instead
of `utf-8`?


        Stefan




Reply | Threaded
Open this post in threaded view
|

bug#35739: Bad signature from GNU ELPA

Eli Zaretskii
> From: Stefan Monnier <[hidden email]>
> Cc: [hidden email],  [hidden email],  [hidden email]
> Date: Sat, 18 May 2019 18:36:50 -0400
>
> > I don't know.  I don't yet have a handle on what happens here, and
> > therefore I don't understand how replacing url-insert-buffer-contents
> > with url-insert should fix that.  I'm probably missing something.
>
> After playing some more with it, I found a few problems, tracked down
> the origin of the decoding (which was introduced for the case where we
> download the <pkg>-readme.txt description file) and installed a patch
> into master which should fix this right.
>
> Now the question is how to adapt the fix for emacs-26: the patch
> I installed is too invasive for emacs-26, I think.
>
> Maybe we can patch over the problem by using `last-coding-system` instead
> of `utf-8`?

I don't think I understand the change enough to say something
intelligent here.  The commit explains, o some extent, why the
original code failed, but it says nothing about the way the new code
solves the problem without introducing new ones.

I'm also mildly worried about the incompatible change in url-insert,
which is a general-purpose function not limited to package.el and its
signature verification.