[pacman-dev] pacman-key: Add --quiet to a few more gpg invocations

Message ID 20210825204222.99103-1-daan.j.demeyer@gmail.com
State New
Headers show
Series [pacman-dev] pacman-key: Add --quiet to a few more gpg invocations | expand

Commit Message

Daan De Meyer Aug. 25, 2021, 8:42 p.m. UTC
Currently, when running pacman-key --populate, gpg prints the
trustdb check output once for each locally signed and revoked key.
When bootstrapping a new container image, about 50 keys get signed
and revoked which leads to a huge amount of output when running
pacman-key which is the following text repeated 50x

```
gpg: checking the trustdb
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:  83  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:  78  signed:  25  trust: 78-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2021-12-01
```

To avoid overloading the user with gpg output, we add --quiet to the gpg
calls generating the trustdb checking output to silence those calls which
gets rid of the trustdb check output on the terminal.

Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
---
 scripts/pacman-key.sh.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Allan McRae Aug. 25, 2021, 9:47 p.m. UTC | #1
On 26/8/21 6:42 am, Daan De Meyer wrote:
> Currently, when running pacman-key --populate, gpg prints the
> trustdb check output once for each locally signed and revoked key.
> When bootstrapping a new container image, about 50 keys get signed
> and revoked which leads to a huge amount of output when running
> pacman-key which is the following text repeated 50x
> 
> ```
> gpg: checking the trustdb
> gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10

Shouldn't this issue be fix rather than hiding it?
Daan De Meyer Aug. 25, 2021, 10:01 p.m. UTC | #2
From what I understand, this isn't a bug, gpg automatically calculates
when the trustdb should be checked, it's just that it happens a lot
since we're doing a lot of operations. We're not really hiding an
issue, just information that the average user won't be interested in
(at least I think the average user doesn't really care about gpg
checking the trustdb unless it fails, in which case the error will
still get printed even with this change).

On Wed, 25 Aug 2021 at 22:47, Allan McRae <allan@archlinux.org> wrote:
>
> On 26/8/21 6:42 am, Daan De Meyer wrote:
> > Currently, when running pacman-key --populate, gpg prints the
> > trustdb check output once for each locally signed and revoked key.
> > When bootstrapping a new container image, about 50 keys get signed
> > and revoked which leads to a huge amount of output when running
> > pacman-key which is the following text repeated 50x
> >
> > ```
> > gpg: checking the trustdb
> > gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
>
> Shouldn't this issue be fix rather than hiding it?
>
Allan McRae Aug. 25, 2021, 10:56 p.m. UTC | #3
On 26/8/21 8:01 am, Daan De Meyer wrote:
>>From what I understand, this isn't a bug, gpg automatically calculates
> when the trustdb should be checked, it's just that it happens a lot
> since we're doing a lot of operations. We're not really hiding an
> issue, just information that the average user won't be interested in
> (at least I think the average user doesn't really care about gpg
> checking the trustdb unless it fails, in which case the error will
> still get printed even with this change).
> 

Having this repeated 50 times sounds like an issue that should be fixed:

gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
Daan De Meyer Aug. 26, 2021, 8:08 p.m. UTC | #4
> Having this repeated 50 times sounds like an issue that should be fixed

I've submitted a new patch that reorders operations done by pacman-key
to reduce the number of trustdb checks to 1.
On Wed, 25 Aug 2021 at 23:56, Allan McRae <allan@archlinux.org> wrote:
>
> On 26/8/21 8:01 am, Daan De Meyer wrote:
> >>From what I understand, this isn't a bug, gpg automatically calculates
> > when the trustdb should be checked, it's just that it happens a lot
> > since we're doing a lot of operations. We're not really hiding an
> > issue, just information that the average user won't be interested in
> > (at least I think the average user doesn't really care about gpg
> > checking the trustdb unless it fails, in which case the error will
> > still get printed even with this change).
> >
>
> Having this repeated 50 times sounds like an issue that should be fixed:
>
> gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
>
>
>
>

Patch

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 50342649..0526532f 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -192,7 +192,7 @@  check_keyids_exist() {
 }
 
 key_is_lsigned() {
-	secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}')
+	secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
 	while IFS=: read -r type valid _ _ sign_key _; do
 		if [[ $type != "sig" || $valid != "!" ]]; then
 			continue
@@ -200,7 +200,7 @@  key_is_lsigned() {
 		if [[ "$sign_key" == "$secret_key" ]]; then
 			return 0
 		fi
-	done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+	done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures --quiet "$1")
 	return 1
 }
 
@@ -212,7 +212,7 @@  key_is_revoked() {
 		if [[ $flags == *"D"* ]]; then
 			return 0
 		fi
-	done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+	done < <("${GPG_PACMAN[@]}" --with-colons --list-key --quiet "$1")
 	return 1
 }