| Message ID | 20210825204222.99103-1-daan.j.demeyer@gmail.com |
|---|---|
| State | Superseded, archived |
| Headers | show |
| Series | [pacman-dev] pacman-key: Add --quiet to a few more gpg invocations | expand |
On 26/8/21 6:42 am, Daan De Meyer wrote: > Currently, when running pacman-key --populate, gpg prints the > trustdb check output once for each locally signed and revoked key. > When bootstrapping a new container image, about 50 keys get signed > and revoked which leads to a huge amount of output when running > pacman-key which is the following text repeated 50x > > ``` > gpg: checking the trustdb > gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 Shouldn't this issue be fix rather than hiding it?
From what I understand, this isn't a bug, gpg automatically calculates when the trustdb should be checked, it's just that it happens a lot since we're doing a lot of operations. We're not really hiding an issue, just information that the average user won't be interested in (at least I think the average user doesn't really care about gpg checking the trustdb unless it fails, in which case the error will still get printed even with this change). On Wed, 25 Aug 2021 at 22:47, Allan McRae <allan@archlinux.org> wrote: > > On 26/8/21 6:42 am, Daan De Meyer wrote: > > Currently, when running pacman-key --populate, gpg prints the > > trustdb check output once for each locally signed and revoked key. > > When bootstrapping a new container image, about 50 keys get signed > > and revoked which leads to a huge amount of output when running > > pacman-key which is the following text repeated 50x > > > > ``` > > gpg: checking the trustdb > > gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 > > Shouldn't this issue be fix rather than hiding it? >
On 26/8/21 8:01 am, Daan De Meyer wrote: >>From what I understand, this isn't a bug, gpg automatically calculates > when the trustdb should be checked, it's just that it happens a lot > since we're doing a lot of operations. We're not really hiding an > issue, just information that the average user won't be interested in > (at least I think the average user doesn't really care about gpg > checking the trustdb unless it fails, in which case the error will > still get printed even with this change). > Having this repeated 50 times sounds like an issue that should be fixed: gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
> Having this repeated 50 times sounds like an issue that should be fixed I've submitted a new patch that reorders operations done by pacman-key to reduce the number of trustdb checks to 1. On Wed, 25 Aug 2021 at 23:56, Allan McRae <allan@archlinux.org> wrote: > > On 26/8/21 8:01 am, Daan De Meyer wrote: > >>From what I understand, this isn't a bug, gpg automatically calculates > > when the trustdb should be checked, it's just that it happens a lot > > since we're doing a lot of operations. We're not really hiding an > > issue, just information that the average user won't be interested in > > (at least I think the average user doesn't really care about gpg > > checking the trustdb unless it fails, in which case the error will > > still get printed even with this change). > > > > Having this repeated 50 times sounds like an issue that should be fixed: > > gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 > > > >
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index 50342649..0526532f 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -192,7 +192,7 @@ check_keyids_exist() { } key_is_lsigned() { - secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}') + secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}') while IFS=: read -r type valid _ _ sign_key _; do if [[ $type != "sig" || $valid != "!" ]]; then continue @@ -200,7 +200,7 @@ key_is_lsigned() { if [[ "$sign_key" == "$secret_key" ]]; then return 0 fi - done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1") + done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures --quiet "$1") return 1 } @@ -212,7 +212,7 @@ key_is_revoked() { if [[ $flags == *"D"* ]]; then return 0 fi - done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1") + done < <("${GPG_PACMAN[@]}" --with-colons --list-key --quiet "$1") return 1 }
Currently, when running pacman-key --populate, gpg prints the trustdb check output once for each locally signed and revoked key. When bootstrapping a new container image, about 50 keys get signed and revoked which leads to a huge amount of output when running pacman-key which is the following text repeated 50x ``` gpg: checking the trustdb gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10 gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10 gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10 gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 6 signed: 83 trust: 0-, 0q, 0n, 6m, 0f, 0u gpg: depth: 2 valid: 78 signed: 25 trust: 78-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2021-12-01 ``` To avoid overloading the user with gpg output, we add --quiet to the gpg calls generating the trustdb checking output to silence those calls which gets rid of the trustdb check output on the terminal. Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> --- scripts/pacman-key.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)