Don't check signatures in build-many-glibcs.py
Checks
| Context |
Check |
Description |
| redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
| redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
| linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
| linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
Commit Message
I sign commits and have signature verification on in git. Maybe that's
a bad idea because it trips up a bunch of scripts, but it's pretty easy
to just force skipping signature verification here.
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
---
scripts/build-many-glibcs.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hi Palmer, thanks for the patch.
On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote:
> I sign commits and have signature verification on in git. Maybe that's
> a bad idea because it trips up a bunch of scripts, but it's pretty easy
> to just force skipping signature verification here.
Presumably, there's all kind of things that could go wrong if the user
has some particular git configuration. I feel like this particular can
of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL
to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure)
to clear any interfering custom config.
WDYT?
>
> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
> ---
> scripts/build-many-glibcs.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
> index ec2ded6e56..f9cf14c94d 100755
> --- a/scripts/build-many-glibcs.py
> +++ b/scripts/build-many-glibcs.py
> @@ -931,7 +931,7 @@ class Context(object):
> if self.replace_sources:
> subprocess.run(['git', 'clean', '-dxfq'],
> cwd=self.component_srcdir(component), check=True)
> - subprocess.run(['git', 'pull', '-q'],
> + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'],
> cwd=self.component_srcdir(component), check=True)
> else:
> if self.shallow:
> --
> 2.43.0
>
On 3/6/24 05:39, Simon Chopin wrote:
> Hi Palmer, thanks for the patch.
>
> On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote:
>> I sign commits and have signature verification on in git. Maybe that's
>> a bad idea because it trips up a bunch of scripts, but it's pretty easy
>> to just force skipping signature verification here.
>
> Presumably, there's all kind of things that could go wrong if the user
> has some particular git configuration. I feel like this particular can
> of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL
> to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure)
> to clear any interfering custom config.
I agree completely.
If we need to we should reset tooling *defaults* so bmg runs as expected.
> WDYT?
>
>>
>> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
>> ---
>> scripts/build-many-glibcs.py | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
>> index ec2ded6e56..f9cf14c94d 100755
>> --- a/scripts/build-many-glibcs.py
>> +++ b/scripts/build-many-glibcs.py
>> @@ -931,7 +931,7 @@ class Context(object):
>> if self.replace_sources:
>> subprocess.run(['git', 'clean', '-dxfq'],
>> cwd=self.component_srcdir(component), check=True)
>> - subprocess.run(['git', 'pull', '-q'],
>> + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'],
>> cwd=self.component_srcdir(component), check=True)
>> else:
>> if self.shallow:
>> --
>> 2.43.0
>>
>
On Thu, 07 Mar 2024 12:44:01 PST (-0800), Carlos O'Donell wrote:
> On 3/6/24 05:39, Simon Chopin wrote:
>> Hi Palmer, thanks for the patch.
>>
>> On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote:
>>> I sign commits and have signature verification on in git. Maybe that's
>>> a bad idea because it trips up a bunch of scripts, but it's pretty easy
>>> to just force skipping signature verification here.
>>
>> Presumably, there's all kind of things that could go wrong if the user
>> has some particular git configuration. I feel like this particular can
>> of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL
>> to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure)
>> to clear any interfering custom config.
>
> I agree completely.
>
> If we need to we should reset tooling *defaults* so bmg runs as expected.
Seems reasonable to me. I sent a v2.
>
>> WDYT?
>>
>>>
>>> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
>>> ---
>>> scripts/build-many-glibcs.py | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
>>> index ec2ded6e56..f9cf14c94d 100755
>>> --- a/scripts/build-many-glibcs.py
>>> +++ b/scripts/build-many-glibcs.py
>>> @@ -931,7 +931,7 @@ class Context(object):
>>> if self.replace_sources:
>>> subprocess.run(['git', 'clean', '-dxfq'],
>>> cwd=self.component_srcdir(component), check=True)
>>> - subprocess.run(['git', 'pull', '-q'],
>>> + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'],
>>> cwd=self.component_srcdir(component), check=True)
>>> else:
>>> if self.shallow:
>>> --
>>> 2.43.0
>>>
>>
@@ -931,7 +931,7 @@ class Context(object):
if self.replace_sources:
subprocess.run(['git', 'clean', '-dxfq'],
cwd=self.component_srcdir(component), check=True)
- subprocess.run(['git', 'pull', '-q'],
+ subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'],
cwd=self.component_srcdir(component), check=True)
else:
if self.shallow: