Joel Aelwyn wrote: > On Fri, May 06, 2005 at 01:04:29AM -0700, Josh Triplett wrote: >>debpool's requirement for providing a passphrase file precludes allowing >>gpg to retrieve the passphrase via other means such as gpg-agent. With >>the attached patch, debpool will allow the gpg_passfile option to be >>undefined, in which case debpool will not attempt to pass a passphrase >>to gpg, and will assume that it will be obtained some other way. This >>allows me to run debpool in non-daemon mode under my user account and >>use my own GPG key with gpg-agent, without putting my passphrase in a file. > > I agree on principle; my only concern is not causing strange failures for > new users who aren't familiar with how to arrange an alternative mechanism. > A quick skim of the patch looks reasonable, however, and I will give the > question of how to handle a failure case (that is, someone who neither > defines the option nor arranges another way of getting the passphrase > through) elegantly.
Given that using GPG is not the default, and that I patched the README files and DebPool::Config manpage which discuss how to enable it to mention that you either need the passphrase file or you need to use something like gpg-agent, the only way I can think of that someone could encounter a confusing failure would be if they just copied the commented-out sample config from /etc/debpool/Config.pm and started hacking it without reading any documentation. To handle that last corner case, perhaps a similar note could be added as a comment to the sample config file right above the passphrase option, saying that "If GPG is enabled, then either this option must be set to the name of a file containing the passphrase, or the passphrase must be supplied to GPG by some means transparent to debpool, such as gpg-agent." With the addition of that note, I don't think anyone will be confused. As for actually handling the failure case, one possible method would be to check if the $GPG_AGENT_INFO environment variable was set, and give an error otherwise. However, that assumes that the user will use gpg-agent, whereas there are other methods to give gpg the passphrase which don't involve gpg-agent. My assumption was that whatever method the user used might be unknown to debpool. Therefore, the only thing I can think of would be to check if the gpg process returned an error, and mention in the error message that this might be due to an unavailable passphrase, pointing to the documentation for how to solve the problem. > Sorry about the delay in replying; life out of of Debian (mostly work) has > been kicking me six ways from Sunday. I know that feeling. :) Thanks for your work on debpool; it works wonderfully. - Josh Triplett
signature.asc
Description: OpenPGP digital signature
