On Thu, Mar 14, 2013 at 10:32:30PM -0400, Michael Mol wrote: > > As to how to accomplish this, it's either a throwaway sig, or poking the > > agent protocol directly. > The only trouble with that is if the agent is configured to only unlock > keys for limited periods of time, then your initial check might catch > the agent when the key is still unlocked, but your subsequent call to > GPG comes after the timeout. I ran into this while trying to set up > automated signing of debian packages I was building. So Debian has a test-gpg function already? Do you know where in their codebase it is?
> All it really means, in a practical procedural sense, is that you need > to allow yourself a way to roll back anything you've been doing if that > later check fails. I think we'd do: - All repoman checks - initial file editing if two-phase commit: - test gpg - commit1 - gpg sign - commit2 if one-phase commit: - gpg test - gpg sign - commit1 Unless commit1 took a really long time, the interval between the gpg calls should be very small. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
