Johannes Schindelin venit, vidit, dixit 06.09.2016 18:43: > Hi Michael, > > okay, final mail on this issue today: > > On Tue, 6 Sep 2016, Johannes Schindelin wrote: > >> Your original issue seemed to be that the gpg command could succeed, but >> still no signature be seen. There *must* be a way to test whether the >> called program added a signature, simply by testing whether *any* >> characters were written. >> >> And if characters were written that were not actually a GPG signature, >> maybe the enterprisey user who configured the gpg command to be her magic >> script actually meant something else than a GPG signature to be added? > > I actually just saw that this is *precisely* what the code does already: > > if (ret || signature->len == bottom) > return error(_("gpg failed to sign the data")); > > Why is this not good enough?
Assuming "this" refers to error(): You said it's not good enough - because gpg's stderr is not displayed. And I agree with you on that point. Assuming "this" refers to the exit code check: gpg documentation says so over and over again: do not rely on exit codes, parse status-fd instead. (An often ignored advice, oh well.) As for most of your other remarks, I would appreciate if you could take a breath and reread what I wrote and what you wrote - before you send it - and curb your remarks about who is working on resolving issues. So, trying again to structure the issues and solutions, there are three issues: A) relying on gpg's exit code (and stdout) is not enough. Secure use of gpg requires checking status-fd. This is what my old patch solved. B) "gpg --status-fd=2" and swallowing stderr hides usual stderr from the user. This is what my old patch introduced and a Windows user reported. It is solved by my new additional patch. C) With that old patch, that Windows user is not asked for a passphrase on tty any more. Reverting my patches appears to solve C on Windows and reintroduces A on all platforms, obviously. C is not present on Linux. B is solved either way. Now, I can't reproduce C on Linux[*], so there is more involved. It could be that my patch just exposes a problem in our start_command() etc.: run-command.c contains a lot of ifdefing, so possibly quite different code is run on different platforms. It would be great if someone with a Windows environment could help our efforts in resolving issue C, by checking what is actually behind[**]: I can't believe that capturing stderr keeps gpg from reading stdin, but who knows. Maybe Jeff of pipe_command() fame? I'll put him on cc. Michael [*] Maybe that even depends on Linux environments (terminal emulator), so input from others would be helpful, too: Without a passphrase-agent/wallet etc, does "git tag -s -m test test" ask you for a passphrase on the terminal? I does for me with this stack: X11->i3->st->tmux->bash->git->gpg [**] "--status-fd=3" instead of "--status-fd=2" in my old patch would be a check whether our capturing of stderr is creating problems on Windows or gpg's writing status to stderr (which --status-fd=3 would change, at the expense of breaking the final check): Does gpg ask for the passphrase now?