Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
Hi Sean, Sean Whitton: > Here is a patch. Please let me know the results of any testing you're > able to do. I'm running 1.2-1 on sid. I did not test the exact UX failure mode this bug report is about but I confirm that a similar problem is now fixed. When there's a name resolution failure, previously I would see this: gcrypt: Repository not found: ta...@git.tails.boum.org:repo.git gcrypt: ..but repository ID is set. Aborting. … which is not particularly actionable, suggests there's a problem server-side, and has lead to many support requests from my team-mates. Now I also see: nc: getaddrinfo for host "git.tails.boum.org" port 22: Non-recoverable failure in name resolution ssh_exchange_identification: Connection closed by remote host fatal: Could not read from remote repository. … which tells me it's a name resolution problem and is actionable for me :) I assume this improvement is a side-effect of the fix you prepared for this bug, and it's great! Thank you.
Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
control: tag -1 +patch
Hello,
On Tue 20 Nov 2018 at 08:02AM +0100, intrigeri wrote:
> Hi Sean and moire,
>
> Sean Whitton:
>> I think the best option might simply be if git-remote-gcrypt
>> stops hiding the output from git when this failure occurs?
>
> Agreed (modulo I've not seen how that would look like yet; happy to
> test patches :)
Here is a patch. Please let me know the results of any testing you're
able to do.
--
Sean Whitton
From c79d3e4d7b6b1ca51fd4ba5c6773700ed67ef84f Mon Sep 17 00:00:00 2001
From: Sean Whitton
Date: Thu, 22 Nov 2018 20:54:56 -0700
Subject: [PATCH] output stderr from other commands when the repository is not
found
Closes: #914059
Signed-off-by: Sean Whitton
---
git-remote-gcrypt | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index ba75f09..ef1a078 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -62,6 +62,7 @@ EOF
xecho() { xfeed "$*" cat; }
xecho_n() { xecho "$@" | tr -d \\n ; } # kill newlines
echo_git() { xecho "$@" ; } # Code clarity
+echo_err() { xecho "$@" >&2; }
echo_info() { xecho "gcrypt:" "$@" >&2; }
echo_die() { echo_info "$@" ; exit 1; }
@@ -492,7 +493,7 @@ read_config()
ensure_connected()
{
local manifest_= r_repoid= r_name= url_frag= r_sigmatch= r_signers= \
- tmp_manifest=
+ tmp_manifest= tmp_stderr= stderr_=
if isnonnull "$Did_find_repo"
then
@@ -529,7 +530,10 @@ ensure_connected()
tmp_manifest="$Tempdir/maniF"
- GET "$URL" "$Manifestfile" "$tmp_manifest" 2>/dev/null || {
+ tmp_stderr="$Tempdir/stderr"
+ GET "$URL" "$Manifestfile" "$tmp_manifest" 2>| "$tmp_stderr" || {
+ stderr_="$(cat $tmp_stderr)"
+ echo_err "$stderr_"
echo_info "Repository not found: $URL"
if ! isnull "$Repoid"; then
echo_info "..but repository ID is set. Aborting."
--
2.11.0
signature.asc
Description: PGP signature
Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
Hi Sean and moire, Sean Whitton: > I think the best option might simply be if git-remote-gcrypt > stops hiding the output from git when this failure occurs? Agreed (modulo I've not seen how that would look like yet; happy to test patches :) Actually I would go as far as: " stop hiding the output from git when any failure occurs that would produce this error: gcrypt: Repository not found: "my encrypted git repo" gcrypt: ..but repository ID is set. Aborting. " Rationale: one also gets this not-quite-useful error message in other failure modes such as Internet connectivity issues; then, in my experience, users think that either they have misconfigured things the Git remote URL on their side, or the repo disappeared on the server side; in both cases, in practice this results to folks sending non-actionable support request to project engineers or sysadmins, which is somewhat frustrating to everyone involved. Cheers, -- intrigeri
Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
Hello intrigeri and moire, On Mon 19 Nov 2018 at 01:54PM +0100, intrigeri wrote: > moire: >> I was no longer able to use an encrypted git repo after the fingerprint >> for the RSA key sent by the remote host changed, > > To be 100% clear, the key moire is referring to is the *SSH* host key. Thanks. I think the best option might simply be if git-remote-gcrypt stops hiding the output from git when this failure occurs? > I've personally suggested moire reports this with severity=important > because it's been a serious UX stumbling block. I think that it > explains a number of similar issues I've been reported in the past, > that I did not manage to explain back then. Fair enough. > And as discussed at last DebConf, from now on we at Tails will try to > more consistently report all the smallish UX papercuts that make our > git-remote-gcrypt experience more painful than it should be :) That would be great. -- Sean Whitton signature.asc Description: PGP signature
Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
Hi Sean & moire, moire: > I was no longer able to use an encrypted git repo after the fingerprint > for the RSA key sent by the remote host changed, To be 100% clear, the key moire is referring to is the *SSH* host key. I've personally suggested moire reports this with severity=important because it's been a serious UX stumbling block. I think that it explains a number of similar issues I've been reported in the past, that I did not manage to explain back then. And as discussed at last DebConf, from now on we at Tails will try to more consistently report all the smallish UX papercuts that make our git-remote-gcrypt experience more painful than it should be :) Cheers, -- intrigeri
Bug#914059: git-remote-gcrypt: fails without mentioning that the fingerprint for the RSA key sent by the remote host has changed
Package: git-remote-gcrypt Version: 1.0.1-1 Severity: important Hi, * What led up to the situation? I was no longer able to use an encrypted git repo after the fingerprint for the RSA key sent by the remote host changed, and the failure message did not help me to understand why. * What exactly did you do (or not do) that was effective (or ineffective)? I tried to fetch updates from an encrypted git repository I've been using for a while. * What was the outcome of this action? gcrypt: Repository not found: "my encrypted git repo" gcrypt: ..but repository ID is set. Aborting. * What outcome did you expect instead? An indication of the cause of the failure. I discovered that the fingerprint had changed by trying to clone the repository somewhere else. Cheers, -- System Information: Debian Release: 9.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages git-remote-gcrypt depends on: ii git 1:2.11.0-3+deb9u4 ii gnupg 2.2.10-3 ii gnupg2 2.1.18-8~deb9u2 Versions of packages git-remote-gcrypt recommends: ii curl 7.52.1-5+deb9u8 ii rsync 3.1.2-1+deb9u1 git-remote-gcrypt suggests no packages. -- no debconf information
