[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22089: installs packages with bad signatures
From: |
Glenn Morris |
Subject: |
bug#22089: installs packages with bad signatures |
Date: |
Thu, 03 Dec 2015 18:10:09 -0500 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Package: emacs
Version: 25.0.50
Severity: important
Emacs happily installs packages with bad gpg signatures.
This has been flagged by the test-suite and automated builds for the past
several weeks. (I feel like asking why we even have those things, for
all the attention they seem to get.)
This seems to be the first failure.
http://hydra.nixos.org/build/27800227
Here is the diff from the previous build, with several package changes:
http://hydra.nixos.org/api/scmdiff?type=git&rev2=937565268a5dc3377d4c9bff6d48eb3645a77160&rev1=70f1fda4ae6abb5e11dcf281738c25f6f5b06061&uri=git%3A%2F%2Fgit.sv.gnu.org%2Femacs.git&branch=
Here's a standalone recipe in the emacs-25 branch:
cd test/automated
mkdir /tmp/foo
HOME=/tmp/foo ../../src/emacs -Q
(setq package-archives `(("gnu" . ,(expand-file-name "data/package/signed/"))))
(package-import-keyring "data/package/key.pub")
(package-initialize)
(package-refresh-contents)
(package-install 'signed-bad)
M-x list-packages -> signed-bad installed
- bug#22089: installs packages with bad signatures,
Glenn Morris <=