[MacPorts] #46601: caff cannot find public keys due to stderr redirection

Sat Jan 17 21:46:16 PST 2015

#46601: caff cannot find public keys due to stderr redirection
------------------------+--------------------------------
 Reporter:  macports@…  |      Owner:  macports-tickets@…
     Type:  defect      |     Status:  new
 Priority:  Normal      |  Milestone:
Component:  ports       |    Version:  2.3.3
 Keywords:              |       Port:  signing-party
------------------------+--------------------------------
 `caff` is a tool to sign the keys after a keysigning party.  As far as I
 can tell on OS X (10.9) with perl 5.16 from MacPorts, caff's decision to
 do:

 {{{
 open my $NULL, '+<', '/dev/null';
 [...]
         # get key listing (and ensure there is no collision)
         my $handles = make_gpg_fds( stdin => $NULL, stdout => undef,
 stderr => $NULL );
 }}}

 results in GPG not being run correctly (at all?), which means caff never
 finds the key to sign:

 {{{
 ewen at ashram:~$ caff --keys-from-gnupg -R e4d3e863
 [INFO] Key E4D3E863 imported from your normal GnuPGHOME.
 [WARN] No public keys found with list-key E4D3E863 (note that caff uses
 its own keyring in /Users/ewen/.caff/gnupghome).
 [NOTICE] No keys to sign found
 ewen at ashram:~$
 }}}

 which makes it not very useful at all :-(

 However if `/opt/local/bin/caff` is edited to avoid redirecting stderr to
 `+</dev/null`, then the same command works (ie, same keyid):

 {{{
 ewen at ashram:~$ caff --keys-from-gnupg -R e4d3e863
 [INFO] Key E4D3E863 imported from your normal GnuPGHOME.
 [INFO] Sign the following keys according to your policy, then exit gpg
 with 'save' after signing each key
 gpg --homedir=/Users/ewen/.caff/gnupghome --secret-keyring
 /Users/ewen/.gnupg/secring.gpg --no-auto-check-trustdb --trust-
 model=always --edit E4D3E863 sign
 gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 [....]
 }}}

 Since this took a while to debug, it'd be nice if it could be fixed at
 least in the MacPorts version.  (AFAICT the same code is still in, eg,
 signing-party 1.12 in Debian Unstable, but I'm not sure if it accidentally
 works there or not.)

 I tracked it down to getting part way into the fork child code in
 GnuPG::Interface before failing, but not precisely to which point it is
 failing.  However in the failing case there is no output at all to stdout,
 and it appears not to reach the point where gpg gets `exec()`ed at all.
 Without that redirect it seems to work fine.  The redirection of stderr to
 `+</dev/null` on listing keys is the only one in the code.

 Ewen

-- 
Ticket URL: <https://trac.macports.org/ticket/46601>
MacPorts <https://www.macports.org/>
Ports system for OS X