Message ID | 20240112185846.24483-1-palmer@rivosinc.com |
---|---|
State | New |
Headers | show |
Series | Don't check signatures in build-many-glibcs.py | expand |
Hi Palmer, thanks for the patch. On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote: > I sign commits and have signature verification on in git. Maybe that's > a bad idea because it trips up a bunch of scripts, but it's pretty easy > to just force skipping signature verification here. Presumably, there's all kind of things that could go wrong if the user has some particular git configuration. I feel like this particular can of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure) to clear any interfering custom config. WDYT? > > Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> > --- > scripts/build-many-glibcs.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py > index ec2ded6e56..f9cf14c94d 100755 > --- a/scripts/build-many-glibcs.py > +++ b/scripts/build-many-glibcs.py > @@ -931,7 +931,7 @@ class Context(object): > if self.replace_sources: > subprocess.run(['git', 'clean', '-dxfq'], > cwd=self.component_srcdir(component), check=True) > - subprocess.run(['git', 'pull', '-q'], > + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'], > cwd=self.component_srcdir(component), check=True) > else: > if self.shallow: > -- > 2.43.0 >
On 3/6/24 05:39, Simon Chopin wrote: > Hi Palmer, thanks for the patch. > > On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote: >> I sign commits and have signature verification on in git. Maybe that's >> a bad idea because it trips up a bunch of scripts, but it's pretty easy >> to just force skipping signature verification here. > > Presumably, there's all kind of things that could go wrong if the user > has some particular git configuration. I feel like this particular can > of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL > to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure) > to clear any interfering custom config. I agree completely. If we need to we should reset tooling *defaults* so bmg runs as expected. > WDYT? > >> >> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> >> --- >> scripts/build-many-glibcs.py | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py >> index ec2ded6e56..f9cf14c94d 100755 >> --- a/scripts/build-many-glibcs.py >> +++ b/scripts/build-many-glibcs.py >> @@ -931,7 +931,7 @@ class Context(object): >> if self.replace_sources: >> subprocess.run(['git', 'clean', '-dxfq'], >> cwd=self.component_srcdir(component), check=True) >> - subprocess.run(['git', 'pull', '-q'], >> + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'], >> cwd=self.component_srcdir(component), check=True) >> else: >> if self.shallow: >> -- >> 2.43.0 >> >
On Thu, 07 Mar 2024 12:44:01 PST (-0800), Carlos O'Donell wrote: > On 3/6/24 05:39, Simon Chopin wrote: >> Hi Palmer, thanks for the patch. >> >> On ven. 12 janv. 2024 10:58:46, Palmer Dabbelt wrote: >>> I sign commits and have signature verification on in git. Maybe that's >>> a bad idea because it trips up a bunch of scripts, but it's pretty easy >>> to just force skipping signature verification here. >> >> Presumably, there's all kind of things that could go wrong if the user >> has some particular git configuration. I feel like this particular can >> of worms could be side-stepped entirely if we just set GIT_CONFIG_GLOBAL >> to /dev/null (and perhaps used GIT_CONFIG_NOSYSTEM=1 for good measure) >> to clear any interfering custom config. > > I agree completely. > > If we need to we should reset tooling *defaults* so bmg runs as expected. Seems reasonable to me. I sent a v2. > >> WDYT? >> >>> >>> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> >>> --- >>> scripts/build-many-glibcs.py | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py >>> index ec2ded6e56..f9cf14c94d 100755 >>> --- a/scripts/build-many-glibcs.py >>> +++ b/scripts/build-many-glibcs.py >>> @@ -931,7 +931,7 @@ class Context(object): >>> if self.replace_sources: >>> subprocess.run(['git', 'clean', '-dxfq'], >>> cwd=self.component_srcdir(component), check=True) >>> - subprocess.run(['git', 'pull', '-q'], >>> + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'], >>> cwd=self.component_srcdir(component), check=True) >>> else: >>> if self.shallow: >>> -- >>> 2.43.0 >>> >>
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py index ec2ded6e56..f9cf14c94d 100755 --- a/scripts/build-many-glibcs.py +++ b/scripts/build-many-glibcs.py @@ -931,7 +931,7 @@ class Context(object): if self.replace_sources: subprocess.run(['git', 'clean', '-dxfq'], cwd=self.component_srcdir(component), check=True) - subprocess.run(['git', 'pull', '-q'], + subprocess.run(['git', 'pull', '-q', '--no-verify-signatures'], cwd=self.component_srcdir(component), check=True) else: if self.shallow:
I sign commits and have signature verification on in git. Maybe that's a bad idea because it trips up a bunch of scripts, but it's pretty easy to just force skipping signature verification here. Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> --- scripts/build-many-glibcs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)