Wikkid should be able to disable GPG signing

I'm not really sure that makes sense; various agents can prompt you
via e.g. global windows, and how can wikkid tell (or other repo
checkers tell) that a commit without a signature is permitted?

There is an environment variable that can be set (BZR_HOME?) that should be
overridden in the start script used to do this.

Having said that, I have GPG signing enabled, and I don't get prompted.
Perhaps I've overridden the setting in my locations.conf.

I was running wikkid on a remote machine and it just hung waiting for a passphrase on the remote machine.

I can see that disabling the signing is not necessarily the right thing to do. Perhaps wikkid should unset the signing command so signing will fail when required, instead?

On Mon, 18 Oct 2010 02:11:28 you wrote:
> I was running wikkid on a remote machine and it just hung waiting for a
> passphrase on the remote machine.
>
> I can see that disabling the signing is not necessarily the right thing
> to do. Perhaps wikkid should unset the signing command so signing will
> fail when required, instead?

Is there a way that wikkid could determine if the config is asking for signing
though bzrlib? If so we could bomb out... maybe.

Alternatively force a fail.

I'm not entirely sure which way we should go with this.

It seems plausible (if not very likely) that people would want wikkid
to sign all its commits, and if there was a key with no passphrase
that would be possible. I think the essential bug here is that if
user interaction is not possible, signing should fail (or be skipped)
rather than just hanging. bzr can't tell whether the key is encrypted
or not but it can control what fds and environment variables gpg sees.
Perhaps if bzr is noninteractive it can pass a --batch flag to gpg.

You might be able to work around this with a per-location gpg configuration?

--
Martin

I'd at least argue that having Wikkid disable signing for a branch that a user has configured to require signing seems a little bit wrong. I realize the global-value effect. But I'm pretty sure you can do something like:

[/path/to/wikkid/root]
create_signatures = never

And have that override your bazaar.conf setting. Is that not sufficient for this use case?

John, I think I do that for my branch. It would be good to be able to determine if a branch requires signing. At least that way we could check on start up.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/7/2011 11:58 PM, Tim Penhey wrote:
> John, I think I do that for my branch. It would be good to be able to
> determine if a branch requires signing. At least that way we could
> check on start up.
>

branch.get_config().signature_needed()

Do you need more than that?

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4WqzIACgkQJdeBCYSNAAMgFACfYOCUGLxhpLCArmtXJFffiNT7
nX4AnjhLQRPxfDfezcVPJmMAlQvHU+Kh
=Ebkw
-----END PGP SIGNATURE-----