Re: cvs-1.12.13.1 init problem

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bob,

Bob Chapman <address@hidden> writes:

> Given that 1.2.13.1 has been available since 11-Jul-2006 this
> 'problem' must be either (1) an artifact of my ignorance or (2) a well
> known 'feature' but --

I am going to assume you intended to speak about cvs 1.12.13.1 which is
the current top-of-tree main trunk sources for CVS. Please be advised
that 1.12.13.1 is not actually a formally released set of sources due to
some problems in the building of the Windows client.

If anyone has time to consider working on that client, and we can pass
all of the tests, then we can look to a release of cvs 1.12.14 which
will contain these new features.

> 
> Creating a new repository with 'init' results in a loop requesting a 
> passphrase:
> 
>   $ ../utils/cvs-1.12.13.1/src/cvs -d /cvsroot/newcvs/ init
>   You need a passphrase to unlock the secret key for
>   user: "....
> 
> Using Ctl-C to exit the loop leaves the terminal in a no echo state.

It is actually asking you to sign each of the files that it is creating
in the CVSROOT directory of your new repository.

You may find it desriable to use the gpg-agent which comes with GnuPG
2.0.x to handle the credentials for the GPG key you wish to use when
signing revisions in the repository.

> However, the repository IS created and 1.2.13.1 is able to import,
> checkout, commit, etc. (The passphrase request works for import and
> commit).

Yes.

> If the "--no-sign" option is added for a 1.2.13.1 "init" then an
> apparently usable repository is created without the "passphrase loop".

Yes, but the revisions are not trusted until and unless you do a
'cvs sign' operation on the files.

> This behavior has been observed for cvs 1.2.13.1 built from source on both 
> CentOS 4.5 and Ubuntu 7.04.

If you are not going to make use of the digital signatures for each
checked in revision of files, then you may wish to disable the OpenPGP
support. Do so if you do not wish to have users asking to sign every
binary. The easiest method to use to build a CVS which does not actually
add support for GnuPG is to configure it with

        configure GPG=/no/such/executable

which will have the side-effect of telling CVS that the path to gpg is
/no/such/executable but when that path does not work properly that it is
'broken' and should be ignored.

However, if you like the idea of a digital signature for each revision
of files in the repository, you may enable support and teach your users
how to use gpg-agent or similar mechanisms to facilitate multi-file
checkins without the need to be prompted for every revision of every
file.

        Enjoy!
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFGmUOYCg7APGsDnFERAqSbAJ4lGYrDl1B69nOxX7ND3RSBoXeIlgCeOXQL
eedMheQe6MTZsJJB+oH+HAM=
=U00a
-----END PGP SIGNATURE-----