Launchpad itself

OOPS using email interface with a expired gpg key

Bug #211830 reported by Diogo Matsubara
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Invalid
Critical
Brad Crittenden

Bug Description

As seen in OOPS-824CEMAIL1 an InvalidSignature exception was raised when a expired signature was used in the email interface.

Instead of recording an OOPS we should tell the user that his key is expired and because of that the email couldn't be processed.

The exception value is Signature couldn't be verified: (7, 153, 'Key expired')

A copy of the message can be found at: https://pastebin.canonical.com/3860/

Recently:
 * InvalidSignature: Signature couldn't be verified: (7, 9, 'No public key'): OOPS-978CEMAIL2

See original description
Diogo Matsubara (matsubara)
Changed in malone:
assignee: nobody → intellectronica
Eleanor Berger (intellectronica)
Changed in malone:
milestone: none → 1.2.4
Björn Tillenius (bjornt)
Changed in malone:
milestone: 1.2.4 → 1.2.5
status: New → Confirmed
Revision history for this message
Björn Tillenius (bjornt) wrote :

This doesn't happen very often.

Changed in malone:
importance: Undecided → Low
milestone: 1.2.5 → 1.2.6
Björn Tillenius (bjornt)
Changed in malone:
milestone: 1.2.6 → none
Diogo Matsubara (matsubara)
description: updated
Revision history for this message
Ursula Junque (ursinha) wrote :

Recently: OOPS-953CEMAIL1 (Bad signature)

Ursula Junque (ursinha)
description: updated
Revision history for this message
Barry Warsaw (barry) wrote :

Except that my signature should not be expired.

Revision history for this message
Barry Warsaw (barry) wrote :

Can we increase the importance of this? Here's another oops I got the last time I was an on-call reviewer: OOPS-1112CEMAIL7

I'm certain that my signature isn't expired, so I think something else is going on.

Eleanor Berger (intellectronica)
Changed in malone:
importance: Low → High
status: Confirmed → Triaged
Revision history for this message
Björn Tillenius (bjornt) wrote :

Two comments to you Barry. First of all, the OOPS you have is a different one, so it might deserve another fix, don't know.

Second, this obviously isn't a Malone issue. I'm moving this bug over to Foundations. I'll take a quick look at this to see if I can see what's wrong with your mail. The OOPS isn't about an expired signature, it says that there is nothing to verify.

Changed in malone:
assignee: intellectronica → nobody
importance: High → Undecided
Revision history for this message
Björn Tillenius (bjornt) wrote :

Barry, there might be something wrong with your signature. If I download the raw e-mail message, gpg can't verify the signature. It says "CRC error; E7341E - DC3E73", and thus doesn't find any signatures.

Revision history for this message
Björn Tillenius (bjornt) wrote :

actually, it's probably not the signature that is wrong, but the way we verify it. I suspect we have to decode/normalize something before trying to verify the signature. The signature verifies ok in mutt (which uses gpg to verify it). This is a separate bug than the original one.

Revision history for this message
Barry Warsaw (barry) wrote :

Thanks for looking into this Bjorn, I'll file a separate bug.

Revision history for this message
Barry Warsaw (barry) wrote :

Bug 318894

Diogo Matsubara (matsubara)
description: updated
Curtis Hovey (sinzui)
Changed in launchpad-foundations:
importance: Undecided → Low
Robert Collins (lifeless)
Changed in launchpad:
importance: Low → Critical
Brad Crittenden (bac)
Changed in launchpad:
assignee: nobody → Brad Crittenden (bac)
status: Triaged → In Progress
Revision history for this message
Brad Crittenden (bac) wrote :

This bug was fixed by the solution to bug 331877. Marking it now as invalid.

Changed in launchpad:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.