Re: [Monotone-devel] Committing with the wrong key

[Juan Jose Comellas]

I followed your instructions but the problem persisted. It looks like I did 
create two different keys with the same name. There was a very old key I had 
not taken into account. For this particular revision I ended up disapproving 
it and re-committing it.

I'm still wondering why monotone admitted the commit when the key was not 
allowed to write to the repository.

I will try recreating all the certs for the revisions that have been signed 
with the old invalid key and see what happens.

Thanks for your help.


On Sat September 23 2006 22:41, Nathaniel Smith wrote:
> On Sat, Sep 23, 2006 at 07:37:20PM -0300, Juan Jose Comellas wrote:
> > mtn: warning: ignoring bad signature by 'address@hidden'
> > I have made a commit to a branch with a key that was not allowed to do
> > so. I have added to key in my monotonerc file but I'm still getting the
> > following error:
> >
> > on
> > 'address@hidden:amNvbWVsbGFzQG5vdmFtZW5
> >zLmNvbQ==]' mtn: warning: ignoring bad signature by
> > 'address@hidden' on
> > 'address@hidden:MjAwNi0wOS0yMlQyMjo0OTo1N
> >g==]' mtn: warning: ignoring bad signature by 'address@hidden' on
> > 'address@hidden:YXBwX2FwdGVsYV9tYWluX2J
> >yYW5jaA==]' mtn: warning: ignoring bad signature by
> > 'address@hidden' on
> > 'address@hidden:TW9kaWZpZWQgdGhlIGlu
> >YWN0aXZpdHkgdGltZW91dCB0byAxMCBzZWNvbmRzLgo=]'
> > -----------------------------------------------------------------
> > Revision: 77e0f322c753dabe84c62c8b89ae4449cc443672
> > Ancestor: af5a076b9e2d9d8b9e086a259c9a5871c07be21d
> >
> > Modified files:
> >         src/defs.h
> >
> > How can I recover this commit? I guess I would have to redo the certs,
> > but I have failed to do so. How can I do this? If a key is not allowed to
> > write to a repository, why was I able to commit with it?
>
> That error message is complaining that, literally, the signature is
> bad.  (You would get a different message if the signature was good,
> but you had written a get_revision_cert_trust hook that disliked it.)
>
> The most likely cause is that you generated two different keys with
> the same name, used one to create those certs, and then loaded the
> other into your database?  Even that is a bit tricky, since keys are
> supposed to be loaded into the database and transferred whenever certs
> are, so I'm not sure how you'd manage that...
>
> In any case, to recover you want to clear out those certs, which
> requires "db execute".  The easiest way to do this is simply
>   $ mtn db execute "delete from revision_certs where id =
> '77e0f322c753dabe84c62c8b89ae4449cc443672'" which deletes all certs on
> revision
> 77e0f322c753dabe84c62c8b89ae4449cc443672.
>
> Then, you'd want to re-issue them, with something like
>   $ REV=77e0f322c753dabe84c62c8b89ae4449cc443672
>   $ mtn cert $REV author "address@hidden"
>   $ mtn cert $REV date "2006-09-22T22:49:56"
>   $ mtn cert $REV branch "app_aptela_main_branch"
>   $ mtn cert $REV changelog "Modified the inactivity timeout to 10 seconds
>   "
> (yes, that's a literal newline in the final command, you may want to
> check that one with your shell before trying it for real...)
>
> But you should figure out what exactly you did, as well; if you have
> two different keys with the same name in two different databases, then
> you need to clean that up first.
>
> -- Nathaniel

-- 
Juan Jose Comellas
(address@hidden)