Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for

From:	Darshit Shah
Subject:	Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Date:	Tue, 08 Mar 2022 00:51:00 +0100
User-agent:	Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997

Sorry,

I just realized a glaring error in this patch. The $gpg_keyring_url variable is 
not used at all. Instead the Savannah URL is hardcoded in the announce email. 
My Perl is not good enough to immediately know how to force a lazy evaluation 
of the variable in order to get the project name at the end.

It's late at night, and I shouldn't have sent the patch when semi-asleep. I'll 
fix the issue and send a new version later in the day.

On Tue, Mar 8, 2022, at 00:45, Darshit Shah wrote:
> * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
> deprecated and has been offline since the middle of 2021. The default
> keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> offline as well. Instead, use the Release Keyring on Savannah to list the
> GnuPG Keys used to sign releases for that project and import the entire
> keyring. A new option --gpg-keyring-url is provided for projects that don't
> use Savannah or maintain their keyring elsewhere
> ---
>  ChangeLog              | 11 +++++++++++
>  build-aux/announce-gen |  7 ++++++-
>  2 files changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index e3f0ed216c..c2ea26f5ca 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,14 @@
> +2022-03-08  Darshit Shah  <darnir@gnu.org>
> +
> +     build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
> +     * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys 
> was
> +     deprecated and has been offline since the middle of 2021. The default
> +     keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> +     offline as well. Instead, use the Release Keyring on Savannah to list 
> the
> +     GnuPG Keys used to sign releases for that project and import the entire
> +     keyring. A new option --gpg-keyring-url is provided for projects that 
> don't
> +     use Savannah or maintain their keyring elsewhere
> +
>  2022-03-07  Pádraig Brady  <P@draigBrady.com>
> 
>       fcntl-h: add AT_NO_AUTOMOUNT
> diff --git a/build-aux/announce-gen b/build-aux/announce-gen
> index 5c35e3d564..19f0015e47 100755
> --- a/build-aux/announce-gen
> +++ b/build-aux/announce-gen
> @@ -52,6 +52,7 @@ use POSIX qw(strftime);
>  my %valid_release_types = map {$_ => 1} qw (alpha beta stable);
>  my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz);
>  my $srcdir = '.';
> +my $gpg_keyring_url = 
> "https://savannah.gnu.org/project/release-gpgkeys.php?group=\$project_name&download=1";;
> 
>  sub usage ($)
>  {
> @@ -90,6 +91,9 @@ The following are optional:
>                                  VERSION is the result of running git 
> describe
>                                  in the gnulib source directory.
>                                  required if gnulib is in TOOL_LIST.
> +   --gpg-keyring-url=URL        URL pointing to the GnuPG Keyring 
> containing
> +                                the key used to sign the tarballs
> +                                (default: $gpg_keyring_url)
>     --no-print-checksums         do not emit SHA1 or SHA256 checksums
>     --archive-suffix=SUF         add SUF to the list of archive suffixes
>     --mail-headers=HEADERS       a space-separated list of mail 
> headers, e.g.,
> @@ -395,6 +399,7 @@ sub get_tool_versions ($$)
>       'previous-version=s' => \$prev_version,
>       'current-version=s'  => \$curr_version,
>       'gpg-key-id=s'       => \$gpg_key_id,
> +     'gpg-keyring-url=s'  => \$gpg_keyring_url,
>       'url-directory=s'    => \@url_dir_list,
>       'news=s'             => \@news_file,
>       'srcdir=s'           => \$srcdir,
> @@ -536,7 +541,7 @@ and the corresponding tarball.  Then, run a command 
> like this:
>  If that command fails because you don't have the required public key,
>  then run this command to import it:
> 
> -  gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
> +  wget -q -O- 
> 'https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name&download=1'
>  
> | gpg --import -
> 
>  and rerun the 'gpg --verify' command.
>  EOF
> -- 
> 2.35.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Darshit Shah, 2022/03/07
- Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Darshit Shah <=
- [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Darshit Shah, 2022/03/07
  - Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Simon Josefsson, 2022/03/13
    - Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Darshit Shah, 2022/03/13
    - Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG, Simon Josefsson, 2022/03/14

Prev by Date: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Next by Date: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Previous by thread: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Next by thread: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Index(es):
- Date
- Thread