[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for
From: |
Darshit Shah |
Subject: |
Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG |
Date: |
Tue, 08 Mar 2022 00:51:00 +0100 |
User-agent: |
Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997 |
Sorry,
I just realized a glaring error in this patch. The $gpg_keyring_url variable is
not used at all. Instead the Savannah URL is hardcoded in the announce email.
My Perl is not good enough to immediately know how to force a lazy evaluation
of the variable in order to get the project name at the end.
It's late at night, and I shouldn't have sent the patch when semi-asleep. I'll
fix the issue and send a new version later in the day.
On Tue, Mar 8, 2022, at 00:45, Darshit Shah wrote:
> * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
> deprecated and has been offline since the middle of 2021. The default
> keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> offline as well. Instead, use the Release Keyring on Savannah to list the
> GnuPG Keys used to sign releases for that project and import the entire
> keyring. A new option --gpg-keyring-url is provided for projects that don't
> use Savannah or maintain their keyring elsewhere
> ---
> ChangeLog | 11 +++++++++++
> build-aux/announce-gen | 7 ++++++-
> 2 files changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index e3f0ed216c..c2ea26f5ca 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,14 @@
> +2022-03-08 Darshit Shah <darnir@gnu.org>
> +
> + build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
> + * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys
> was
> + deprecated and has been offline since the middle of 2021. The default
> + keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> + offline as well. Instead, use the Release Keyring on Savannah to list
> the
> + GnuPG Keys used to sign releases for that project and import the entire
> + keyring. A new option --gpg-keyring-url is provided for projects that
> don't
> + use Savannah or maintain their keyring elsewhere
> +
> 2022-03-07 Pádraig Brady <P@draigBrady.com>
>
> fcntl-h: add AT_NO_AUTOMOUNT
> diff --git a/build-aux/announce-gen b/build-aux/announce-gen
> index 5c35e3d564..19f0015e47 100755
> --- a/build-aux/announce-gen
> +++ b/build-aux/announce-gen
> @@ -52,6 +52,7 @@ use POSIX qw(strftime);
> my %valid_release_types = map {$_ => 1} qw (alpha beta stable);
> my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz);
> my $srcdir = '.';
> +my $gpg_keyring_url =
> "https://savannah.gnu.org/project/release-gpgkeys.php?group=\$project_name&download=1";
>
> sub usage ($)
> {
> @@ -90,6 +91,9 @@ The following are optional:
> VERSION is the result of running git
> describe
> in the gnulib source directory.
> required if gnulib is in TOOL_LIST.
> + --gpg-keyring-url=URL URL pointing to the GnuPG Keyring
> containing
> + the key used to sign the tarballs
> + (default: $gpg_keyring_url)
> --no-print-checksums do not emit SHA1 or SHA256 checksums
> --archive-suffix=SUF add SUF to the list of archive suffixes
> --mail-headers=HEADERS a space-separated list of mail
> headers, e.g.,
> @@ -395,6 +399,7 @@ sub get_tool_versions ($$)
> 'previous-version=s' => \$prev_version,
> 'current-version=s' => \$curr_version,
> 'gpg-key-id=s' => \$gpg_key_id,
> + 'gpg-keyring-url=s' => \$gpg_keyring_url,
> 'url-directory=s' => \@url_dir_list,
> 'news=s' => \@news_file,
> 'srcdir=s' => \$srcdir,
> @@ -536,7 +541,7 @@ and the corresponding tarball. Then, run a command
> like this:
> If that command fails because you don't have the required public key,
> then run this command to import it:
>
> - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
> + wget -q -O-
> 'https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name&download=1'
>
> | gpg --import -
>
> and rerun the 'gpg --verify' command.
> EOF
> --
> 2.35.1