[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for Gnu
From: |
Darshit Shah |
Subject: |
[PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG |
Date: |
Tue, 8 Mar 2022 01:30:30 +0100 |
Okay, I decided to take the easy way out and wrote this patch instead. The URL
was too long and ugly in the --help output, so I'm glad to remove it from
there.
-- >8 --
* build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
deprecated and has been offline since the middle of 2021. The default
keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
offline as well. Instead, use the Release Keyring on Savannah to list the
GnuPG Keys used to sign releases for that project and import the entire
keyring. A new option --gpg-keyring-url is provided for projects that don't
use Savannah or maintain their keyring elsewhere
---
ChangeLog | 11 +++++++++++
build-aux/announce-gen | 9 ++++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e3f0ed216c..c2ea26f5ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2022-03-08 Darshit Shah <darnir@gnu.org>
+
+ build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
+ * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys
was
+ deprecated and has been offline since the middle of 2021. The default
+ keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
+ offline as well. Instead, use the Release Keyring on Savannah to list
the
+ GnuPG Keys used to sign releases for that project and import the entire
+ keyring. A new option --gpg-keyring-url is provided for projects that
don't
+ use Savannah or maintain their keyring elsewhere
+
2022-03-07 Pádraig Brady <P@draigBrady.com>
fcntl-h: add AT_NO_AUTOMOUNT
diff --git a/build-aux/announce-gen b/build-aux/announce-gen
index 5c35e3d564..ff6d226ad5 100755
--- a/build-aux/announce-gen
+++ b/build-aux/announce-gen
@@ -90,6 +90,8 @@ The following are optional:
VERSION is the result of running git describe
in the gnulib source directory.
required if gnulib is in TOOL_LIST.
+ --gpg-keyring-url=URL URL pointing to the GnuPG Keyring containing
+ the key used to sign the tarballs
--no-print-checksums do not emit SHA1 or SHA256 checksums
--archive-suffix=SUF add SUF to the list of archive suffixes
--mail-headers=HEADERS a space-separated list of mail headers, e.g.,
@@ -377,6 +379,7 @@ sub get_tool_versions ($$)
my $bootstrap_tools;
my $gnulib_version;
my $print_checksums_p = 1;
+ my $gpg_keyring_url;
# Reformat the warnings before displaying them.
local $SIG{__WARN__} = sub
@@ -395,6 +398,7 @@ sub get_tool_versions ($$)
'previous-version=s' => \$prev_version,
'current-version=s' => \$curr_version,
'gpg-key-id=s' => \$gpg_key_id,
+ 'gpg-keyring-url=s' => \$gpg_keyring_url,
'url-directory=s' => \@url_dir_list,
'news=s' => \@news_file,
'srcdir=s' => \$srcdir,
@@ -434,6 +438,9 @@ sub get_tool_versions ($$)
@url_dir_list
or (warn "URL directory name(s) not specified\n"), $fail = 1;
+ $gpg_keyring_url
+ or $gpg_keyring_url =
"https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name&download=1";
+
my @tool_list = split ',', $bootstrap_tools
if $bootstrap_tools;
@@ -536,7 +543,7 @@ and the corresponding tarball. Then, run a command like
this:
If that command fails because you don't have the required public key,
then run this command to import it:
- gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
+ wget -q -O- '$gpg_keyring_url' | gpg --import -
and rerun the 'gpg --verify' command.
EOF
--
2.35.1