diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 16:43:31 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 16:43:31 -0700 |
| commit | 4abc1503ee16c220ab4175724659eee8c8ce53d0 (patch) | |
| tree | 997d0a2ae0addd279c455f82bd27d960ff010959 | |
| parent | bin/update-keys: include all-devs, and optimize fetch (diff) | |
| download | www-4abc1503ee16c220ab4175724659eee8c8ce53d0.tar.gz www-4abc1503ee16c220ab4175724659eee8c8ce53d0.tar.bz2 www-4abc1503ee16c220ab4175724659eee8c8ce53d0.zip | |
wkd: pass all keyrings during export, otherwise export-clean removes too much
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | _plugins/wkd.rb | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/_plugins/wkd.rb b/_plugins/wkd.rb index 7ac9f7a..9c8cf45 100644 --- a/_plugins/wkd.rb +++ b/_plugins/wkd.rb @@ -6,8 +6,15 @@ require 'digest' module Gentoo class WKDGenerator < Jekyll::Generator - DEV_KEYRING = '_data/active-devs.gpg'.freeze + ACTIVE_DEV_KEYRING = '_data/active-devs.gpg'.freeze SERVICE_KEYRING = '_data/service-keys.gpg'.freeze + ALL_DEV_KEYRING = '_data/all-devs.gpg'.freeze + # Need all keyrings here, for export-clean + KEYRINGS = [ + ACTIVE_DEV_KEYRING, + SERVICE_KEYRING, + ALL_DEV_KEYRING, + ] WKD_DIR = '.well-known/openpgpkey/'.freeze GPG_BASE_COMMAND = ['gpg', '--no-auto-check-trustdb', @@ -35,7 +42,7 @@ module Gentoo # Do not run if we have no fingerprints to do # otherwise GPG will print 'gpg: WARNING: nothing exported' return if fps.empty? - gpg = GPG_BASE_COMMAND + ['--keyring', keyring] + gpg = GPG_BASE_COMMAND + Array(keyring).flatten.map {|k_| %w(--keyring) + Array(k_)}.flatten IO.popen(gpg + ['--export', *fps], 'rb') do |p| keydata = p.read next if keydata.empty? @@ -62,7 +69,7 @@ module Gentoo old_base32_table = Base32.table Base32.table = 'ybndrfg8ejkmcpqxot1uwisza345h769'.freeze - [['current', DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| + [['current', ACTIVE_DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| keyring_fps = get_fingerprints_from_keyring(keyring) # Now loop over users site.data['userinfo'][group].each do |nick, details| @@ -71,7 +78,9 @@ module Gentoo # Run only on the intersection of fingerprints we want and fingerprints we have # TODO: extract the domain here to use for WKD Advanced, for future # cases where we have @FOO.gentoo.org emails. - generate_each_nick(site, keyring, nick, (keyring_fps & fps), 'gentoo.org') + # Must provide *all* keyrings here because of export-clean: + # otherwise it will exclude signatures that cross keyrings. + generate_each_nick(site, KEYRINGS, nick, (keyring_fps & fps), 'gentoo.org') rescue # fail them silently end |