diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 22:58:23 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 22:59:21 -0700 |
| commit | d4f598b57e46b6f0850195758accd42d4f6661de (patch) | |
| tree | 95b2caaf0384a5c7c699dd5274046d3d089007bc | |
| parent | Revert "wkd: only trim if the key is too large" (diff) | |
| download | www-d4f598b57e46b6f0850195758accd42d4f6661de.tar.gz www-d4f598b57e46b6f0850195758accd42d4f6661de.tar.bz2 www-d4f598b57e46b6f0850195758accd42d4f6661de.zip | |
Revert "wkd: pass all keyrings during export, otherwise export-clean removes too much"
This reverts commit 4abc1503ee16c220ab4175724659eee8c8ce53d0.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | _plugins/wkd.rb | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/_plugins/wkd.rb b/_plugins/wkd.rb index 9c8cf45..7ac9f7a 100644 --- a/_plugins/wkd.rb +++ b/_plugins/wkd.rb @@ -6,15 +6,8 @@ require 'digest' module Gentoo class WKDGenerator < Jekyll::Generator - ACTIVE_DEV_KEYRING = '_data/active-devs.gpg'.freeze + DEV_KEYRING = '_data/active-devs.gpg'.freeze SERVICE_KEYRING = '_data/service-keys.gpg'.freeze - ALL_DEV_KEYRING = '_data/all-devs.gpg'.freeze - # Need all keyrings here, for export-clean - KEYRINGS = [ - ACTIVE_DEV_KEYRING, - SERVICE_KEYRING, - ALL_DEV_KEYRING, - ] WKD_DIR = '.well-known/openpgpkey/'.freeze GPG_BASE_COMMAND = ['gpg', '--no-auto-check-trustdb', @@ -42,7 +35,7 @@ module Gentoo # Do not run if we have no fingerprints to do # otherwise GPG will print 'gpg: WARNING: nothing exported' return if fps.empty? - gpg = GPG_BASE_COMMAND + Array(keyring).flatten.map {|k_| %w(--keyring) + Array(k_)}.flatten + gpg = GPG_BASE_COMMAND + ['--keyring', keyring] IO.popen(gpg + ['--export', *fps], 'rb') do |p| keydata = p.read next if keydata.empty? @@ -69,7 +62,7 @@ module Gentoo old_base32_table = Base32.table Base32.table = 'ybndrfg8ejkmcpqxot1uwisza345h769'.freeze - [['current', ACTIVE_DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| + [['current', DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| keyring_fps = get_fingerprints_from_keyring(keyring) # Now loop over users site.data['userinfo'][group].each do |nick, details| @@ -78,9 +71,7 @@ module Gentoo # Run only on the intersection of fingerprints we want and fingerprints we have # TODO: extract the domain here to use for WKD Advanced, for future # cases where we have @FOO.gentoo.org emails. - # Must provide *all* keyrings here because of export-clean: - # otherwise it will exclude signatures that cross keyrings. - generate_each_nick(site, KEYRINGS, nick, (keyring_fps & fps), 'gentoo.org') + generate_each_nick(site, keyring, nick, (keyring_fps & fps), 'gentoo.org') rescue # fail them silently end |