You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2019/07/11 09:26:04 UTC

[whimsy] branch master updated: WHIMSY-275 - try fetching by https instead of gpg

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new b9e72c2  WHIMSY-275 - try fetching by https instead of gpg
b9e72c2 is described below

commit b9e72c27f1fc9353d2a10552e9961d63890bb209
Author: Sebb <se...@apache.org>
AuthorDate: Thu Jul 11 10:25:57 2019 +0100

    WHIMSY-275 - try fetching by https instead of gpg
    
    TEMPORARY HACK
---
 .../views/actions/check-signature.json.rb          | 50 +++++++++++++++++-----
 1 file changed, 39 insertions(+), 11 deletions(-)

diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb
index b56466b..0f6f0d1 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -37,18 +37,46 @@ begin
     keyid = err[/[RD]SA key (ID )?(\w+)/,2].untaint
 
     out2 = err2 = '' # needed later
-    KEYSERVERS.each do |server|
-      out2, err2, rc2 = Open3.capture3 gpg, '--keyserver', server,
-        '--debug', 'ipc', # seems to show communication with dirmngr
-        '--recv-keys', keyid
-      # for later analysis
-      Wunderbar.warn "#{gpg} --keyserver #{server} --recv-keys #{keyid} rc2=#{rc2} out2=#{out2} err2=#{err2}"
-      if rc2.exitstatus == 0 # Found the key
-        out2 = err2 = '' # Don't add download error to verify error
-        break
-      end
+
+    #+++ TEMPORARY HACK (WHIMSY-275)
+
+#    KEYSERVERS.each do |server|
+#      out2, err2, rc2 = Open3.capture3 gpg, '--keyserver', server,
+#        '--debug', 'ipc', # seems to show communication with dirmngr
+#        '--recv-keys', keyid
+#      # for later analysis
+#      Wunderbar.warn "#{gpg} --keyserver #{server} --recv-keys #{keyid} rc2=#{rc2} out2=#{out2} err2=#{err2}"
+#      if rc2.exitstatus == 0 # Found the key
+#        out2 = err2 = '' # Don't add download error to verify error
+#        break
+#      end
+#    end
+
+    require 'open-uri'
+    if keyid.length == 40
+      uri = "https://keys.openpgp.org/vks/v1/by-fingerprint/#{keyid}"
+    else
+      uri = "https://keys.openpgp.org/vks/v1/by-keyid/#{keyid}"
     end
-  
+    Wunderbar.warn uri
+    Dir.mktmpdir do |dir|
+      begin
+        tmpfile = File.join(dir, keyid)
+        File.open(tmpfile,"w") do |f|
+          f.puts(URI(uri).read)
+        end
+        out2, err2, rc2 = Open3.capture3 gpg,
+          '--batch', '--import', tmpfile
+        # For later analysis
+        Wunderbar.warn "#{gpg} --import #{tmpfile} rc2=#{rc2} out2=#{out2} err2=#{err2}"
+      rescue Exception => e
+        Wunderbar.warn "GET uri=#{uri} e=#{e}"
+        err2 = e.to_s
+      end
+    end  
+
+    #--- TEMPORARY HACK (WHIMSY-275)
+
     # run gpg verify command again
     # TODO: may need to drop the keyid-format parameter when gpg is updated as it might
     # reduce the keyid length from the full fingerprint