You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2019/07/11 09:26:04 UTC
[whimsy] branch master updated: WHIMSY-275 - try fetching by https
instead of gpg
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new b9e72c2 WHIMSY-275 - try fetching by https instead of gpg
b9e72c2 is described below
commit b9e72c27f1fc9353d2a10552e9961d63890bb209
Author: Sebb <se...@apache.org>
AuthorDate: Thu Jul 11 10:25:57 2019 +0100
WHIMSY-275 - try fetching by https instead of gpg
TEMPORARY HACK
---
.../views/actions/check-signature.json.rb | 50 +++++++++++++++++-----
1 file changed, 39 insertions(+), 11 deletions(-)
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb
index b56466b..0f6f0d1 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -37,18 +37,46 @@ begin
keyid = err[/[RD]SA key (ID )?(\w+)/,2].untaint
out2 = err2 = '' # needed later
- KEYSERVERS.each do |server|
- out2, err2, rc2 = Open3.capture3 gpg, '--keyserver', server,
- '--debug', 'ipc', # seems to show communication with dirmngr
- '--recv-keys', keyid
- # for later analysis
- Wunderbar.warn "#{gpg} --keyserver #{server} --recv-keys #{keyid} rc2=#{rc2} out2=#{out2} err2=#{err2}"
- if rc2.exitstatus == 0 # Found the key
- out2 = err2 = '' # Don't add download error to verify error
- break
- end
+
+ #+++ TEMPORARY HACK (WHIMSY-275)
+
+# KEYSERVERS.each do |server|
+# out2, err2, rc2 = Open3.capture3 gpg, '--keyserver', server,
+# '--debug', 'ipc', # seems to show communication with dirmngr
+# '--recv-keys', keyid
+# # for later analysis
+# Wunderbar.warn "#{gpg} --keyserver #{server} --recv-keys #{keyid} rc2=#{rc2} out2=#{out2} err2=#{err2}"
+# if rc2.exitstatus == 0 # Found the key
+# out2 = err2 = '' # Don't add download error to verify error
+# break
+# end
+# end
+
+ require 'open-uri'
+ if keyid.length == 40
+ uri = "https://keys.openpgp.org/vks/v1/by-fingerprint/#{keyid}"
+ else
+ uri = "https://keys.openpgp.org/vks/v1/by-keyid/#{keyid}"
end
-
+ Wunderbar.warn uri
+ Dir.mktmpdir do |dir|
+ begin
+ tmpfile = File.join(dir, keyid)
+ File.open(tmpfile,"w") do |f|
+ f.puts(URI(uri).read)
+ end
+ out2, err2, rc2 = Open3.capture3 gpg,
+ '--batch', '--import', tmpfile
+ # For later analysis
+ Wunderbar.warn "#{gpg} --import #{tmpfile} rc2=#{rc2} out2=#{out2} err2=#{err2}"
+ rescue Exception => e
+ Wunderbar.warn "GET uri=#{uri} e=#{e}"
+ err2 = e.to_s
+ end
+ end
+
+ #--- TEMPORARY HACK (WHIMSY-275)
+
# run gpg verify command again
# TODO: may need to drop the keyid-format parameter when gpg is updated as it might
# reduce the keyid length from the full fingerprint