Sorry, I just realized a glaring error in this patch. The $gpg_keyring_url variable is not used at all. Instead the Savannah URL is hardcoded in the announce email. My Perl is not good enough to immediately know how to force a lazy evaluation of the variable in order to get the project name at the end.
It's late at night, and I shouldn't have sent the patch when semi-asleep. I'll fix the issue and send a new version later in the day. On Tue, Mar 8, 2022, at 00:45, Darshit Shah wrote: > * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was > deprecated and has been offline since the middle of 2021. The default > keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus > offline as well. Instead, use the Release Keyring on Savannah to list the > GnuPG Keys used to sign releases for that project and import the entire > keyring. A new option --gpg-keyring-url is provided for projects that don't > use Savannah or maintain their keyring elsewhere > --- > ChangeLog | 11 +++++++++++ > build-aux/announce-gen | 7 ++++++- > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/ChangeLog b/ChangeLog > index e3f0ed216c..c2ea26f5ca 100644 > --- a/ChangeLog > +++ b/ChangeLog > @@ -1,3 +1,14 @@ > +2022-03-08 Darshit Shah <[email protected]> > + > + build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG > + * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys > was > + deprecated and has been offline since the middle of 2021. The default > + keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus > + offline as well. Instead, use the Release Keyring on Savannah to list > the > + GnuPG Keys used to sign releases for that project and import the entire > + keyring. A new option --gpg-keyring-url is provided for projects that > don't > + use Savannah or maintain their keyring elsewhere > + > 2022-03-07 Pádraig Brady <[email protected]> > > fcntl-h: add AT_NO_AUTOMOUNT > diff --git a/build-aux/announce-gen b/build-aux/announce-gen > index 5c35e3d564..19f0015e47 100755 > --- a/build-aux/announce-gen > +++ b/build-aux/announce-gen > @@ -52,6 +52,7 @@ use POSIX qw(strftime); > my %valid_release_types = map {$_ => 1} qw (alpha beta stable); > my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz); > my $srcdir = '.'; > +my $gpg_keyring_url = > "https://savannah.gnu.org/project/release-gpgkeys.php?group=\$project_name&download=1";; > > sub usage ($) > { > @@ -90,6 +91,9 @@ The following are optional: > VERSION is the result of running git > describe > in the gnulib source directory. > required if gnulib is in TOOL_LIST. > + --gpg-keyring-url=URL URL pointing to the GnuPG Keyring > containing > + the key used to sign the tarballs > + (default: $gpg_keyring_url) > --no-print-checksums do not emit SHA1 or SHA256 checksums > --archive-suffix=SUF add SUF to the list of archive suffixes > --mail-headers=HEADERS a space-separated list of mail > headers, e.g., > @@ -395,6 +399,7 @@ sub get_tool_versions ($$) > 'previous-version=s' => \$prev_version, > 'current-version=s' => \$curr_version, > 'gpg-key-id=s' => \$gpg_key_id, > + 'gpg-keyring-url=s' => \$gpg_keyring_url, > 'url-directory=s' => \@url_dir_list, > 'news=s' => \@news_file, > 'srcdir=s' => \$srcdir, > @@ -536,7 +541,7 @@ and the corresponding tarball. Then, run a command > like this: > If that command fails because you don't have the required public key, > then run this command to import it: > > - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id > + wget -q -O- > 'https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name&download=1' > > | gpg --import - > > and rerun the 'gpg --verify' command. > EOF > -- > 2.35.1
