This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new e4ac9d8 Look for incorrect gpg commands
e4ac9d8 is described below
commit e4ac9d84618d742e800407a7081195c75c662a25
Author: Sebb <[email protected]>
AuthorDate: Sat Aug 28 14:24:34 2021 +0100
Look for incorrect gpg commands
---
tools/download_check.rb | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/tools/download_check.rb b/tools/download_check.rb
index f7e61a8..89abffb 100755
--- a/tools/download_check.rb
+++ b/tools/download_check.rb
@@ -453,15 +453,25 @@ def _checkDownloadPage(path, tlp, version)
hasGPGverify = false
# Check if GPG verify has two parameters
- body.scan(%r{^.+gpg --verify.+$}){|m|
+ body.scan(%r{^.+gpg --verify.+$}) { |m|
hasGPGverify = true
unless m =~ %r{gpg --verify\s+\S+\.asc\s+\S+}
W "gpg verify should specify second param: #{m.strip}
see:\nhttps://www.apache.org/info/verification.html#specify_both";
end
}
+ # Look for incorrect gpg qualifiers
+ body.scan(%r{(gpg[[:space:]]+(.+?)(?:import|verify))}) { |m|
+ pfx = m[1]
+ unless pfx == '--'
+ $stderr.puts m.inspect
+ $stderr.puts m[0]
+ W "gpg requires -- before qualifiers, not #{pfx.inspect}: #{m[0].strip}"
+ end
+ }
+
# check for verify instructions
- bodytext = body.gsub(/\s+/,' ') # single line
+ bodytext = body.gsub(/\s+/, ' ') # single line
if VERIFY_TEXT.any? {|text| bodytext.include? text}
I 'Found reference to download verification'
elsif hasGPGverify
