This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 5cfb2c7e Add code to store public key
5cfb2c7e is described below
commit 5cfb2c7e10c140b7f46f40e413225cc351b59add
Author: Sebb <[email protected]>
AuthorDate: Mon Feb 12 22:54:15 2024 +0000
Add code to store public key
---
.../views/actions/check-signature.json.rb | 27 ++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 920652a5..823284e3 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -75,7 +75,7 @@ def getURI(uri, file)
end
end
-def validate_sig(attachment, signature)
+def validate_sig(attachment, signature, msgid)
# pick the latest gpg version
gpg = `which gpg2`.chomp
gpg = `which gpg`.chomp if gpg.empty?
@@ -109,6 +109,28 @@ def validate_sig(attachment, signature)
'--batch', '--import', tmpfile
# For later analysis
Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out}
err=#{err}"
+ if err.include? 'imported: 1' # downloaded key is valid; store it
for posterity
+ Dir.mktmpdir do |tmpdir|
+ container = ASF::SVN.svnpath!('iclas', '__keys__')
+ ASF::SVN.svn!('checkout',[container, tmpdir],
+ {depth: 'empty', user: $USER, password: $PASSWORD})
+ outfile = File.join(tmpdir, keyid)
+ # Just in case we already have a copy
+ ASF::SVN.svn!('update', outfile, {user: $USER, password:
$PASSWORD})
+ present = File.exist? outfile
+ FileUtils.cp(tmpfile, outfile) # add the latest copy
+ if present # must have been dropped from the pubkey database (or
was maybe backfilled)
+ Wunderbar.warn "Already have a copy of #{keyid}"
+ # Has it changed?
+ Wunderbar.warn ASF::SVN.svn('diff', outfile, {verbose:
true}).inspect
+ else # we have a new key
+ ASF::SVN.svn!('add', outfile, {verbose: true})
+ end
+ ASF::SVN.svn!('commit', outfile, {msg: "Adding key for msgid:
#{msgid}", user: $USER, password: $PASSWORD})
+ end
+ else
+ Wunderbar.warn "Failed to import #{keyid}"
+ end
found = true
rescue Exception => e
Wunderbar.warn "GET uri=#{uri} e=#{e}"
@@ -151,8 +173,9 @@ def process
# e.g. icla.pdf and icla.pdf.asc
attachment =
message.find(URI::RFC2396_Parser.new.unescape(@attachment)).as_file # This is
derived from a URI
signature = message.find(@signature).as_file # This is derived from the
YAML file
+ msgid = message.headers.select{|k,v| k.downcase ==
'message-id'}.values.first
- out, err, rc = validate_sig(attachment, signature)
+ out, err, rc = validate_sig(attachment, signature, msgid)
ensure
attachment.unlink if attachment
