This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 73694233 Better check
73694233 is described below
commit 73694233eb7a68d3fc723e21c0134f7cbf602932
Author: Sebb <[email protected]>
AuthorDate: Sun Aug 25 20:56:57 2024 +0100
Better check
---
www/secretary/workbench/views/actions/check-signature.json.rb | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 5d669be4..0ada63cb 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -87,6 +87,10 @@ def validate_sig(attachment, signature, msgid)
'--keyid-format', 'long', # Show a longer id
'--verify', signature.path, attachment.path
+ # N.B. the code now always fetches the key, so it is guaranteed current.
+ # Might need to consider allowing for using a cached key if fetches fail
frequently,
+ # but this should probably be on demand only
+
# Look for the keyid so we can fetch the current key
keyid = err[/[RD]SA key (ID )?(\w+)/,2]
if keyid
@@ -105,7 +109,7 @@ def validate_sig(attachment, signature, msgid)
'--batch', '--import', tmpfile
# For later analysis
Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out}
err=#{err}"
- if err.include?('imported: 1') or err.include?('unchanged: 1') #
downloaded key is valid; store it for posterity
+ if err.include?('processed: 1') # downloaded key is valid; store it
for posterity
Dir.mktmpdir do |tmpdir|
container = ASF::SVN.svnpath!('iclas', '__keys__')
ASF::SVN.svn!('checkout',[container, tmpdir], {depth: 'empty',
env: env})
