On Fri, Jul 8, 2022 at 4:47 PM <dsahlb...@apache.org> wrote: > > Author: dsahlberg > Date: Fri Jul 8 20:47:42 2022 > New Revision: 1902582 > > URL: http://svn.apache.org/viewvc?rev=1902582&view=rev > Log: > ASF no longer provide a aggregated KEYS file, so we need to construct it > ourselves using the make-keys.sh script. > > * tools/dist/release.py > (roll_tarballs): Call make-keys.sh to create the KEYS file > (get_keys): Call make-keys.sh to create the KEYS file > > Modified: > subversion/trunk/tools/dist/release.py > > Modified: subversion/trunk/tools/dist/release.py > URL: > http://svn.apache.org/viewvc/subversion/trunk/tools/dist/release.py?rev=1902582&r1=1902581&r2=1902582&view=diff > ============================================================================== > --- subversion/trunk/tools/dist/release.py (original) > +++ subversion/trunk/tools/dist/release.py Fri Jul 8 20:47:42 2022 > @@ -98,7 +98,6 @@ dist_release_url = dist_repos + '/releas > dist_archive_url = 'https://archive.apache.org/dist/subversion' > buildbot_repos = os.getenv('SVN_RELEASE_BUILDBOT_REPOS', > > 'https://svn.apache.org/repos/infra/infrastructure/buildbot/aegis/buildmaster') > -KEYS = 'https://people.apache.org/keys/group/subversion.asc' > extns = ['zip', 'tar.gz', 'tar.bz2'] > > > @@ -980,7 +979,12 @@ def roll_tarballs(args): > # from a committer's LDAP profile down the road) > basename = 'subversion-%s.KEYS' % (str(args.version),) > filepath = os.path.join(get_tempdir(args.base_dir), basename) > - download_file(KEYS, filepath, None) > + # The following code require release.py to be executed within a > + # complete wc, not a shallow wc as indicated in HACKING as one > option. > + # We /could/ download COMMITTERS from /trunk if it doesn't exist... > + subprocess.check_call([os.path.dirname(__file__) + '/make-keys.sh', > + '-c', os.path.dirname(__file__) + '/../..', > + '-o', filepath]) > shutil.move(filepath, get_target(args)) > > # And we're done! > @@ -1465,12 +1469,11 @@ def check_sigs(args): > > def get_keys(args): > 'Import the LDAP-based KEYS file to gpg' > - # We use a tempfile because urlopen() objects don't have a .fileno() > - with tempfile.SpooledTemporaryFile() as fd: > - fd.write(urlopen(KEYS).read()) > - fd.flush() > - fd.seek(0) > - subprocess.check_call(['gpg', '--import'], stdin=fd) > + with tempfile.NamedTemporaryFile(delete=False) as tmpfile: > + keyspath = tmpfile.name > + subprocess.check_call([os.path.dirname(__file__) + '/make-keys.sh', > '-c', os.path.dirname(__file__) + '/../..', '-o', keyspath]) > + subprocess.check_call(['gpg', '--import', keyspath]) > + os.remove(keyspath) > > def add_to_changes_dict(changes_dict, audience, section, change, revision): > # Normalize arguments > >
Okay, so this will generate subversion-<version>.KEYS with the current keys of all full committers. It won't touch the cumulative KEYS file, which needs to be maintained manually (for now). This change seems reasonable conceptually. (I haven't tested it as I'm also a little concerned about making any inadvertent commits!) Cheers, Nathan
