Re: TomEE KEYS update

Thu, 16 Sep 2021 11:31:45 -0700 

> On Sep 16, 2021, at 1:10 PM, Jenkins, Rodney J (Rod) 
> <[email protected]> wrote:
> 
> David,
> 
> WOW, you’re a genius!!
> 
> This worked well and makes the Docerfiles clean.  For the record, I dislike 
> awk.  What you had is exactly I would have done it if I understood gpg better.

Stackoverflow to the rescue :)  I knew fingerprints are usually some kind of 
sha of the public key, so I figured there had to be a way to calculate it and 
went looking.

> Now, if we can get consistent on the sha512 files, lol.

What's the challenge there?  Are we missing them on occasion?


-David

> On 9/16/21, 11:55 AM, "David Blevins" <[email protected]> wrote:
> 
>> On Sep 16, 2021, at 11:03 AM, Jenkins, Rodney J (Rod) 
>> <[email protected]> wrote:
>> 
>> Hello David,
>> 
>> Thank you for the response.....  I think I understand the issue......
>> 
>> The script parses the KEYS file as such:
>> for key in `curl -fsSL 'https://www.apache.org/dist/tomee/KEYS' | awk -F ' = 
>> ' '$1 ~ /^ +Key fingerprint$/ { gsub(" ", "", $2); print $2 }' | sort -u`; 
>> do \
>> 
>> The key you used that starts with 626C does not have the line "Key 
>> fingerprint = 626C..."  
>> 
>> Your output gave me the fingerprint I needed I added it to the Dockerfile 
>> manually and it was found in the key servers.  Jean-Louis is in a similar 
>> boat.  His finger print is there it is missing " Key fingerprint =" in front 
>> of it.
> 
>    Thanks for the explanation and pointer, Rod!
> 
>    I dug and found the loop in question.  Looks like there's a way to get gpg 
> to list the keys in a file without importing them and give us more consistent 
> output to parse.
> 
>        $ cat KEYS | gpg --with-colons --import-options show-only --import
> 
>    I never learned awk, but here's a way to parse it:
> 
>        for key in $(curl -fsSL 'https://www.apache.org/dist/tomee/KEYS' |cat 
> KEYS | gpg --with-colons --import-options show-only --import | grep '^fpr' | 
> cut -d : -f 10 ); do 
>            # do the stuff
>        done
> 
>    You could probably cook up something fancier with your awk skills :)
> 
> 
>    -David
> 
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to