[PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Okay, I decided to take the easy way out and wrote this patch instead. The URL
was too long and ugly in the --help output, so I'm glad to remove it from
there.
-- >8 --
* build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
deprecated and has been offline since the middle of 2021. The default
keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
offline as well. Instead, use the Release Keyring on Savannah to list the
GnuPG Keys used to sign releases for that project and import the entire
keyring. A new option --gpg-keyring-url is provided for projects that don't
use Savannah or maintain their keyring elsewhere
---
ChangeLog | 11 +++
build-aux/announce-gen | 9 -
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e3f0ed216c..c2ea26f5ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2022-03-08 Darshit Shah
+
+ build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
+ * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys
was
+ deprecated and has been offline since the middle of 2021. The default
+ keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
+ offline as well. Instead, use the Release Keyring on Savannah to list
the
+ GnuPG Keys used to sign releases for that project and import the entire
+ keyring. A new option --gpg-keyring-url is provided for projects that
don't
+ use Savannah or maintain their keyring elsewhere
+
2022-03-07 Pádraig Brady
fcntl-h: add AT_NO_AUTOMOUNT
diff --git a/build-aux/announce-gen b/build-aux/announce-gen
index 5c35e3d564..ff6d226ad5 100755
--- a/build-aux/announce-gen
+++ b/build-aux/announce-gen
@@ -90,6 +90,8 @@ The following are optional:
VERSION is the result of running git describe
in the gnulib source directory.
required if gnulib is in TOOL_LIST.
+ --gpg-keyring-url=URLURL pointing to the GnuPG Keyring containing
+the key used to sign the tarballs
--no-print-checksums do not emit SHA1 or SHA256 checksums
--archive-suffix=SUF add SUF to the list of archive suffixes
--mail-headers=HEADERS a space-separated list of mail headers, e.g.,
@@ -377,6 +379,7 @@ sub get_tool_versions ($$)
my $bootstrap_tools;
my $gnulib_version;
my $print_checksums_p = 1;
+ my $gpg_keyring_url;
# Reformat the warnings before displaying them.
local $SIG{__WARN__} = sub
@@ -395,6 +398,7 @@ sub get_tool_versions ($$)
'previous-version=s' => \$prev_version,
'current-version=s' => \$curr_version,
'gpg-key-id=s' => \$gpg_key_id,
+ 'gpg-keyring-url=s' => \$gpg_keyring_url,
'url-directory=s'=> \@url_dir_list,
'news=s' => \@news_file,
'srcdir=s' => \$srcdir,
@@ -434,6 +438,9 @@ sub get_tool_versions ($$)
@url_dir_list
or (warn "URL directory name(s) not specified\n"), $fail = 1;
+ $gpg_keyring_url
+or $gpg_keyring_url =
"https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name=1;;
+
my @tool_list = split ',', $bootstrap_tools
if $bootstrap_tools;
@@ -536,7 +543,7 @@ and the corresponding tarball. Then, run a command like
this:
If that command fails because you don't have the required public key,
then run this command to import it:
- gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
+ wget -q -O- '$gpg_keyring_url' | gpg --import -
and rerun the 'gpg --verify' command.
EOF
--
2.35.1
Re: [PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
Sorry,
I just realized a glaring error in this patch. The $gpg_keyring_url variable is
not used at all. Instead the Savannah URL is hardcoded in the announce email.
My Perl is not good enough to immediately know how to force a lazy evaluation
of the variable in order to get the project name at the end.
It's late at night, and I shouldn't have sent the patch when semi-asleep. I'll
fix the issue and send a new version later in the day.
On Tue, Mar 8, 2022, at 00:45, Darshit Shah wrote:
> * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
> deprecated and has been offline since the middle of 2021. The default
> keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> offline as well. Instead, use the Release Keyring on Savannah to list the
> GnuPG Keys used to sign releases for that project and import the entire
> keyring. A new option --gpg-keyring-url is provided for projects that don't
> use Savannah or maintain their keyring elsewhere
> ---
> ChangeLog | 11 +++
> build-aux/announce-gen | 7 ++-
> 2 files changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index e3f0ed216c..c2ea26f5ca 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,14 @@
> +2022-03-08 Darshit Shah
> +
> + build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
> + * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys
> was
> + deprecated and has been offline since the middle of 2021. The default
> + keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
> + offline as well. Instead, use the Release Keyring on Savannah to list
> the
> + GnuPG Keys used to sign releases for that project and import the entire
> + keyring. A new option --gpg-keyring-url is provided for projects that
> don't
> + use Savannah or maintain their keyring elsewhere
> +
> 2022-03-07 Pádraig Brady
>
> fcntl-h: add AT_NO_AUTOMOUNT
> diff --git a/build-aux/announce-gen b/build-aux/announce-gen
> index 5c35e3d564..19f0015e47 100755
> --- a/build-aux/announce-gen
> +++ b/build-aux/announce-gen
> @@ -52,6 +52,7 @@ use POSIX qw(strftime);
> my %valid_release_types = map {$_ => 1} qw (alpha beta stable);
> my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz);
> my $srcdir = '.';
> +my $gpg_keyring_url =
> "https://savannah.gnu.org/project/release-gpgkeys.php?group=\$project_name=1;;
>
> sub usage ($)
> {
> @@ -90,6 +91,9 @@ The following are optional:
> VERSION is the result of running git
> describe
> in the gnulib source directory.
> required if gnulib is in TOOL_LIST.
> + --gpg-keyring-url=URLURL pointing to the GnuPG Keyring
> containing
> +the key used to sign the tarballs
> +(default: $gpg_keyring_url)
> --no-print-checksums do not emit SHA1 or SHA256 checksums
> --archive-suffix=SUF add SUF to the list of archive suffixes
> --mail-headers=HEADERS a space-separated list of mail
> headers, e.g.,
> @@ -395,6 +399,7 @@ sub get_tool_versions ($$)
> 'previous-version=s' => \$prev_version,
> 'current-version=s' => \$curr_version,
> 'gpg-key-id=s' => \$gpg_key_id,
> + 'gpg-keyring-url=s' => \$gpg_keyring_url,
> 'url-directory=s'=> \@url_dir_list,
> 'news=s' => \@news_file,
> 'srcdir=s' => \$srcdir,
> @@ -536,7 +541,7 @@ and the corresponding tarball. Then, run a command
> like this:
> If that command fails because you don't have the required public key,
> then run this command to import it:
>
> - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
> + wget -q -O-
> 'https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name=1'
>
> | gpg --import -
>
> and rerun the 'gpg --verify' command.
> EOF
> --
> 2.35.1
[PATCH] build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
* build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was
deprecated and has been offline since the middle of 2021. The default
keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
offline as well. Instead, use the Release Keyring on Savannah to list the
GnuPG Keys used to sign releases for that project and import the entire
keyring. A new option --gpg-keyring-url is provided for projects that don't
use Savannah or maintain their keyring elsewhere
---
ChangeLog | 11 +++
build-aux/announce-gen | 7 ++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e3f0ed216c..c2ea26f5ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2022-03-08 Darshit Shah
+
+ build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG
+ * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys
was
+ deprecated and has been offline since the middle of 2021. The default
+ keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus
+ offline as well. Instead, use the Release Keyring on Savannah to list
the
+ GnuPG Keys used to sign releases for that project and import the entire
+ keyring. A new option --gpg-keyring-url is provided for projects that
don't
+ use Savannah or maintain their keyring elsewhere
+
2022-03-07 Pádraig Brady
fcntl-h: add AT_NO_AUTOMOUNT
diff --git a/build-aux/announce-gen b/build-aux/announce-gen
index 5c35e3d564..19f0015e47 100755
--- a/build-aux/announce-gen
+++ b/build-aux/announce-gen
@@ -52,6 +52,7 @@ use POSIX qw(strftime);
my %valid_release_types = map {$_ => 1} qw (alpha beta stable);
my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz);
my $srcdir = '.';
+my $gpg_keyring_url =
"https://savannah.gnu.org/project/release-gpgkeys.php?group=\$project_name=1;;
sub usage ($)
{
@@ -90,6 +91,9 @@ The following are optional:
VERSION is the result of running git describe
in the gnulib source directory.
required if gnulib is in TOOL_LIST.
+ --gpg-keyring-url=URLURL pointing to the GnuPG Keyring containing
+the key used to sign the tarballs
+(default: $gpg_keyring_url)
--no-print-checksums do not emit SHA1 or SHA256 checksums
--archive-suffix=SUF add SUF to the list of archive suffixes
--mail-headers=HEADERS a space-separated list of mail headers, e.g.,
@@ -395,6 +399,7 @@ sub get_tool_versions ($$)
'previous-version=s' => \$prev_version,
'current-version=s' => \$curr_version,
'gpg-key-id=s' => \$gpg_key_id,
+ 'gpg-keyring-url=s' => \$gpg_keyring_url,
'url-directory=s'=> \@url_dir_list,
'news=s' => \@news_file,
'srcdir=s' => \$srcdir,
@@ -536,7 +541,7 @@ and the corresponding tarball. Then, run a command like
this:
If that command fails because you don't have the required public key,
then run this command to import it:
- gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id
+ wget -q -O-
'https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name=1'
| gpg --import -
and rerun the 'gpg --verify' command.
EOF
--
2.35.1
Re: [PATCH] fcntl-h: add AT_NO_AUTOMOUNT
On 3/7/22 06:08, Pádraig Brady wrote: * lib/fcntl.in.h: Define AT_NO_AUTOMOUNT to 0 where not defined. This is available on Linux since 2.6.38. Looks good. Please feel free to install this sort of thing without waiting for review.
[PATCH] fcntl-h: add AT_NO_AUTOMOUNT
* lib/fcntl.in.h: Define AT_NO_AUTOMOUNT to 0 where not defined. This is available on Linux since 2.6.38. --- ChangeLog | 6 ++ lib/fcntl.in.h | 4 2 files changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index c5a80fd3f3..e3f0ed216c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2022-03-07 Pádraig Brady + + fcntl-h: add AT_NO_AUTOMOUNT + * lib/fcntl.in.h: Define AT_NO_AUTOMOUNT to 0 where not defined. + This is available on Linux since 2.6.38. + 2022-03-01 Paul Eggert Create lib/Makefile.am after gnulib-comp.m4 diff --git a/lib/fcntl.in.h b/lib/fcntl.in.h index 3e0c302af3..9270ced897 100644 --- a/lib/fcntl.in.h +++ b/lib/fcntl.in.h @@ -435,6 +435,10 @@ _GL_WARN_ON_USE (openat, "openat is not portable - " # define AT_EACCESS 4 #endif +/* Ignore this flag if not supported. */ +#ifndef AT_NO_AUTOMOUNT +# define AT_NO_AUTOMOUNT 0 +#endif #endif /* _@GUARD_PREFIX@_FCNTL_H */ #endif /* _@GUARD_PREFIX@_FCNTL_H */ -- 2.26.2
