[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-messenger-build/updater] Update gpg_wrapper to accept git tags signed with an expired key



commit 5401a9966d29f3a79cd78f6497c1166e174392e0
Author: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
Date:   Wed Aug 17 23:17:27 2016 +0200

    Update gpg_wrapper to accept git tags signed with an expired key
---
 rbm.conf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/rbm.conf b/rbm.conf
index c3b3a3b..61a5f35 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -82,3 +82,23 @@ targets:
 
 docker_image: '[% pc("docker-image", "docker_save_image") %]'
 hg_opt: '--config extensions.bundleclone=[% shell_quote(c("basedir") _ "/tools/version-control-tools/hgext/bundleclone/__init__.py") %]'
+
+# change the default gpg_wrapper to allow git tag signed using an
+# expired key.
+# https://bugs.torproject.org/19737
+gpg_wrapper: |
+  #!/bin/bash
+  export LC_ALL=C
+  [%
+      IF c('gpg_keyring');
+          SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
+      END;
+  -%]
+  if [ $# -eq 4 ] && [ "$1" = '--status-fd=1' ] \
+      && [ "$2" = '--verify' ]
+  then
+        [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
+        exit ${PIPESTATUS[0]}
+  else
+        exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
+  fi



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits