This is an automated email from the git hooks/post-receive script.
gk pushed a commit to branch master in repository builders/rbm.
commit 03ab77d9190a1c700ca442160cae0e4d7b732858 Author: Nicolas Vigier boklm@torproject.org AuthorDate: Tue Jun 28 14:10:59 2022 +0200
Bug 40028: Add support for keyring directories in modules
We also remove the `gpg_keyring_dir` option since this would make things more complex, and changing the `keyring` directory name is not very useful. --- doc/options_tar.asc | 7 +------ doc/rbm_input_files.asc | 6 +++--- doc/rbm_layout.asc | 3 +-- lib/RBM/DefaultConfig.pm | 18 +++++++++++++++--- 4 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/doc/options_tar.asc b/doc/options_tar.asc index e617c0b..b615dec 100644 --- a/doc/options_tar.asc +++ b/doc/options_tar.asc @@ -57,12 +57,7 @@ gpg_wrapper::
gpg_keyring:: The filename of the gpg keyring to use. Path is relative to the - +gpg_keyring_dir+ directory. This can also be an absolute path. - -gpg_keyring_dir:: - The directory containing gpg keyring files. The default is - +$basedir/keyring+ (with $basedir the directory where the main - config file is located). + keyring directory. This can also be an absolute path.
gpg_bin:: The gpg command to be used. The default is +gpg+. diff --git a/doc/rbm_input_files.asc b/doc/rbm_input_files.asc index abe366b..0c450eb 100644 --- a/doc/rbm_input_files.asc +++ b/doc/rbm_input_files.asc @@ -112,9 +112,9 @@ file_gpg_id:: If this option is set to 1, the file is checked for a gpg signature. If it is set to an other non zero value, or an array of non zero values, those are expected to be the valid gpg key - IDs. The +gpg_wrapper+, +gpg_keyring+, +gpg_keyring_dir+, - +gpg_bin+, +gpg_args+ options can be used to configure the gpg - check. Those options can be overriden in the file descriptor. + IDs. The +gpg_wrapper+, +gpg_keyring+, +gpg_bin+, +gpg_args+ + options can be used to configure the gpg check. Those options + can be overriden in the file descriptor.
sig_ext:: An array of file extensions for the gpg signature file. Those diff --git a/doc/rbm_layout.asc b/doc/rbm_layout.asc index ef700cb..c85658d 100644 --- a/doc/rbm_layout.asc +++ b/doc/rbm_layout.asc @@ -96,8 +96,7 @@ hg_clones:: keyring:: This is the directory where you can store gpg keyring files. Those keyrings contains the keys that are used to check signed - commits and tags. The path of this directory can be changed with - the 'gpg_keyring_dir' option. + commits and tags.
projects:: This is the directory containing projects definitions. The path diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm index 4fbe079..109ca8d 100644 --- a/lib/RBM/DefaultConfig.pm +++ b/lib/RBM/DefaultConfig.pm @@ -146,13 +146,25 @@ our %default_config = ( #### gpg_bin => 'gpg', gpg_args => '', - gpg_keyring_dir => '[% config.basedir %]/keyring', + gpg_keyring_path => sub { + my ($project, $options) = @_; + my $gpg_keyring = RBM::project_config($project, 'gpg_keyring', $options); + return undef unless $gpg_keyring; + return $gpg_keyring if $gpg_keyring =~ m|^/|; + my $rootpath = RBM::rbm_path("keyring/$gpg_keyring"); + return $rootpath if -f $rootpath; + for my $module (sort keys %{$RBM::config->{modules}}) { + my $modulepath = RBM::rbm_path("modules/$module/keyring/$gpg_keyring"); + return $modulepath if -f $modulepath; + } + RBM::exit_error("keyring file $gpg_keyring is missing") + }, gpg_wrapper => <<GPGEND, #!/bin/sh export LC_ALL=C [% - IF c('gpg_keyring'); - SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) + IF c('gpg_keyring_path'); + SET gpg_kr = '--keyring ' _ c('gpg_keyring_path') _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always'; END; -%]