commit 5401a9966d29f3a79cd78f6497c1166e174392e0 Author: Nicolas Vigier boklm@torproject.org Date: Wed Aug 17 23:17:27 2016 +0200

Update gpg_wrapper to accept git tags signed with an expired key --- rbm.conf | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)

diff --git a/rbm.conf b/rbm.conf index c3b3a3b..61a5f35 100644 --- a/rbm.conf +++ b/rbm.conf @@ -82,3 +82,23 @@ targets:

docker_image: '[% pc("docker-image", "docker_save_image") %]' hg_opt: '--config extensions.bundleclone=[% shell_quote(c("basedir") _ "/tools/version-control-tools/hgext/bundleclone/__init__.py") %]' + +# change the default gpg_wrapper to allow git tag signed using an +# expired key. +# https://bugs.torproject.org/19737 +gpg_wrapper: | + #!/bin/bash + export LC_ALL=C + [% + IF c('gpg_keyring'); + SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring'; + END; + -%] + if [ $# -eq 4 ] && [ "$1" = '--status-fd=1' ] \ + && [ "$2" = '--verify' ] + then + [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^[GNUPG:] EXPKEYSIG /[GNUPG:] GOODSIG /' + exit ${PIPESTATUS[0]} + else + exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" + fi