[tbb-bugs] #30549 [Applications/Tor Browser]: Add script to remove expired sub-keys from a keyring file

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 31 13:51:40 UTC 2019

#30549: Add script to remove expired sub-keys from a keyring file
 Reporter:  boklm                          |          Owner:  tbb-team
     Type:  task                           |         Status:
                                           |  needs_revision
 Priority:  Medium                         |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  TorBrowserTeam201905, tbb-rbm  |  Actual Points:
Parent ID:  #30548                         |         Points:
 Reviewer:                                 |        Sponsor:
Changes (by gk):

 * status:  needs_review => needs_revision
 * keywords:  TorBrowserTeam201905R, tbb-rbm => TorBrowserTeam201905, tbb-


 The `list-all-keyrings` scripts looks good to me. However, it does
 sometimes weird things in that it only lists the `binutils` key and then
 stops + it modifies it as well and I am left with a `binutils.gpg~` file.
 I am still hunting for steps to repro that reliably... That's with GnuPG
 2.2.13 ona Debian testing/unstable box in case it matters.

 Regarding the `drop-expired-sub-keys` script:

 1) The script does not differentiate between subkeys that are expired in
 our `tor-browser-build` repo but are not expired in reality: there are
 folks that just extend the expiration date from time to time instead of/in
 addition to renewing keys.

 2) The script should not touch keys that have no expired subkeys. When I
 currently do something like `tools/keyring/drop-expired-sub-keys
 keyring/zlib.gpg` then I get a modified `zlib.gpg` afterwards which I
 should not get.

 3) I should not get any keyring/$.gpg~ files in my `keyring` dir after
 running the script

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30549#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list