[tbb-bugs] #30549 [Applications/Tor Browser]: Add script to remove expired sub-keys from a keyring file
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 31 13:51:40 UTC 2019
#30549: Add script to remove expired sub-keys from a keyring file
-------------------------------------------+-------------------------------
Reporter: boklm | Owner: tbb-team
Type: task | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201905, tbb-rbm | Actual Points:
Parent ID: #30548 | Points:
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Changes (by gk):
* status: needs_review => needs_revision
* keywords: TorBrowserTeam201905R, tbb-rbm => TorBrowserTeam201905, tbb-
rbm
Comment:
The `list-all-keyrings` scripts looks good to me. However, it does
sometimes weird things in that it only lists the `binutils` key and then
stops + it modifies it as well and I am left with a `binutils.gpg~` file.
I am still hunting for steps to repro that reliably... That's with GnuPG
2.2.13 ona Debian testing/unstable box in case it matters.
Regarding the `drop-expired-sub-keys` script:
1) The script does not differentiate between subkeys that are expired in
our `tor-browser-build` repo but are not expired in reality: there are
folks that just extend the expiration date from time to time instead of/in
addition to renewing keys.
2) The script should not touch keys that have no expired subkeys. When I
currently do something like `tools/keyring/drop-expired-sub-keys
keyring/zlib.gpg` then I get a modified `zlib.gpg` afterwards which I
should not get.
3) I should not get any keyring/$.gpg~ files in my `keyring` dir after
running the script
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30549#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list