[tor-commits] [tor-messenger-build/master] Update gpg_wrapper to accept git tags signed with an expired key
boklm at torproject.org
boklm at torproject.org
Wed Aug 17 22:48:01 UTC 2016
commit 5401a9966d29f3a79cd78f6497c1166e174392e0
Author: Nicolas Vigier <boklm at torproject.org>
Date: Wed Aug 17 23:17:27 2016 +0200
Update gpg_wrapper to accept git tags signed with an expired key
---
rbm.conf | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/rbm.conf b/rbm.conf
index c3b3a3b..61a5f35 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -82,3 +82,23 @@ targets:
docker_image: '[% pc("docker-image", "docker_save_image") %]'
hg_opt: '--config extensions.bundleclone=[% shell_quote(c("basedir") _ "/tools/version-control-tools/hgext/bundleclone/__init__.py") %]'
+
+# change the default gpg_wrapper to allow git tag signed using an
+# expired key.
+# https://bugs.torproject.org/19737
+gpg_wrapper: |
+ #!/bin/bash
+ export LC_ALL=C
+ [%
+ IF c('gpg_keyring');
+ SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
+ END;
+ -%]
+ if [ $# -eq 4 ] && [ "$1" = '--status-fd=1' ] \
+ && [ "$2" = '--verify' ]
+ then
+ [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
+ exit ${PIPESTATUS[0]}
+ else
+ exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
+ fi
More information about the tor-commits
mailing list