Okay, I decided to take the easy way out and wrote this patch instead. The URL was too long and ugly in the --help output, so I'm glad to remove it from there. -- >8 --
* build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was deprecated and has been offline since the middle of 2021. The default keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus offline as well. Instead, use the Release Keyring on Savannah to list the GnuPG Keys used to sign releases for that project and import the entire keyring. A new option --gpg-keyring-url is provided for projects that don't use Savannah or maintain their keyring elsewhere --- ChangeLog | 11 +++++++++++ build-aux/announce-gen | 9 ++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e3f0ed216c..c2ea26f5ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2022-03-08 Darshit Shah <dar...@gnu.org> + + build-aux/announce-gen: Use Release keyrings on Savannah for GnuPG + * build-aux/announce-gen: The default SKS Keyserver pool for GnuPG Keys was + deprecated and has been offline since the middle of 2021. The default + keyserver: keys.gnupg.net was just a mirror of the SKS Pool and is thus + offline as well. Instead, use the Release Keyring on Savannah to list the + GnuPG Keys used to sign releases for that project and import the entire + keyring. A new option --gpg-keyring-url is provided for projects that don't + use Savannah or maintain their keyring elsewhere + 2022-03-07 Pádraig Brady <p...@draigbrady.com> fcntl-h: add AT_NO_AUTOMOUNT diff --git a/build-aux/announce-gen b/build-aux/announce-gen index 5c35e3d564..ff6d226ad5 100755 --- a/build-aux/announce-gen +++ b/build-aux/announce-gen @@ -90,6 +90,8 @@ The following are optional: VERSION is the result of running git describe in the gnulib source directory. required if gnulib is in TOOL_LIST. + --gpg-keyring-url=URL URL pointing to the GnuPG Keyring containing + the key used to sign the tarballs --no-print-checksums do not emit SHA1 or SHA256 checksums --archive-suffix=SUF add SUF to the list of archive suffixes --mail-headers=HEADERS a space-separated list of mail headers, e.g., @@ -377,6 +379,7 @@ sub get_tool_versions ($$) my $bootstrap_tools; my $gnulib_version; my $print_checksums_p = 1; + my $gpg_keyring_url; # Reformat the warnings before displaying them. local $SIG{__WARN__} = sub @@ -395,6 +398,7 @@ sub get_tool_versions ($$) 'previous-version=s' => \$prev_version, 'current-version=s' => \$curr_version, 'gpg-key-id=s' => \$gpg_key_id, + 'gpg-keyring-url=s' => \$gpg_keyring_url, 'url-directory=s' => \@url_dir_list, 'news=s' => \@news_file, 'srcdir=s' => \$srcdir, @@ -434,6 +438,9 @@ sub get_tool_versions ($$) @url_dir_list or (warn "URL directory name(s) not specified\n"), $fail = 1; + $gpg_keyring_url + or $gpg_keyring_url = "https://savannah.gnu.org/project/release-gpgkeys.php?group=$package_name&download=1"; + my @tool_list = split ',', $bootstrap_tools if $bootstrap_tools; @@ -536,7 +543,7 @@ and the corresponding tarball. Then, run a command like this: If that command fails because you don't have the required public key, then run this command to import it: - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id + wget -q -O- '$gpg_keyring_url' | gpg --import - and rerun the 'gpg --verify' command. EOF -- 2.35.1