(whimsy) branch master updated: Add code to store public key

[sebb]

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 5cfb2c7e Add code to store public key
5cfb2c7e is described below

commit 5cfb2c7e10c140b7f46f40e413225cc351b59add
Author: Sebb <s...@apache.org>
AuthorDate: Mon Feb 12 22:54:15 2024 +0000

    Add code to store public key
---
 .../views/actions/check-signature.json.rb          | 27 ++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb 
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 920652a5..823284e3 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -75,7 +75,7 @@ def getURI(uri, file)
   end
 end
 
-def validate_sig(attachment, signature)
+def validate_sig(attachment, signature, msgid)
   # pick the latest gpg version
   gpg = `which gpg2`.chomp
   gpg = `which gpg`.chomp if gpg.empty?
@@ -109,6 +109,28 @@ def validate_sig(attachment, signature)
             '--batch', '--import', tmpfile
           # For later analysis
           Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out} 
err=#{err}"
+          if err.include? 'imported: 1' # downloaded key is valid; store it 
for posterity
+            Dir.mktmpdir do |tmpdir|
+              container = ASF::SVN.svnpath!('iclas', '__keys__')
+              ASF::SVN.svn!('checkout',[container, tmpdir],
+                            {depth: 'empty', user: $USER, password: $PASSWORD})
+              outfile = File.join(tmpdir, keyid)
+              # Just in case we already have a copy
+              ASF::SVN.svn!('update', outfile, {user: $USER, password: 
$PASSWORD})
+              present = File.exist? outfile
+              FileUtils.cp(tmpfile, outfile) # add the latest copy
+              if present # must have been dropped from the pubkey database (or 
was maybe backfilled)
+                Wunderbar.warn "Already have a copy of #{keyid}"
+                # Has it changed?
+                Wunderbar.warn ASF::SVN.svn('diff', outfile, {verbose: 
true}).inspect
+              else # we have a new key
+                ASF::SVN.svn!('add', outfile, {verbose: true})
+              end
+              ASF::SVN.svn!('commit', outfile, {msg: "Adding key for msgid: 
#{msgid}", user: $USER, password: $PASSWORD})
+            end
+          else
+            Wunderbar.warn "Failed to import #{keyid}"
+          end
           found = true
         rescue Exception => e
           Wunderbar.warn "GET uri=#{uri} e=#{e}"
@@ -151,8 +173,9 @@ def process
     # e.g. icla.pdf and icla.pdf.asc
     attachment = 
message.find(URI::RFC2396_Parser.new.unescape(@attachment)).as_file # This is 
derived from a URI
     signature  = message.find(@signature).as_file # This is derived from the 
YAML file
+    msgid = message.headers.select{|k,v| k.downcase == 
'message-id'}.values.first
 
-    out, err, rc = validate_sig(attachment, signature)
+    out, err, rc = validate_sig(attachment, signature, msgid)
 
   ensure
     attachment.unlink if attachment