This is an automated email from the ASF dual-hosted git repository. sebb pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push: new 5cfb2c7e Add code to store public key 5cfb2c7e is described below commit 5cfb2c7e10c140b7f46f40e413225cc351b59add Author: Sebb <s...@apache.org> AuthorDate: Mon Feb 12 22:54:15 2024 +0000 Add code to store public key --- .../views/actions/check-signature.json.rb | 27 ++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb index 920652a5..823284e3 100644 --- a/www/secretary/workbench/views/actions/check-signature.json.rb +++ b/www/secretary/workbench/views/actions/check-signature.json.rb @@ -75,7 +75,7 @@ def getURI(uri, file) end end -def validate_sig(attachment, signature) +def validate_sig(attachment, signature, msgid) # pick the latest gpg version gpg = `which gpg2`.chomp gpg = `which gpg`.chomp if gpg.empty? @@ -109,6 +109,28 @@ def validate_sig(attachment, signature) '--batch', '--import', tmpfile # For later analysis Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out} err=#{err}" + if err.include? 'imported: 1' # downloaded key is valid; store it for posterity + Dir.mktmpdir do |tmpdir| + container = ASF::SVN.svnpath!('iclas', '__keys__') + ASF::SVN.svn!('checkout',[container, tmpdir], + {depth: 'empty', user: $USER, password: $PASSWORD}) + outfile = File.join(tmpdir, keyid) + # Just in case we already have a copy + ASF::SVN.svn!('update', outfile, {user: $USER, password: $PASSWORD}) + present = File.exist? outfile + FileUtils.cp(tmpfile, outfile) # add the latest copy + if present # must have been dropped from the pubkey database (or was maybe backfilled) + Wunderbar.warn "Already have a copy of #{keyid}" + # Has it changed? + Wunderbar.warn ASF::SVN.svn('diff', outfile, {verbose: true}).inspect + else # we have a new key + ASF::SVN.svn!('add', outfile, {verbose: true}) + end + ASF::SVN.svn!('commit', outfile, {msg: "Adding key for msgid: #{msgid}", user: $USER, password: $PASSWORD}) + end + else + Wunderbar.warn "Failed to import #{keyid}" + end found = true rescue Exception => e Wunderbar.warn "GET uri=#{uri} e=#{e}" @@ -151,8 +173,9 @@ def process # e.g. icla.pdf and icla.pdf.asc attachment = message.find(URI::RFC2396_Parser.new.unescape(@attachment)).as_file # This is derived from a URI signature = message.find(@signature).as_file # This is derived from the YAML file + msgid = message.headers.select{|k,v| k.downcase == 'message-id'}.values.first - out, err, rc = validate_sig(attachment, signature) + out, err, rc = validate_sig(attachment, signature, msgid) ensure attachment.unlink if attachment