Author: danielsh
Date: Thu Jun 29 02:46:14 2017
New Revision: 1800221
URL: http://svn.apache.org/viewvc?rev=1800221&view=rev
Log:
release.py: Don't use 32-bit key id's (= truncated fingerprints) either
internally
or in the generated output.
* tools/dist/release.py
(get_siginfo): Use the full fingerprint internally and a 64-bit short format
in the output, alongside the full fingerprint.
Modified:
subversion/trunk/tools/dist/release.py
Modified: subversion/trunk/tools/dist/release.py
URL:
http://svn.apache.org/viewvc/subversion/trunk/tools/dist/release.py?rev=1800221&r1=1800220&r2=1800221&view=diff
==============================================================================
--- subversion/trunk/tools/dist/release.py (original)
+++ subversion/trunk/tools/dist/release.py Thu Jun 29 02:46:14 2017
@@ -840,7 +840,7 @@ def get_siginfo(args, quiet=False):
os.unlink(fn)
if verified.valid:
- good_sigs[verified.key_id[-8:]] = True
+ good_sigs[verified.fingerprint] = True
else:
sys.stderr.write("BAD SIGNATURE for %s\n" % filename)
if verified.key_id:
@@ -848,7 +848,10 @@ def get_siginfo(args, quiet=False):
sys.exit(1)
for id in good_sigs.keys():
- gpg = subprocess.Popen(['gpg', '--fingerprint', id],
+ # Most potential signers have public short keyid (32-bit) collisions in
+ # the https://evil32.com/ set, which has been uploaded to the
+ # keyservers, so generate the long keyid.
+ gpg = subprocess.Popen(['gpg', '--keyid-format', 'long',
'--fingerprint', id],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
rc = gpg.wait()
gpg_output = gpg.stdout.read()
