[tbb-commits] [builders/rbm] branch main updated: Bug 40049: gpg_keyring should allow for array of keyrings

[gitolite role]

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main
in repository builders/rbm.

The following commit(s) were added to refs/heads/main by this push:
     new bf35e08  Bug 40049: gpg_keyring should allow for array of keyrings
bf35e08 is described below

commit bf35e085111a6ffce0c8f5eac49f9ae70ed377fc
Author: Richard Pospesel <richard at torproject.org>
AuthorDate: Wed Nov 23 09:49:10 2022 +0000

    Bug 40049: gpg_keyring should allow for array of keyrings
---
 lib/RBM/DefaultConfig.pm | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm
index 32072c4..b5d8e88 100644
--- a/lib/RBM/DefaultConfig.pm
+++ b/lib/RBM/DefaultConfig.pm
@@ -157,18 +157,41 @@ our %default_config = (
     gpg_bin         => 'gpg',
     gpg_args        => '',
     gpg_allow_expired_keys => 0,
-    gpg_keyring_path => sub {
+    gpg_keyring_args => sub {
         my ($project, $options) = @_;
         my $gpg_keyring = RBM::project_config($project, 'gpg_keyring', $options);
         return undef unless $gpg_keyring;
-        return $gpg_keyring if $gpg_keyring =~ m|^/|;
-        my $rootpath = RBM::rbm_path("keyring/$gpg_keyring");
-        return $rootpath if -f $rootpath;
-        for my $module (sort keys %{$RBM::config->{modules}}) {
-            my $modulepath = RBM::rbm_path("modules/$module/keyring/$gpg_keyring");
-            return $modulepath if -f $modulepath;
+        # handle both gpg_keyring being an array or a string
+        $gpg_keyring = ref $gpg_keyring eq 'ARRAY' ? $gpg_keyring : [ $gpg_keyring ];
+        # construct list of keyring paths
+        my @keyring_args = ();
+        foreach my $current_keyring (@$gpg_keyring) {
+            # check for absolute path
+            if ($current_keyring =~ m|^/|) {
+                push(@keyring_args, "--keyring $current_keyring");
+                goto FOUND_KEYRING;
+            }
+            # check for existence in the keyring directory
+            my $rootpath = RBM::rbm_path("keyring/$current_keyring");
+            if (-f $rootpath) {
+                push(@keyring_args, "--keyring $rootpath");
+                goto FOUND_KEYRING;
+            }
+            # check for keyring in module's keyring directory
+            for my $module (sort keys %{$RBM::config->{modules}}) {
+                my $modulepath = RBM::rbm_path("modules/$module/keyring/$current_keyring");
+                if (-f $modulepath) {
+                    push(@keyring_args, "--keyring $modulepath");
+                    goto FOUND_KEYRING;
+                }
+            }
+
+            # fallthrough implies keyring file not found
+            RBM::exit_error("keyring file $current_keyring is missing");
+            FOUND_KEYRING:
         }
-        RBM::exit_error("keyring file $gpg_keyring is missing")
+        my $args = join(" ", @keyring_args);
+        return $args;
     },
     # Make it possible for gpg_wrapper to allow git tag signed using an expired
     # key.
@@ -177,9 +200,8 @@ our %default_config = (
 #!/bin/bash
 export LC_ALL=C
 [%
-    IF c('gpg_keyring_path');
-        SET gpg_kr = '--keyring ' _ c('gpg_keyring_path')
-                     _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
+    IF c('gpg_keyring_args');
+        SET gpg_kr = c('gpg_keyring_args') _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
     END;
 -%]
 gpg_verify=0

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.