[tor-commits] [builders/rbm] branch main updated: Bug 40049: gpg_keyring should allow for array of keyrings
gitolite role
git at cupani.torproject.org
Fri Dec 2 13:56:01 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch main
in repository builders/rbm.
The following commit(s) were added to refs/heads/main by this push:
new bf35e08 Bug 40049: gpg_keyring should allow for array of keyrings
bf35e08 is described below
commit bf35e085111a6ffce0c8f5eac49f9ae70ed377fc
Author: Richard Pospesel <richard at torproject.org>
AuthorDate: Wed Nov 23 09:49:10 2022 +0000
Bug 40049: gpg_keyring should allow for array of keyrings
---
lib/RBM/DefaultConfig.pm | 44 +++++++++++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 11 deletions(-)
diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm
index 32072c4..b5d8e88 100644
--- a/lib/RBM/DefaultConfig.pm
+++ b/lib/RBM/DefaultConfig.pm
@@ -157,18 +157,41 @@ our %default_config = (
gpg_bin => 'gpg',
gpg_args => '',
gpg_allow_expired_keys => 0,
- gpg_keyring_path => sub {
+ gpg_keyring_args => sub {
my ($project, $options) = @_;
my $gpg_keyring = RBM::project_config($project, 'gpg_keyring', $options);
return undef unless $gpg_keyring;
- return $gpg_keyring if $gpg_keyring =~ m|^/|;
- my $rootpath = RBM::rbm_path("keyring/$gpg_keyring");
- return $rootpath if -f $rootpath;
- for my $module (sort keys %{$RBM::config->{modules}}) {
- my $modulepath = RBM::rbm_path("modules/$module/keyring/$gpg_keyring");
- return $modulepath if -f $modulepath;
+ # handle both gpg_keyring being an array or a string
+ $gpg_keyring = ref $gpg_keyring eq 'ARRAY' ? $gpg_keyring : [ $gpg_keyring ];
+ # construct list of keyring paths
+ my @keyring_args = ();
+ foreach my $current_keyring (@$gpg_keyring) {
+ # check for absolute path
+ if ($current_keyring =~ m|^/|) {
+ push(@keyring_args, "--keyring $current_keyring");
+ goto FOUND_KEYRING;
+ }
+ # check for existence in the keyring directory
+ my $rootpath = RBM::rbm_path("keyring/$current_keyring");
+ if (-f $rootpath) {
+ push(@keyring_args, "--keyring $rootpath");
+ goto FOUND_KEYRING;
+ }
+ # check for keyring in module's keyring directory
+ for my $module (sort keys %{$RBM::config->{modules}}) {
+ my $modulepath = RBM::rbm_path("modules/$module/keyring/$current_keyring");
+ if (-f $modulepath) {
+ push(@keyring_args, "--keyring $modulepath");
+ goto FOUND_KEYRING;
+ }
+ }
+
+ # fallthrough implies keyring file not found
+ RBM::exit_error("keyring file $current_keyring is missing");
+ FOUND_KEYRING:
}
- RBM::exit_error("keyring file $gpg_keyring is missing")
+ my $args = join(" ", @keyring_args);
+ return $args;
},
# Make it possible for gpg_wrapper to allow git tag signed using an expired
# key.
@@ -177,9 +200,8 @@ our %default_config = (
#!/bin/bash
export LC_ALL=C
[%
- IF c('gpg_keyring_path');
- SET gpg_kr = '--keyring ' _ c('gpg_keyring_path')
- _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
+ IF c('gpg_keyring_args');
+ SET gpg_kr = c('gpg_keyring_args') _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
END;
-%]
gpg_verify=0
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list