diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2018-11-12 11:48:03 -0800 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2018-11-12 11:59:44 -0800 |
| commit | e415018b9bc79da643a75a262c3c0fd20b8b22c8 (patch) | |
| tree | 6f54f1314e3c81bee656f7fd10ede9ac85e28660 /_plugins | |
| parent | bin/update.sh: tracing for "gpg: WARNING: nothing exported" (diff) | |
| download | www-e415018b9bc79da643a75a262c3c0fd20b8b22c8.tar.gz www-e415018b9bc79da643a75a262c3c0fd20b8b22c8.tar.bz2 www-e415018b9bc79da643a75a262c3c0fd20b8b22c8.zip | |
_plugins/wkd: check fingerprint is present
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to '_plugins')
| -rw-r--r-- | _plugins/wkd.rb | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/_plugins/wkd.rb b/_plugins/wkd.rb index 02b2402..1f0dcb1 100644 --- a/_plugins/wkd.rb +++ b/_plugins/wkd.rb @@ -9,6 +9,7 @@ module Gentoo DEV_KEYRING = '_data/active-devs.gpg' SERVICE_KEYRING = '_data/service-keys.gpg' WKD_DIR = '.well-known/openpgpkey/' + GPG_BASE_COMMAND = ['gpg', '--no-default-keyring', '--with-colon'] def generate(site) return if site.data['userinfo'].nil? @@ -19,16 +20,23 @@ module Gentoo [['current', DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| site.data['userinfo'][group].each do |nick, details| + gpg = GPG_BASE_COMMAND + ['--keyring', keyring] + # build a quick list of all fingerprints in this keyring + # IO.popen in a non-block context returns a list of lines + keyring_fps = IO.popen(gpg + ['--list-keys'], 'rt').grep(/^fpr/).map(&:strip).map { |l| l.split(':')[9].upcase } begin - fps = details['gpgfp'].map { |fp| fp.gsub(/\s+/, '') } - if not fps.empty? - IO.popen(['gpg', '--no-default-keyring', '--keyring', keyring, - '--export', *fps], mode='rb') { |p| - keydata = p.read - if not keydata.empty? - site.pages << WKDFile.new(site, nick, keydata) - end - } + fps = details['gpgfp'].map do |fp| + fp.gsub(/\s+/, '').upcase + end + # Check if there is any overlap in fingerprints + # otherwise GPG will print + # 'gpg: WARNING: nothing exported' + # for each call + next if fps.empty? + next if (keyring_fps & fps).empty? + IO.popen(gpg + ['--export', *fps], 'rb') do |p| + keydata = p.read + site.pages << WKDFile.new(site, nick, keydata) unless keydata.empty? end rescue # fail them silently @@ -55,7 +63,7 @@ module Gentoo end def render_with_liquid? - return false + false end end @@ -73,3 +81,4 @@ module Gentoo end end end +# vim:et ts=2 sts=2: |