Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use gpg --homedir option in update_signing-keys.pl (#27878) #56

Open
wants to merge 1 commit into
base: master
from
Open
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -1,6 +1,7 @@
#!/usr/bin/env perl
use strict;
use warnings;
use File::Temp qw/tempdir/; # https://metacpan.org/pod/File::Temp

# This script automatically updates the .wmi file with gpg as per:
my $keysfile = "include/keys.txt";
@@ -18,6 +19,8 @@
my $root = "$1/../..";
chdir $root or die "Could not enter $root: $! (script path: $0)\n";

my $gpghomedir = tempdir(CLEANUP => 1, chmod => 0700);

open my $kf, '<', "$keysfile" # read keys
or die "Could not open $keysfile: $!\n";

@@ -101,18 +104,19 @@
}

# we update collected keys for this application and create a string of them
my $gpgcmd = "gpg --keyid-format 0xlong --fingerprint --with-subkey-fingerprints";
my $gpgcmd = "gpg2 --homedir $gpghomedir ";
my $gpgoptions = "--keyid-format 0xlong --fingerprint --with-subkey-fingerprints";
foreach my $key (@keysforapp) {
# update keys
if ($forcekeyupdates or not $skipkeyupdates) {
print "\nFetching $key\n";
my $gpgresult;
do { $gpgresult = system "gpg --recv-key $key"; sleep 1; }
do { $gpgresult = system "$gpgcmd --recv-key $key"; sleep 1; }
while ($gpgresult != 0);
}

# add output to key string
my $str = qx/$gpgcmd $key/;
my $str = qx/$gpgcmd $gpgoptions $key/;
# replace html codes
$str =~ s/</&lt;/g; $str =~ s/>/&gt;/g; $str =~ s/@/#/g; $str =~ s/@/&at;/g;
$keys .= "$str";
@@ -124,7 +128,7 @@
my $owner = "The Tor Browser Developers";
die "Did not findTor Browser signing key.\n" if ($owners{$owner} eq '');
# save Tor Browser signing key subkey fingerprints to $fpfile
my @fp = qx/$gpgcmd $owners{$owner}|grep "Key fingerprint"/;
my @fp = qx/$gpgcmd $gpgoptions $owners{$owner}|grep "Key fingerprint"/;
shift @fp; # remove primary key fingerprint
$subkey_fingerprints .= join ('', map { s/^\s+Key fingerprint = //; "$_" } @fp);
if (open my $fpout, '>', "$fpfile.temp") {
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.