This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/comdev-people.git
The following commit(s) were added to refs/heads/main by this push:
new 01e92b2 Weed out expired and revoked keys
01e92b2 is described below
commit 01e92b2d1b22004363d17fc48694c9b2be54b741
Author: Sebb <[email protected]>
AuthorDate: Sat Jun 21 23:18:41 2025 +0100
Weed out expired and revoked keys
---
tools/pgp.lua | 52 +++++++++++++++++++++++++++++++---------------------
1 file changed, 31 insertions(+), 21 deletions(-)
diff --git a/tools/pgp.lua b/tools/pgp.lua
index 2571979..eaa60c2 100644
--- a/tools/pgp.lua
+++ b/tools/pgp.lua
@@ -152,35 +152,45 @@ for uid, entry in pairs(people.people) do
end
end
local found = false
+ local badkey = false
local ok, data = pgpfunc('--fingerprint', skey)
if ok then
- local id,_ = data:match(" ([0-9a-fA-F ]+)\n")
- if id then
- local ok, body = pgpfunc('--export', '--armor', skey)
- if ok then
- -- only store the key id if it was found
- found = true
- keys[uid] = keys[uid] or {}
- table.insert(keys[uid], key)
- log:write("Writing key " .. key .. " for " .. uid ..
"...\n")
- local f = io.open("/var/www/html/keys/committer/" ..
uid .. ".asc", "a")
- f:write("ASF ID: " .. uid .. "\n")
- f:write("LDAP PGP key: " .. key .. "\n\n")
- f:write(id)
- f:write("\n")
- f:write(body)
- f:write("\n")
- f:close()
+ -- Lua does not have alternation '(revoked|expired)'', so
match 1st letter and last 2
+ badkey,_ = data:match("pub .+%[([re].+ed): ")
+ if badkey then
+ log:write(("User: %s key %s - invalid (%s)\n"):format(uid,
key, badkey))
+ invalid = invalid + 1
+ badkeys[uid][key] = ("invalid key (%s)"):format(badkey)
+ else
+ local id,_ = data:match(" ([0-9a-fA-F ]+)\n")
+ if id then
+ local ok, body = pgpfunc('--export', '--armor', skey)
+ if ok then
+ -- only store the key id if it was found
+ found = true
+ keys[uid] = keys[uid] or {}
+ table.insert(keys[uid], key)
+ log:write("Writing key " .. key .. " for " .. uid
.. "...\n")
+ local f = io.open("/var/www/html/keys/committer/"
.. uid .. ".asc", "a")
+ f:write("ASF ID: " .. uid .. "\n")
+ f:write("LDAP PGP key: " .. key .. "\n\n")
+ f:write(data)
+ f:write("\n")
+ f:write(body)
+ f:write("\n")
+ f:close()
+ else
+ log:write(("User: %s key %s - export
failed:\n%s\n"):format(uid, skey, body))
+ end
else
- log:write(("User: %s key %s - export
failed:\n%s\n"):format(uid, skey, body))
+ log:write(("User: %s key %s - could not extract
fingerprint:\n%s\n"):format(uid, skey, data))
end
- else
- log:write(("User: %s key %s - could not extract
fingerprint:\n%s\n"):format(uid, skey, data))
end
else
log:write(("User: %s key %s - fingerprint
failed:\n%s\n"):format(uid, skey, data))
end
- if not found then
+ -- if badkey, then it has already been reported
+ if not found and not badkey then
log:write(("User: %s key %s - not found\n"):format(uid, skey))
failed = failed + 1
badkeys[uid][key] = 'key not found'
