diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 22:58:22 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-04-21 22:59:21 -0700 |
commit | 6f2406784ca98884a9c303baed18e0b06540ad6d (patch) | |
tree | 997d0a2ae0addd279c455f82bd27d960ff010959 /_plugins | |
parent | Revert "wkd: log commands" (diff) | |
download | www-6f2406784ca98884a9c303baed18e0b06540ad6d.tar.gz www-6f2406784ca98884a9c303baed18e0b06540ad6d.tar.bz2 www-6f2406784ca98884a9c303baed18e0b06540ad6d.zip |
Revert "wkd: only trim if the key is too large"
This reverts commit 25f5d6b9c8685ec3a8ebbffb0e1cf7329dfd39b1.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to '_plugins')
-rw-r--r-- | _plugins/wkd.rb | 35 |
1 files changed, 12 insertions, 23 deletions
diff --git a/_plugins/wkd.rb b/_plugins/wkd.rb index c120e21..9c8cf45 100644 --- a/_plugins/wkd.rb +++ b/_plugins/wkd.rb @@ -27,39 +27,28 @@ module Gentoo '--preserve-permissions', '--quiet', '--with-colon', + # Some dev keys exceed the 256K buffer of MAX_WKD_RESULT_LENGTH + # https://github.com/gpg/gnupg/blob/master/g10/call-dirmngr.c#L44-L47 + # This causes an error: + # gpg: error retrieving '...@gentoo.org' via WKD: Provided object is too large + # + # To mitigate it: + # export-clean: removes non-usable userIDs, signatures. + # no-export-attributes turns off Photo UIDs, which can easily get large. + '--export-options', 'export-clean,no-export-attributes', ].freeze - GPG_SHRINK_KEYS = [ - # Some dev keys exceed the 256K buffer of MAX_WKD_RESULT_LENGTH - # https://github.com/gpg/gnupg/blob/master/g10/call-dirmngr.c#L44-L47 - # This causes an error: - # gpg: error retrieving '...@gentoo.org' via WKD: Provided object is too large - # - # To mitigate it: - # export-clean: removes non-usable userIDs, signatures. - # no-export-attributes turns off Photo UIDs, which can easily get large. - '--export-options', 'export-clean,no-export-attributes', - ].freeze def generate_each_nick(site, keyring, nick, fps, email_domain) # Do not run if we have no fingerprints to do # otherwise GPG will print 'gpg: WARNING: nothing exported' return if fps.empty? gpg = GPG_BASE_COMMAND + Array(keyring).flatten.map {|k_| %w(--keyring) + Array(k_)}.flatten - keydata = nil IO.popen(gpg + ['--export', *fps], 'rb') do |p| keydata = p.read + next if keydata.empty? + site.pages << WKDFile.new(site, nick, keydata) + site.pages << WKDFile.new(site, nick, keydata, email_domain) end - # If it's larger than 256K, it will trip the too large error, so only minimize selectively. - if keydata.length >= 256*1024 then - STDERR.puts("# Key for #{nick}@#{email_domain} with #{fps.inspect} is too large, #{keydata.length} bytes; using export-clean") - keydata = '' - IO.popen(gpg + GPG_SHRINK_KEYS + ['--export', *fps], 'rb') do |p| - keydata = p.read - end - end - return if keydata.empty? - site.pages << WKDFile.new(site, nick, keydata) - site.pages << WKDFile.new(site, nick, keydata, email_domain) end def get_fingerprints_from_keyring(keyring) |