"Darshit Shah" <[email protected]> writes: > I don't have push access to gnulib, so could you please push it for me?
I ended up pushing the patch below. There are several considerations here: * We want the OpenPGP Key identifier to be mentioned in the e-mail, it provides a strong hash-based coupling between the (hopefully signed) e-mail and the resulting retrieved OpenPGP key. Searching keys based on email address, or downloading a URL, introduces trust on some remote server to offer the correct key. While the OpenPGP key IDs is user unfriendly, I think this should remain the preferred (and thus first) suggestion in the list of commands to try because it offers extra resiliance. * I settled on suggesting the simple 'gpg --locate-external-key', which requires a bit more modern GnuPG, see [1] for further discussion. * A developer may want to put gpg_key_email="" or gpg_keyring_url="" in cfg.mk to avoid adding these lines to the announcement. * I moved the default URL from announce-gen to maint.mk, mostly to make the code to support the previous point easier. /Simon [1] https://gitlab.com/libidn/libidn2/-/issues/98#note_635780242
From 2ca890b56420158076f9027ef432311a5645fc2b Mon Sep 17 00:00:00 2001 From: Simon Josefsson <[email protected]> Date: Mon, 14 Mar 2022 11:14:50 +0100 Subject: [PATCH] maintainer-makefile: Improve GnuPG announce-gen options. * top/maint.mk (gpg_key_emil): New variable. (gpg_keyring_url): New variable. (announcement): Pass them as --gpg-key-email and --gpg-keyring-url. --- ChangeLog | 6 ++++++ top/maint.mk | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index e68ce4546b..1f60d9a44c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,12 @@ (main): Don't suggest 'gpg --keyserver' since the situation with public key servers is complicated and GnuPG version dependent. + maintainer-makefile: Improve GnuPG announce-gen options. + * top/maint.mk (gpg_key_emil): New variable. + (gpg_keyring_url): New variable. + (announcement): Pass them as --gpg-key-email and + --gpg-keyring-url. + 2022-03-13 Ben Pfaff <[email protected]> Document Automake 1.14 requirement in NEWS, too, since it had been diff --git a/top/maint.mk b/top/maint.mk index 92cef425cf..b9f483bf97 100644 --- a/top/maint.mk +++ b/top/maint.mk @@ -1391,6 +1391,11 @@ gpg_key_ID ?= \ && git cat-file tag v$(VERSION) \ | $(gpgv) --status-fd 1 --keyring /dev/null - - 2>/dev/null \ | $(AWK) '/^\[GNUPG:\] ERRSIG / {print $$3; exit}') +gpg_key_email ?= \ + $$(gpg --list-key --with-colons $(gpg_key_ID) 2>/dev/null \ + | $(AWK) -F: '/^uid/ {print $$10; exit}' \ + | $(SED) -n 's/.*<\(.*\)>/\1/p') +gpg_keyring_url ?= https://savannah.gnu.org/project/release-gpgkeys.php?group=$(PACKAGE)&download=1 translation_project_ ?= [email protected] @@ -1421,6 +1426,10 @@ announcement: NEWS ChangeLog $(rel-files) --prev=$(PREV_VERSION) \ --curr=$(VERSION) \ --gpg-key-id=$(gpg_key_ID) \ + $$(test -n "$(gpg_key_email)" && \ + echo --gpg-key-email="$(gpg_key_email)") \ + $$(test -n "$(gpg_keyring_url)" && \ + echo --gpg-keyring-url="$(gpg_keyring_url)") \ --srcdir=$(srcdir) \ --news=$(srcdir)/NEWS \ --bootstrap-tools=$(bootstrap-tools) \ -- 2.30.2
signature.asc
Description: PGP signature
