| Commit message (Expand) | Author | Age | Files | Lines |
| * | autosign.bash: silence rename attempts•••For example, to-send.txt may not exist if there was no work to be done.
Fixes: dfa00dc31c2838e8bf89030d4b6df3c531bb5457
Signed-off-by: Sam James <sam@gentoo.org>
HEADmaster |  Sam James | 8 hours | 1 | -1/+1 |
| * | autosign.bash: rename intermediate/output files at startup•••This makes it easier to debug later rather than possibly having some
stale files mixed from previous runs.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 4 days | 1 | -0/+8 |
| * | Abort if revoking too many keys at once•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 4 days | 1 | -2/+7 |
| * | autosign.bash: use pipestatus for openpgp-key-upload•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 14 days | 1 | -1/+2 |
| * | autosign.bash: fix openpgp-key-upload invocation•••Fixes: 9954a7ac1b6f3f424fe73f123f81e5b315373db6
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 14 days | 1 | -1/+1 |
| * | autosign.bash: use /usr/local/bin/openpgp-key-upload if available•••/usr/local/bin/openpgp-key-upload will send to all known Gentoo keyservers
rather than the roundrobin.
The synchronisation proves brittle so let's be careful and use what
we tell devs to do.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 14 days | 1 | -4/+17 |
| * | autosign.bash: preserve $? in die•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 14 days | 1 | -1/+8 |
| * | autosign.bash: import gentoo-auth.asc from system's sec-keys/openpgp-keys-gen...•••Use sec-keys/openpgp-keys-gentoo-auth's /usr/share/openpgp-keys/gentoo-auth.asc
to refresh our authority key:
```
$ gpg --list-secret-keys
...
sec rsa2048 2019-04-01 [C] [expired: 2026-07-01]
```
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 14 days | 1 | -0/+4 |
| * | autosign.bash: add TODO for --command-fd + --status-fd to replace expect•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -0/+1 |
| * | autosign.bash: add TODO for configurable sanity check threshold on revocations•••I was going to implement this but with the error handling now, I am
curious as to if it can happen.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -0/+2 |
| * | autosign.bash: drop --batch from --check-trustdb•••With --batch, gpg will print the notice even with -q.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -1/+2 |
| * | autosign.bash: fix error handling•••One needs to use `wait` with read+procsubs (while read < <(...)), it
turns out.
Interestingly, https://old.reddit.com/r/bash/comments/m3eh2c/how_to_add_error_handling_to_a_while_loop/
even uses ldap too!
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -2/+2 |
| * | autosign.bash: always pass `--batch` to gpg where possible•••.. except for where we use `expect`.
Per gpg(1):
> It is highly recommended to use this option along with the options --status-fd
> and --with-colons for any unattended use of gpg. Should not be used in an option file.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -6/+7 |
| * | .gitignore: add more entries (from 'make clean')•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -0/+2 |
| * | .gitignore: ignore files created by `make check`•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -0/+2 |
| * | autosign.bash: 'exited w/' for $?•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -5/+5 |
| * | autosign.bash: $? needs quoting, duh•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -2/+2 |
| * | autosign.bash: drop semi-useless `die` to avoid mangling exit code•••We want pipestatus to see the real one to surface in an error message, so
don't use `die` prematurely where it can't result in exit (because subshell,
as we're not in an ebuild).
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -3/+2 |
| * | autosign.bash: handle gpg failure w/ pipestatus in get_signed_keys, refresh_keys•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -2/+4 |
| * | autosign.bash: use pipestatus more with pipelines•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -2/+4 |
| * | autosign.bash: handle failed ldapsearch•••I'd observed this back in https://github.com/gentoo/gentoo-authority-key/pull/4#issuecomment-2959920943
but didn't follow up on it as it seemed to be okay, but given we had
an issue where some (but not all dev keys) got revoked by the script,
let's be careful.
Check ${PIPESTATUS} (via the eapi9-pipestatus.eclass impl) after ldapsearch
in a subshell and exit if it failed.
ldapsearch(1) says:
> DIAGNOSTICS
> Exit status is zero if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.
so it should be OK.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -0/+18 |
| * | autosign.bash: move comment char•••Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2026-01-27 | 1 | -1/+1 |
| * | autosign.bash: add sanity check to not revoke all keys w/ bad LDAP connectivity•••Followup to b3522cd57c12b2a1cf2b750a9dc18b0ff5a40f2a. Add a sanity
check so we don't revoke every key we've signed in the case that our LDAP
query fails and gives no results.
Set AUTOSIGN_ALLOW_EMPTY_LDAP to override this.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2025-06-10 | 1 | -0/+8 |
| * | autosign.bash: pass --force-sign-key in sign_key•••We had an infra incident where TLS certificates didn't get refreshed
and then the LDAP call returned nothing (so all keys had their signatures
revoked). But even once that was fixed, gpg wouldn't actually add
a new signature -- I think because the expiry time ended up being the
same as the one added earlier.
Per gpg's docs, we want --force-sign-key to update notation data.
For a bit more detail: gpg gave "Nothing to sign with key", and it
turns out that is controlled by:
/* Fixme: see whether there is a revocation in which
* case we should allow signing it again. */
if (!node->pkt->pkt.signature->flags.exportable && local)
tty_fprintf ( fp,
_("\"%s\" was already locally signed by key %s\n"),
user, keystr_from_pk (pk));
else
tty_fprintf (fp,
_("\"%s\" was already signed by key %s\n"),
user, keystr_from_pk (pk));
if (opt.flags.force_sign_key
|| (opt.expert && !quick
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
_("Do you want to sign it "
"again anyway? (y/N) "))))
Note the extremely relevant FIXME.
Signed-off-by: Sam James <sam@gentoo.org>
|  Sam James | 2025-06-10 | 1 | -0/+1 |
| * | Support overriding the filter expression•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 2023-08-19 | 1 | -1/+1 |
| * | Add external timeout to revocation•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 2020-09-10 | 1 | -3/+1 |
| * | Make sure to kill old agent on startup•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 2020-09-07 | 1 | -0/+3 |
| * | Add a timeout for revsig output•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 2020-09-03 | 1 | -0/+2 |
| * | Fix hang on expired signatures•••Signed-off-by: Michał Górny <mgorny@gentoo.org>
|  Michał Górny | 2020-09-03 | 1 | -0/+2 |
| * | Fix sending expired keys |  Michał Górny | 2019-05-12 | 1 | -1/+1 |
| * | Fix recognizing dev UIDs to be case-insensitive |  Michał Górny | 2019-05-01 | 1 | -1/+1 |
| * | make check: Avoid asking for password |  Michał Górny | 2019-04-14 | 1 | -1/+1 |
| * | Send only keys that had successful change applied |  Michał Górny | 2019-04-14 | 1 | -6/+11 |
| * | Silence errors for non-existing keys•••If dev has non-existing keys in LDAP, just ignore them silently.
|  Michał Górny | 2019-04-11 | 1 | -1/+1 |
| * | Handle UIDs case-sensitively•••Apparently Gentoo developers manage to have two UIDs that differ only
by case.
|  Michał Górny | 2019-04-11 | 1 | -1/+1 |
| * | Support running without key upload |  Michał Górny | 2019-04-11 | 2 | -13/+16 |
| * | Use anonymous bind explicitly |  Michał Górny | 2019-04-10 | 1 | -1/+1 |
| * | Send updates to keyservers |  Michał Górny | 2019-03-03 | 2 | -4/+22 |
| * | Fix signing keys with colliding revoked UIDs |  Michał Górny | 2019-03-03 | 1 | -2/+4 |
| * | Expire signatures after one year |  Michał Górny | 2019-03-03 | 1 | -0/+1 |
| * | Add a policy URL to signatures |  Michał Górny | 2019-03-03 | 1 | -1/+3 |
| * | Makefile: also clean program's temporary files |  Michał Górny | 2019-02-26 | 1 | -1/+1 |
| * | Quiet trustdb checks |  Michał Górny | 2019-02-19 | 1 | -1/+1 |
| * | Add a Makefile with a trivial testing target |  Michał Górny | 2019-02-19 | 1 | -0/+16 |
| * | Initial version of autosigning script |  Michał Górny | 2019-02-19 | 1 | -0/+194 |