Better check

apache · Aug 25, 2024 · 7369423 · 7369423
1 parent 43d9cdc
commit 7369423
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -87,6 +87,10 @@ def validate_sig(attachment, signature, msgid)
     '--keyid-format', 'long', # Show a longer id
     '--verify', signature.path, attachment.path
 
+  # N.B. the code now always fetches the key, so it is guaranteed current.
+  # Might need to consider allowing for using a cached key if fetches fail frequently,
+  # but this should probably be on demand only
+
   # Look for the keyid so we can fetch the current key
   keyid = err[/[RD]SA key (ID )?(\w+)/,2]
   if keyid
@@ -105,7 +109,7 @@ def validate_sig(attachment, signature, msgid)
             '--batch', '--import', tmpfile
           # For later analysis
           Wunderbar.warn "#{gpg} --import #{tmpfile} rc=#{rc} out=#{out} err=#{err}"
-          if err.include?('imported: 1') or err.include?('unchanged: 1') # downloaded key is valid; store it for posterity
+          if err.include?('processed: 1') # downloaded key is valid; store it for posterity
             Dir.mktmpdir do |tmpdir|
               container = ASF::SVN.svnpath!('iclas', '__keys__')
               ASF::SVN.svn!('checkout',[container, tmpdir], {depth: 'empty', env: env})