mirror of
https://gerrit.hackerspace.pl/hscloud
synced 2024-10-15 05:57:46 +00:00
tools/secretstore: fix gpg encryption for expired key
We also set --trust-model=always, as we explicitly ship GPG fingerprints, so there's no need to rely on GPG's web of trust shenanigans. Change-Id: If2976130315c044f1d1727c61a6f6d489c876a52
This commit is contained in:
parent
4e534cc03c
commit
f97c9688d5
1 changed files with 14 additions and 2 deletions
|
@ -49,6 +49,10 @@ keys = [
|
|||
"0879F9FCA1C836677BB808C870FD60197E195C26", # implr
|
||||
]
|
||||
|
||||
# Currently, Patryk's GPG key is expired. This hacks around that by pretending
|
||||
# it's January 2021.
|
||||
# TODO(q3k/patryk): remove this once Patryk updates his key.
|
||||
systime = '20210101T000000'
|
||||
|
||||
_logger_name = __name__
|
||||
if _logger_name == '__main__':
|
||||
|
@ -61,7 +65,15 @@ class CLIException(Exception):
|
|||
|
||||
|
||||
def encrypt(src, dst):
|
||||
cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
|
||||
cmd = [
|
||||
'gpg' ,
|
||||
'--encrypt',
|
||||
'--faked-system-time', systime,
|
||||
'--trust-model', 'always',
|
||||
'--armor',
|
||||
'--batch', '--yes',
|
||||
'--output', dst,
|
||||
]
|
||||
for k in keys:
|
||||
cmd.append('--recipient')
|
||||
cmd.append(k)
|
||||
|
@ -80,7 +92,7 @@ def _encryption_key_for_fingerprint(fp):
|
|||
Returns the encryption key ID for a given GPG fingerprint (eg. one from the
|
||||
'keys' list.
|
||||
"""
|
||||
cmd = ['gpg', '-k', '--keyid-format', 'long', fp]
|
||||
cmd = ['gpg', '-k', '--faked-system-time', systime, '--keyid-format', 'long', fp]
|
||||
res = subprocess.check_output(cmd).decode()
|
||||
|
||||
# Sample output:
|
||||
|
|
Loading…
Reference in a new issue