improve GPG checking to not emit bogus warning, and separately check trust

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1204498 13f79535-47bb-0310-9956-ffa450edef68
2011-11-21 13:54:41 +00:00 · 2011-11-21 13:54:41 +00:00 · abca92123b
parent 20a43ad9dc
commit abca92123b
1 changed files with 15 additions and 1 deletions
--- a/dev-tools/scripts/smokeTestRelease.py
+++ b/dev-tools/scripts/smokeTestRelease.py
@ -185,13 +185,27 @@ def checkSigs(project, urlString, version, tmpDir):
    verifyDigests(artifact, urlString, tmpDir)

    print '    verify sig'
-    # Test sig
+    # Test sig (this is done with a clean brand-new GPG world)
    download(artifact + '.asc', urlString + '.asc', tmpDir)
    sigFile = '%s/%s.asc' % (tmpDir, artifact)
    artifactFile = '%s/%s' % (tmpDir, artifact)
    logFile = '%s/%s.%s.gpg.verify.log' % (tmpDir, project, artifact)
    run('gpg --homedir %s --verify %s %s' % (gpgHomeDir, sigFile, artifactFile),
        logFile)
+    # Forward any GPG warnings, except the expected one (since its a clean world)
+    f = open(logFile, 'rb')
+    for line in f.readlines():
+      if line.lower().find('warning') != -1 \
+      and line.find('WARNING: This key is not certified with a trusted signature') == -1:
+        print '      GPG: %s' % line.strip()
+    f.close()
+
+    # Test trust (this is done with the real users config)
+    run('gpg --import %s' % (keysFile),
+        '%s/%s.gpg.trust.import.log 2>&1' % (tmpDir, project))
+    print '    verify trust'
+    logFile = '%s/%s.%s.gpg.trust.log' % (tmpDir, project, artifact)
+    run('gpg --verify %s %s' % (sigFile, artifactFile), logFile)
    # Forward any GPG warnings:
    f = open(logFile, 'rb')
    for line in f.readlines():