changeset 36034:f3d8f61c425d

gpg: print unknown key IDs in their entirety Shortening the key is nice in theory but it results in ambiguity which can be exploited. Therefore, when encountering an unknown key ID we should print the whole ID returned by gpg. This may or may not be the whole key, however it will match the user preference set in gpg configuration. Furthermore, the key ID shortening had a couple of issues: (1) it truncated the key ID (dropping the last digit and outputting only 15 hex digits) making it very hard to find the correct key on a key server (2) since only 15 digits were fed into shortkey(), it always emitted the ui.debug() warning
author Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
date Sun, 11 Feb 2018 18:32:37 -0500
parents dae84ccebc57
children 95791b275b73
files hgext/gpg.py
diffstat 1 files changed, 1 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/hgext/gpg.py	Sun Feb 11 14:35:35 2018 +0100
+++ b/hgext/gpg.py	Sun Feb 11 18:32:37 2018 -0500
@@ -153,8 +153,7 @@
     # warn for expired key and/or sigs
     for key in keys:
         if key[0] == "ERRSIG":
-            ui.write(_("%s Unknown key ID \"%s\"\n")
-                     % (prefix, shortkey(ui, key[1][:15])))
+            ui.write(_("%s Unknown key ID \"%s\"\n") % (prefix, key[1]))
             continue
         if key[0] == "BADSIG":
             ui.write(_("%s Bad signature from \"%s\"\n") % (prefix, key[2]))
@@ -320,13 +319,6 @@
     except ValueError as inst:
         raise error.Abort(str(inst))
 
-def shortkey(ui, key):
-    if len(key) != 16:
-        ui.debug("key ID \"%s\" format error\n" % key)
-        return key
-
-    return key[-8:]
-
 def node2txt(repo, node, ver):
     """map a manifest into some text"""
     if ver == "0":