add .gpg url (match github behaviour) #4193
Conversation
techknowlogick
added
type/enhancement
| var buf bytes.Buffer | ||
| for i := range keys { | ||
| buf.WriteString(keys[i]) | ||
| buf.WriteString("\n") |
There was a problem hiding this comment.
If you check GitHub's behaviour with multiple keys, it's not just concatenating the BEGIN PGP PUBLIC KEY BLOCK blocks, but instead merging multiple keys into a single block. Not sure how it's done, but if we want to keep compatibilty, we should also do that.
There was a problem hiding this comment.
Actually it seems rather simple to merge with the gpg tool. Add both keys to a keyring and then do a gpg --armor --export without any additional arguments. This will output a merged block containing all the keys. Hopefully this is possible in pure go too.
There was a problem hiding this comment.
This is helpful, and get's me pointed in the right direction. Thank you. Now to see how to do this in pure go, time to go read some documentation/dig through code.
There was a problem hiding this comment.
I haven't tested but it might be enough to call Serialize on each key to the same writer. https://sourcegraph.com/github.com/keybase/go-crypto@670ebd3adf7a737d69ffe83a777a8e34eadc1b32/-/blob/openpgp/ecdh_test.go#L343
bkcsoft
added
the
lgtm/need 2
|
|
||
| var buf bytes.Buffer | ||
| for i := range keys { | ||
| buf.WriteString(keys[i]) |
There was a problem hiding this comment.
Should be keys[i].Content who contain the armored key.
models/user.go
Outdated
| @@ -655,7 +655,7 @@ func NewGhostUser() *User { | |||
|
|
|||
| var ( | |||
| reservedUsernames = []string{"assets", "css", "explore", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatars", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "error", "new", ".", ".."} | |||
| reservedUserPatterns = []string{"*.keys"} | |||
| reservedUserPatterns = []string{"*.keys", ".gpg"} | |||
There was a problem hiding this comment.
Thanks for catching that @silverwind. Changing it now.
|
Status update: I'm running into problems getting go to generate the base64 armor export of the entire keyring in pure go. I need to think some more and read some more documentation. |
|
I guess if the necessary API just isn't there, we could opt for having the keys in multiple parts, until a better solution is found. |
techknowlogick
added
issue/confirmed
|
I have tested furthermore and we don't have enough data in the database to reconstruct the original GPG key as we only store the public key and not the signature and also other information like linked identities. The simple way to fix this would be to store the original import to a new column or table after that it should be easy to use them to join them in a single export. |
|
Closing in support for @sapk's PR |
Fix #3049
Note this is a WIP and I haven't actually tested that this works. Once I test it I will remove this message and mark as ready to review.