Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: use long format for gpg fingerprint #9258

Closed
wants to merge 1 commit into from

Conversation

MylesBorins
Copy link
Contributor

Checklist
  • commit message follows commit guidelines
Affected core subsystem(s)

tools

Description of change

Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the while around short keys.

@nodejs/release can you test that this works on your machine? You should be able to run it on a release you have signed with the following command

./tools/release.sh -s v6.9.1

This should take you through the entire signing process, and you can then opt not to upload

Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the while around short keys.
@MylesBorins MylesBorins added this to the v4.6.2 milestone Oct 24, 2016
@nodejs-github-bot nodejs-github-bot added the tools Issues and PRs related to the tools directory. label Oct 24, 2016
@MylesBorins MylesBorins removed this from the v4.6.2 milestone Oct 26, 2016
@rvagg
Copy link
Member

rvagg commented Oct 30, 2016

Are you sure this is fixing what you think it is? What is the failure message you're getting.

$gpgfing is only used to match the key in README.md and nothing more. Perhaps your problems are something else, like the recent gpg on OSX update that changed the output format and 6845d6e was designed to address. Did you have that commit on your branch when you signed?

@MylesBorins
Copy link
Contributor Author

@rvagg without this commit I was unable to get the tool to work. The key that was being compared was using the short format, but the signed commit had the long version.

With this commit everything was working as expected

/cc @jbergstroem who was working with me when I dealt with the problems

@jbergstroem
Copy link
Member

I don't have much to add other than finding out that they key that was used to sign was in the long format. In general, its always safer to use the long format.

@rvagg
Copy link
Member

rvagg commented Nov 3, 2016

ok, odd, but since we control the README format then this lgtm

@MylesBorins
Copy link
Contributor Author

/cc @nodejs/build can I get some more thumbs up on this please

MylesBorins added a commit to MylesBorins/node that referenced this pull request Nov 7, 2016
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the wild around short keys.

PR-URL: nodejs#9258
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
@MylesBorins MylesBorins closed this Nov 7, 2016
@MylesBorins
Copy link
Contributor Author

landed in b315e24

MylesBorins added a commit that referenced this pull request Nov 7, 2016
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the wild around short keys.

PR-URL: #9258
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
MylesBorins added a commit that referenced this pull request Nov 7, 2016
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the wild around short keys.

PR-URL: #9258
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
MylesBorins added a commit that referenced this pull request Nov 7, 2016
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the wild around short keys.

PR-URL: #9258
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
@MylesBorins MylesBorins mentioned this pull request Nov 7, 2016
evanlucas pushed a commit that referenced this pull request Nov 7, 2016
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.

It would also be wise to be using the long format on keys based on some
attacks that hack been found in the wild around short keys.

PR-URL: #9258
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
@MylesBorins MylesBorins mentioned this pull request Nov 22, 2016
@MylesBorins MylesBorins deleted the long-format-key branch November 14, 2017 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tools Issues and PRs related to the tools directory.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants