diff options
| author | fanquake <fanquake@gmail.com> | 2021-08-17 16:05:02 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2021-08-17 16:05:15 +0800 |
| commit | fdd80b0a53b4af0b29cb6e03118e2456d053a757 (patch) | |
| tree | 4c7c31ec9f3845a5a797d00566e4cf8ff1237f62 | |
| parent | f3dbd1c2b2bc2b8edae657f79a2d31820b428e86 (diff) | |
| parent | 4c43b7d41d11072f382f938379d21cd2e0bcbb47 (diff) | |
| download | bitcoin-fdd80b0a53b4af0b29cb6e03118e2456d053a757.tar.xz | |
Merge bitcoin/bitcoin#22688: contrib: use `keys.openpgp.org` to retrieve builder keys
4c43b7d41d11072f382f938379d21cd2e0bcbb47 contrib: use hkps://keys.openpgp.org to retrieve builder keys (fanquake)
Pull request description:
`hkps://hkps.pool.sks-keyservers.net` is essentially no-longer functional,
and a number of distributions and GPG tools have since switched to using
the `keys.openpgp.org` key server as their default.
See this Debian patch for additional context:
https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
Switch to using keys.openpgp.org in the CI as well.
ACKs for top commit:
MarcoFalke:
cr ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47
Zero-1729:
ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47
Tree-SHA512: e6c72b67778b76f81c659eee0e4195fea9e579587c64921affd35b9d46a077d4e8754b7fb85ca90a9a4bbc5cd5a47b0c6e4c9dbf9a335418a12f774d665e5a19
| -rwxr-xr-x | ci/lint/06_script.sh | 2 | ||||
| -rw-r--r-- | contrib/builder-keys/README.md | 2 | ||||
| -rw-r--r-- | contrib/verify-commits/README.md | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/ci/lint/06_script.sh b/ci/lint/06_script.sh index e38cfe8eef..c3c7619ef7 100755 --- a/ci/lint/06_script.sh +++ b/ci/lint/06_script.sh @@ -25,7 +25,7 @@ test/lint/lint-all.sh if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit - ${CI_RETRY_EXE} gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $(<contrib/verify-commits/trusted-keys) && + ${CI_RETRY_EXE} gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) && ./contrib/verify-commits/verify-commits.py --clean-merge=2; fi diff --git a/contrib/builder-keys/README.md b/contrib/builder-keys/README.md index a7c1d5ae0a..56bd87d0af 100644 --- a/contrib/builder-keys/README.md +++ b/contrib/builder-keys/README.md @@ -20,7 +20,7 @@ To fetch keys of builders and active developers, feed the list of fingerprints of the primary keys into gpg: ```sh -while read fingerprint keyholder_name; do gpg --keyserver hkp://subset.pool.sks-keyservers.net --recv-keys ${fingerprint}; done < ./keys.txt +while read fingerprint keyholder_name; do gpg --keyserver hkps://keys.openpgp.org --recv-keys ${fingerprint}; done < ./keys.txt ``` Add your key to the list if you provided Guix attestations for two major or diff --git a/contrib/verify-commits/README.md b/contrib/verify-commits/README.md index e95a57586f..b8b15280ba 100644 --- a/contrib/verify-commits/README.md +++ b/contrib/verify-commits/README.md @@ -40,7 +40,7 @@ Import trusted keys In order to check the commit signatures, you must add the trusted PGP keys to your machine. [GnuPG](https://gnupg.org/) may be used to import the trusted keys by running the following command: ```sh -gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys $(<contrib/verify-commits/trusted-keys) +gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) ``` Key expiry/revocation |