launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad/gpghandler-no-upload-option into lp:launchpad.

Commit message:
Add config.gpghandler.upload_keys option, which may be disabled to suppress uploading keys to the keyserver.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/gpghandler-no-upload-option/+merge/272511

Add config.gpghandler.upload_keys option, which may be disabled to suppress uploading keys to the keyserver.  Useful on dogfood where we don't want to upload generated PPA signing keys to keyserver.ubuntu.com.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/gpghandler-no-upload-option into lp:launchpad.

=== modified file 'lib/lp/services/config/schema-lazr.conf'
--- lib/lp/services/config/schema-lazr.conf	2015-09-08 11:56:33 +0000
+++ lib/lp/services/config/schema-lazr.conf	2015-09-26 02:58:08 +0000
@@ -779,6 +779,10 @@
 maps_api_key:
 
 [gpghandler]
+# Should we allow uploading keys to the keyserver?
+# datatype: boolean
+upload_keys: True
+
 # Host running PKS-like (SKS) keyserver Application.
 # datatype: ip_address_or_hostname
 host: keyserver.internal

=== modified file 'lib/lp/services/gpg/handler.py'
--- lib/lp/services/gpg/handler.py	2015-07-08 16:05:11 +0000
+++ lib/lp/services/gpg/handler.py	2015-09-26 02:58:08 +0000
@@ -1,4 +1,4 @@
-# Copyright 2009-2012 Canonical Ltd.  This software is licensed under the
+# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
 # GNU Affero General Public License version 3 (see the file LICENSE).
 
 __metaclass__ = type
@@ -453,8 +453,15 @@
 
         conn.close()
 
-    def uploadPublicKey(self, fingerprint):
+    def uploadPublicKey(self, fingerprint, logger=None):
         """See IGPGHandler"""
+        if not config.gpghandler.upload_keys:
+            if logger is not None:
+                logger.info(
+                    "Not submitting key to keyserver "
+                    "(disabled in configuration).")
+            return
+
         pub_key = self.retrieveKey(fingerprint)
         self._submitKey(pub_key.export())
 

=== modified file 'lib/lp/services/gpg/tests/test_gpghandler.py'
--- lib/lp/services/gpg/tests/test_gpghandler.py	2012-03-26 05:25:46 +0000
+++ lib/lp/services/gpg/tests/test_gpghandler.py	2015-09-26 02:58:08 +0000
@@ -1,13 +1,15 @@
-# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
+# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
 # GNU Affero General Public License version 3 (see the file LICENSE).
 
 from zope.component import getUtility
+from zope.security.proxy import removeSecurityProxy
 
 from lp.services.gpg.interfaces import (
     GPGKeyDoesNotExistOnServer,
     GPGKeyTemporarilyNotFoundError,
     IGPGHandler,
     )
+from lp.services.log.logger import BufferLogger
 from lp.services.timeout import (
     get_default_timeout_function,
     set_default_timeout_function,
@@ -168,3 +170,17 @@
             self.assertEqual('timeout exceeded.', error_report['value'])
         finally:
             set_default_timeout_function(old_timeout_function)
+
+    def test_uploadPublicKey_suppress_in_config(self):
+        self.useFixture(KeyServerTac())
+        logger = BufferLogger()
+        self.pushConfig("gpghandler", upload_keys=False)
+        self.populateKeyring()
+        fingerprint = list(self.gpg_handler.localKeys())[0].fingerprint
+        self.gpg_handler.uploadPublicKey(fingerprint, logger=logger)
+        self.assertEqual(
+            "INFO Not submitting key to keyserver "
+            "(disabled in configuration).\n", logger.getLogBuffer())
+        self.assertRaises(
+            GPGKeyDoesNotExistOnServer,
+            removeSecurityProxy(self.gpg_handler)._getPubKey, fingerprint)