Mercurial > p > roundup > code

changeset 8488:7142740e6547

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge heads: CHANGES.txt also whitespace fixups.
author John Rouillard <rouilj@ieee.org>
date Mon, 08 Dec 2025 23:05:26 -0500
parents e2d0f36c525d (diff) b09ef85f0da6 (current diff)
children 4e0944649af7
files CHANGES.txt doc/admin_guide.txt doc/installation.txt roundup/configuration.py
diffstat 10 files changed, 34 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/.github/workflows/anchore.yml	Mon Dec 08 00:23:14 2025 -0500
+++ b/.github/workflows/anchore.yml	Mon Dec 08 23:05:26 2025 -0500
@@ -37,13 +37,13 @@
     runs-on: ubuntu-latest
     steps:
     - name: Checkout the code
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - name: Build the Docker image
       run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest
     - name: List the Docker image
       run: docker image ls
     - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-      uses: anchore/scan-action@568b89d27fc18c60e56937bff480c91c772cd993 # 7.1.0
+      uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # 7.2.1
       id: scan
       with:
         image: "localbuild/testimage:latest"
--- a/.github/workflows/build-xapian.yml	Mon Dec 08 00:23:14 2025 -0500
+++ b/.github/workflows/build-xapian.yml	Mon Dec 08 23:05:26 2025 -0500
@@ -42,11 +42,11 @@
         # if: {{ false }}
           # continue running if step fails
         # continue-on-error: true
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
         # Setup version of Python to use
       - name: Set Up Python 3.13
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: 3.13
           allow-prereleases: true
--- a/.github/workflows/ci-test.yml	Mon Dec 08 00:23:14 2025 -0500
+++ b/.github/workflows/ci-test.yml	Mon Dec 08 23:05:26 2025 -0500
@@ -116,11 +116,11 @@
         # if: {{ false }}
           # continue running if step fails
         # continue-on-error: true
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       # Setup version of Python to use
       - name: Set Up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ matrix.python-version }}
           allow-prereleases: true
@@ -331,7 +331,7 @@
       - name: Upload coverage to Coveralls
         # python 2.7 and 3.6 versions of coverage can't produce lcov files.
         if: matrix.python-version != '2.7' && matrix.python-version != '3.6'
-        uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6
+        uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           path-to-lcov: coverage.lcov
@@ -367,7 +367,7 @@
     
     steps:
       - name: Coveralls Finished
-        uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6
+        uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7
         with:
           github-token: ${{ secrets.github_token }}
           parallel-finished: true
--- a/.github/workflows/codeql-analysis.yml	Mon Dec 08 00:23:14 2025 -0500
+++ b/.github/workflows/codeql-analysis.yml	Mon Dec 08 23:05:26 2025 -0500
@@ -49,7 +49,7 @@
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
--- a/.github/workflows/ossf-scorecard.yml	Mon Dec 08 00:23:14 2025 -0500
+++ b/.github/workflows/ossf-scorecard.yml	Mon Dec 08 23:05:26 2025 -0500
@@ -35,7 +35,7 @@
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
--- a/CHANGES.txt	Mon Dec 08 00:23:14 2025 -0500
+++ b/CHANGES.txt	Mon Dec 08 23:05:26 2025 -0500
@@ -58,6 +58,8 @@
   uuid.uuid4 otherwise. Logging also supports a trace_reason log token
   with the url for a web request. The logging format can be changed in
   config.ini. (John Rouillard)
+- issue2551152 - added basic PGP setup/use info to admin_guide. (John
+  Rouillard)
 
 2025-07-13 2.5.0
 
--- a/doc/admin_guide.txt	Mon Dec 08 00:23:14 2025 -0500
+++ b/doc/admin_guide.txt	Mon Dec 08 23:05:26 2025 -0500
@@ -286,7 +286,6 @@
 tracker's interfaces.py file. See the :ref:`module docs for the
 logcontext module <logcontext_pydoc>` for details.
 
-	   
 Advanced Logging Setup
 ----------------------
 
@@ -1939,9 +1938,28 @@
 
   gpg --homedir /path/to/tracker/gpg --import user-public-key.asc
 
+You may also be able to get it from a public keyserver using::
+
+  gpg --recv-keys KEYID
+
+where the ``KEYID`` is supplied by the roundup user.
+
 While Roundup supports multiple addresses for each user, only the
 primary address supports PGP signed or encrypted messages.
 
+You should verify that the public key is sane and has few signatures
+attached. You can import a key into a throw away keystore::
+
+  mkdir throwaway
+  gpg --homedir throwaway -- import user-public-key.asc
+  gpg --homedir throwaway --list-sigs
+
+and verify that the number of sig lines is small (under 10 or so). If
+it takes a long time to import you can kill the import without
+affecting your production keystore. Large numbers of sig lines can
+take a long time to import/access when compressed. See:
+https://nvd.nist.gov/vuln/detail/CVE-2022-3219.
+
 .. comment:
    Questions:
 
--- a/doc/installation.txt	Mon Dec 08 00:23:14 2025 -0500
+++ b/doc/installation.txt	Mon Dec 08 23:05:26 2025 -0500
@@ -257,7 +257,7 @@
   If nanoid_ is installed, it is used to generate short unique
   ids to link all logging to a single request. If not installed,
   uuid4's from the standard library are used.
-  
+
 jinja2
   To use the jinja2 template (may still be experimental, check out
   its TEMPLATE-INFO.txt file) you need
--- a/roundup/configuration.py	Mon Dec 08 00:23:14 2025 -0500
+++ b/roundup/configuration.py	Mon Dec 08 23:05:26 2025 -0500
@@ -2445,7 +2445,7 @@
                 isinstance(value, str) and
                 getattr(record, name) == "MainProcess"):
                 setattr(record, name, value)
-                    
+
         record.pct_char = "%"
         record.ROUNDUP_CONTEXT_FILTER_CALLED = True
 
--- a/scripts/Docker/Dockerfile	Mon Dec 08 00:23:14 2025 -0500
+++ b/scripts/Docker/Dockerfile	Mon Dec 08 23:05:26 2025 -0500
@@ -26,7 +26,7 @@
 # Note this is the index digest for the image, not the manifest digest.
 # The index digest is shared across archetectures (amd64, arm64 etc.)
 # while the manifest digest is unique per platform/arch.
-ARG SHA256=8373231e1e906ddfb457748bfc032c4c06ada8c759b7b62d9c73ec2a3c56e710
+ARG SHA256=b80c82b1a282283bd3e3cd3c6a4c895d56d1385879c8c82fa673e9eb4d6d4aa5
 
 # Set to any non-empty value to enable shell debugging for troubleshooting
 ARG VERBOSE=
Roundup Issue Tracker: http://roundup-tracker.org/