Skip to content

Failed PGP key validation provides error message that can be hard to understand

Checklist

NOTE: This bug template is meant to provide bug issues for code existing in the aurweb repository.

This bug template is not meant to handle bugs with user-uploaded packages. To report issues you might have found in a user-uploaded package, contact the package's maintainer in comments.

  • I confirm that this is an issue with aurweb's code and not a user-uploaded package.
  • I have described the bug in complete detail in the Description section.
  • I have specified steps in the Reproduction section.
  • I have included any logs related to the bug in the Logs section.
  • I have included the versions which are affected in the Version(s) section.

Description

When trying to add or update a PGP key on the AURweb user page the error message can be hard to understand. Given a key that's not matching the expected format it will print The PGP key fingerprint is invalid. without detailing what is wrong.

PGP/GPG themselves accept many different identifiers for selecting a key and while using the full fingerprint is the most secure and sane option using the short key ID is way more common. Sometimes keys are prefixed with 0x to indicate they are in hex format. This prefix isn't accepted either.

Reproduction

Go to https://aur.archlinux.org/account/USER/edit and enter anything that's not a valid 40 character hex value.

Logs

n/a

Version(s)

Currently deployed version of AURweb.

Note: I plan to provide a merge request to improve the error message.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information