VCS: Avoid need to manually flush cache on changing setting

See WeblateOrg#4073
TheWitness · Jun 22, 2020 · c3c6dd0 · c3c6dd0
1 parent 2ad1ad3
commit c3c6dd0
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/docs/admin/config.rst b/docs/admin/config.rst
@@ -1607,11 +1607,9 @@ Identity used by Weblate to sign Git commits, for example:
 
     WEBLATE_GPG_IDENTITY = 'Weblate <[email protected]>'
 
-.. warning::
-
-    Clean the cache if you change this setting, to clear info about its key is otherwise being
-    cached for seven days. This does not apply for initial setup, as nothing is cached
-    if this feature is not configured.
+The matching key is searched in Weblate GPG keyring (:file:`home/.gnupg` under
+:setting:`DATA_DIR`), if it is not found the key is generated, see
+:ref:`gpg-sign` for more details.
 
 .. seealso::
 

diff --git a/weblate/vcs/gpg.py b/weblate/vcs/gpg.py
@@ -23,6 +23,7 @@
 from django.conf import settings
 from django.core.cache import cache
 from django.utils.encoding import force_str
+from siphashc import siphash
 
 from weblate.trans.util import (
     add_configuration_error,
@@ -91,25 +92,33 @@ def get_gpg_key(silent=False):
         return None
 
 
+def gpg_cache_key(suffix):
+    return "gpg:{}:{}".format(
+        siphash("Weblate GPG hash", settings.WEBLATE_GPG_IDENTITY), suffix
+    )
+
+
 def get_gpg_sign_key():
     """High level wrapper to cache key ID."""
     if not settings.WEBLATE_GPG_IDENTITY:
         return None
-    keyid = cache.get("gpg-key-id")
+    cache_key = gpg_cache_key("id")
+    keyid = cache.get(cache_key)
     if keyid is None:
         keyid = get_gpg_key(silent=True)
         if keyid is None:
             keyid = generate_gpg_key()
         if keyid:
-            cache.set("gpg-key-id", keyid, 7 * 86400)
+            cache.set(cache_key, keyid, 7 * 86400)
     return keyid
 
 
 def get_gpg_public_key():
     key = get_gpg_sign_key()
     if key is None:
         return None
-    data = cache.get("gpg-key-public")
+    cache_key = gpg_cache_key("public")
+    data = cache.get(cache_key)
     if not data:
         try:
             result = subprocess.run(
@@ -121,7 +130,7 @@ def get_gpg_public_key():
                 check=True,
             )
             data = result.stdout
-            cache.set("gpg-key-public", data, 7 * 86400)
+            cache.set(cache_key, data, 7 * 86400)
             delete_configuration_error("GPG key public")
         except (subprocess.CalledProcessError, OSError) as error:
             report_error(cause="GPG key public")