Merge into devel : make-zeca-useful : Code : Launchpad itself

Status:	Merged
Merged at revision:	not available
Proposed branch:	lp:~wgrant/launchpad/make-zeca-useful
Merge into:	lp:launchpad
Diff against target:	None lines
To merge this branch:	bzr merge lp:~wgrant/launchpad/make-zeca-useful
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Celso Providelo (community)	code	2009-08-19	Needs Fixing on 2009-08-19
Review via email: mp+10431@code.launchpad.net

Revision history for this message

William Grant (wgrant) wrote on 2009-08-19:

#

= Summary =

canonical.zeca (the Launchpad testing keyserver) is very close to usable for a full local Launchpad instance. It allows key uploads, downloads and fingerprint searches, but doesn't support key ID searches (which gpg uses to retrieve unknown keys).

This branch makes it support key ID searches, and also moves the test zeca data directory to avoid clobbering development keys when running the test suite.

== Proposed fix ==

zeca should attempt to glob to match a key ID to a fingerprint.

== Pre-implementation notes ==

I discussed this a little with cprov, and he seemed to not think that this approach was entirely crackful.

== Implementation details ==

Nothing particularly special.

== Tests ==

I've extended the zeca tests to verify the new behaviour.

$ bin/test -vv canonical.zeca

Revision history for this message

Celso Providelo (cprov) wrote on 2009-08-19:

#

Willian,

This change is definitely going in the right direction, thanks for proposing it!

On the current diff I can only point the fact that, when found by glob, the key file content is not escaped, which will result in a broken HTML page.

As we discussed on IRC, we could take the opportunity to extract the code used to locate key files and make this part of the application much nicer than it is, maybe plugging new key lookup mechanisms later.

I'd suggest locate_key(root, term), 'root' is static, but it might be easier to pass it in. Doing that we can also cover most of its aspects with unittests.

Looking forward to see the incremental patch.

review: Needs Fixing (code)

Revision history for this message

William Grant (wgrant) wrote on 2009-08-20:

#

On Wed, 2009-08-19 at 23:38 +0000, Celso Providelo wrote:
> Review: Needs Fixing code
> Willian,
>
> This change is definitely going in the right direction, thanks for proposing it!
>
> On the current diff I can only point the fact that, when found by glob, the key file content is not escaped, which will result in a broken HTML page.

Fixed. Oops.

> As we discussed on IRC, we could take the opportunity to extract the code used to locate key files and make this part of the application much nicer than it is, maybe plugging new key lookup mechanisms later.
>
> I'd suggest locate_key(root, term), 'root' is static, but it might be easier to pass it in. Doing that we can also cover most of its aspects with unittests.

I've extracted it into c.z.z.locate_key, with tests in
c.z.z.ftests.test_locate_key.

I considered removing some of the tests from c.z.z.ftests.harness, but
they're short and relevant enough that it seems good to leave them
there.

> Looking forward to see the incremental patch.

Thanks for the review! The diff is attached.

--
William Grant

take-two.diff

Revision history for this message

Celso Providelo (cprov) wrote on 2009-08-20:

#

Download full text (7.7 KiB)

Hi Willian,

Thanks for addressing my comments, there are other minor suggestions
inline, but nothing special.

Review approved.

> === modified file 'configs/testrunner/launchpad-lazr.conf'
> --- configs/testrunner/launchpad-lazr.conf 2009-07-29 18:53:51 +0000
> +++ configs/testrunner/launchpad-lazr.conf 2009-08-20 13:09:20 +0000
> @@ -195,3 +195,6 @@
>
> [vhosts]
> use_https: False
> +
> +[zeca]
> +root: /var/tmp/zeca.test
>

Good change, I forgot to mention it before. Tests won't mess with you
production setup.

> === modified file 'lib/canonical/zeca/ftests/harness.py'
> --- lib/canonical/zeca/ftests/harness.py 2009-06-25 05:30:52 +0000
> +++ lib/canonical/zeca/ftests/harness.py 2009-08-20 13:09:20 +0000
> @@ -41,6 +41,8 @@
> ...
> <title>Results for Key 0xDFD20543</title>
> ...
> + pub 1024D/DFD20543 2005-04-13 Sample Person (revoked) <<email address hidden>>
> + ...
>
> A key content lookup form via GET.
>
> @@ -52,6 +54,41 @@
> ...
> <title>Results for Key 0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543</title>
> ...
> + -----BEGIN PGP PUBLIC KEY BLOCK-----
> + Version: GnuPG v1.4.9 (GNU/Linux)
> + <BLANKLINE>
> + mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
> + ...
> +
> + We can also request a key ID instead of a fingerprint, and it will glob
> + for the fingerprint.
> +
> + >>> print urlopen(
> + ... '%s/pks/lookup?op=get&'
> + ... 'search=0xDFD20543' % root_url
> + ... ).read()
> + <html>
> + ...
> + <title>Results for Key 0xDFD20543</title>
> + ...
> + -----BEGIN PGP PUBLIC KEY BLOCK-----
> + Version: GnuPG v1.4.9 (GNU/Linux)
> + <BLANKLINE>
> + mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
> + ...
> +
> + If we request a nonexistent key, we get a nice error.
> +
> + >>> print urlopen(
> + ... '%s/pks/lookup?op=get&'
> + ... 'search=0xDFD20544' % root_url
> + ... ).read()
> + <html>
> + ...
> + <title>Results for Key 0xDFD20544</title>
> + ...
> + Key Not Found
> + ...
>
> A key submit form via POST (see doc/gpghandler.txt for more information).
>

Cool! functional tests documenting key-lookups using keyids.

> === added file 'lib/canonical/zeca/ftests/test_locate_key.py'
> --- lib/canonical/zeca/ftests/test_locate_key.py 1970-01-01 00:00:00 +0000
> +++ lib/canonical/zeca/ftests/test_locate_key.py 2009-08-20 13:09:20 +0000
> @@ -0,0 +1,43 @@
> +# Copyright 2009 Canonical Ltd. This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +import unittest
> +import os.path
> +
> +from canonical.zeca.zeca import locate_key
> +
> +
> +class LocateKeyTestCase(unittest.TestCase):
> + root = os.path.join(os.path.dirname(__file__), 'keys')
> +
> + def assertKeyFile(self, suffix, filename):
> + """Verify that a suffix maps to the given filename."""
> +
> + if filename is not None:
> + filename = os.path.join(self.root, filename)
> + self.assertEqual(locate_key(self.root, suffix), filename)
> +
> + def test_exact_fingerprint_match(self):
> + ...

Hi Willian,

Thanks for addressing my comments, there are other minor suggestions
inline, but nothing special.

Review approved.

> === modified file 'configs/testrunner/launchpad-lazr.conf'
> --- configs/testrunner/launchpad-lazr.conf	2009-07-29 18:53:51 +0000
> +++ configs/testrunner/launchpad-lazr.conf	2009-08-20 13:09:20 +0000
> @@ -195,3 +195,6 @@
>
>  [vhosts]
>  use_https: False
> +
> +[zeca]
> +root: /var/tmp/zeca.test
>

Good change, I forgot to mention it before. Tests won't mess with you
production setup.

> === modified file 'lib/canonical/zeca/ftests/harness.py'
> --- lib/canonical/zeca/ftests/harness.py	2009-06-25 05:30:52 +0000
> +++ lib/canonical/zeca/ftests/harness.py	2009-08-20 13:09:20 +0000
> @@ -41,6 +41,8 @@
>      ...
>      <title>Results for Key 0xDFD20543</title>
>      ...
> +    pub  1024D/DFD20543 2005-04-13 Sample Person (revoked) &lt;sample.revoked@canonical.com&gt;
> +    ...
>
>      A key content lookup form via GET.
>
> @@ -52,6 +54,41 @@
>      ...
>      <title>Results for Key 0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543</title>
>      ...
> +    -----BEGIN PGP PUBLIC KEY BLOCK-----
> +    Version: GnuPG v1.4.9 (GNU/Linux)
> +    <BLANKLINE>
> +    mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
> +    ...
> +
> +    We can also request a key ID instead of a fingerprint, and it will glob
> +    for the fingerprint.
> +
> +    >>> print urlopen(
> +    ...    '%s/pks/lookup?op=get&'
> +    ...    'search=0xDFD20543' % root_url
> +    ...    ).read()
> +    <html>
> +    ...
> +    <title>Results for Key 0xDFD20543</title>
> +    ...
> +    -----BEGIN PGP PUBLIC KEY BLOCK-----
> +    Version: GnuPG v1.4.9 (GNU/Linux)
> +    <BLANKLINE>
> +    mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
> +    ...
> +
> +    If we request a nonexistent key, we get a nice error.
> +
> +    >>> print urlopen(
> +    ...    '%s/pks/lookup?op=get&'
> +    ...    'search=0xDFD20544' % root_url
> +    ...    ).read()
> +    <html>
> +    ...
> +    <title>Results for Key 0xDFD20544</title>
> +    ...
> +    Key Not Found
> +    ...
>
>      A key submit form via POST (see doc/gpghandler.txt for more information).
>

Cool! functional tests documenting key-lookups using keyids.

> === added file 'lib/canonical/zeca/ftests/test_locate_key.py'
> --- lib/canonical/zeca/ftests/test_locate_key.py	1970-01-01 00:00:00 +0000
> +++ lib/canonical/zeca/ftests/test_locate_key.py	2009-08-20 13:09:20 +0000
> @@ -0,0 +1,43 @@
> +# Copyright 2009 Canonical Ltd.  This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +import unittest
> +import os.path
> +
> +from canonical.zeca.zeca import locate_key
> +
> +
> +class LocateKeyTestCase(unittest.TestCase):
> +    root = os.path.join(os.path.dirname(__file__), 'keys')
> +
> +    def assertKeyFile(self, suffix, filename):
> +        """Verify that a suffix maps to the given filename."""
> +
> +        if filename is not None:
> +            filename = os.path.join(self.root, filename)
> +        self.assertEqual(locate_key(self.root, suffix), filename)
> +
> +    def test_exact_fingerprint_match(self):
> +        self.assertKeyFile(
> +            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get',
> +            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
> +
> +    def test_keyid_glob_match(self):
> +        self.assertKeyFile(
> +            '0xDFD20543.get',
> +            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
> +
> +    def test_keyid_without_prefix_glob_match(self):
> +        self.assertKeyFile(
> +            'DFD20543.get',
> +            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
> +
> +    def test_keyid_no_match(self):
> +        self.assertKeyFile('0xDEADBEEF.get', None)
> +
> +

Here, for consistency with our code guideline, you should name your
test cases as: 'test_locate_key_<aspect_being_tested>'

I'm slightly worried about the multiple terms included in the variable
you call 'suffix' ('<keyid_or_fingerprint>.<operation>'), but I guess
changing it would require a deeper refactoring. Better do it later
when we have time.

> +def test_suite():
> +    suite = unittest.TestSuite()
> +    suite.addTest(unittest.makeSuite(LocateKeyTestCase))
> +    return suite
> +

One simpler way of loading all unittest at one would be:

{{{
def test_suite():
    return unittest.TestLoader().loadTestsFromName(__name__)
}}}

Since you have only one TestCase class, it's not a big deal, It's your
choice, but consider it new changes.

> === modified file 'lib/canonical/zeca/zeca.py'
> --- lib/canonical/zeca/zeca.py	2009-06-25 05:30:52 +0000
> +++ lib/canonical/zeca/zeca.py	2009-08-20 13:09:20 +0000
> @@ -9,12 +9,13 @@
>
>   - 'index' : returns key index information
>   - 'get': returns an ASCII armored public key
> -
> -It does not depend on GPG; it simply serves the information stored in
> -files at a given HOME (default to /home/keys/) with the following name
> -format:
> -
> -0x<keyid>.<operation>
> + - 'add': adds a key to the collection (does not update the index)
> +
> +It only depends on GPG for key submission; for retrieval and searching
> +it just looks for files in the root (eg. /var/tmp/zeca). The files
> +are named like this:
> +
> +0x<keyid|fingerprint>.<operation>
>

Thanks for updating this docstring.

>  Example:
>
> @@ -35,6 +36,7 @@
>      'Zeca',
>      ]
>
> +import glob
>  import os
>  import cgi
>
> @@ -50,6 +52,33 @@
>  GREETING = 'Copyright 2004-2008 Canonical Ltd.\n'

> +def locate_key(root, suffix):
> +    """Find a key file in the root with the given suffix.
> +
> +    This does some globbing to possibly find a fingerprint-named key
> +    file when given a key ID.
> +
> +    :param root: The root directory in which to look.
> +    :param suffix: The key ID or fingerprint, of the form
> +        0x<FINGERPRINT|KEYID>.<METHOD>
> +    :returns: An absolute path to the key file.
> +    """
> +    path = os.path.join(root, suffix)
> +
> +    if not os.path.exists(path):
> +        # GPG might request a key ID from us, but we name the keys by
> +        # fingerprint. Let's glob.
> +        if suffix.startswith('0x'):
> +            suffix = suffix[2:]
> +        keys = glob.glob(os.path.join(root, '*'+suffix))
> +        if len(keys) == 1:
> +            path = keys[0]
> +        else:
> +            return None
> +
> +    return path
> +
> +

Right, the 'suffix' name is mildly confusing, but the code does what
it is supposed to do. Maybe in another time we can make it clear and
completely isolate the filesystem-based key lookup.

It's already a win to allow keys to be found via keyid, one step at
time, right ?

>  class Zeca(Resource):
>      def getChild(self, name, request):
>          if name == '':
> @@ -95,15 +124,11 @@
>
>          filename = '%s.%s' % (keyid, action)
>
> -        path = os.path.join(self.root, filename)
> -
> -        try:
> -            fp = open(path)
> -        except IOError:
> +        path = locate_key(self.root, filename)
> +        if path is not None:
> +            content = cgi.escape(open(path).read())
> +        else:
>              content = 'Key Not Found'
> -        else:
> -            content = cgi.escape(fp.read())
> -            fp.close()
>
>          page += '<pre>\n%s\n</pre>\n</html>' % content
>

Nice move!

That's it, summing up, if you agree with the changes I suggested:

1. Rename new unittest test cases.
 2. Update the visible copyright on zeca home page.

we can land it.

Thanks for adopting this poor little orphan application. I glad to see
it solving problems in the real world.

[]
-- 
Celso Providelo <celso.providelo@canonical.com>
IRC: cprov,  Jabber: cprov@jabber.org, Skype: cprovidelo
1024D/681B6469 C858 2652 1A6E F6A6 037B  B3F7 9FF2 583E 681B 6469

Revision history for this message

William Grant (wgrant) wrote on 2009-08-20:

#

Hi Celso,

On Thu, 2009-08-20 at 13:36 +0000, Celso Providelo wrote:
> [snip]
> That's it, summing up, if you agree with the changes I suggested:
>
> 1. Rename new unittest test cases.
> 2. Update the visible copyright on zeca home page.
>
> we can land it.

I've fixed those, thanks! Diff attached.

take-three.diff

1	=== modified file 'lib/canonical/zeca/ftests/harness.py'
2	--- lib/canonical/zeca/ftests/harness.py 2009-08-15 03:46:59 +0000
3	+++ lib/canonical/zeca/ftests/harness.py 2009-08-20 13:44:41 +0000
4	@@ -29,7 +29,7 @@
5	>>> from urllib import urlopen
6
7	>>> print urlopen(root_url).read()
8	- Copyright 2004-2008 Canonical Ltd.
9	+ Copyright 2004-2009 Canonical Ltd.
10	<BLANKLINE>
11
12	A key index lookup form via GET.
13	@@ -105,7 +105,7 @@
14	>>> ZecaTestSetup().setUp()
15
16	>>> print urlopen(root_url).readline()
17	- Copyright 2004-2008 Canonical Ltd.
18	+ Copyright 2004-2009 Canonical Ltd.
19	<BLANKLINE>
20
21	>>> ZecaTestSetup().tearDown()
22
23	=== modified file 'lib/canonical/zeca/ftests/test_locate_key.py'
24	--- lib/canonical/zeca/ftests/test_locate_key.py 2009-08-20 00:27:11 +0000
25	+++ lib/canonical/zeca/ftests/test_locate_key.py 2009-08-20 13:50:23 +0000
26	@@ -17,22 +17,22 @@
27	filename = os.path.join(self.root, filename)
28	self.assertEqual(locate_key(self.root, suffix), filename)
29
30	- def test_exact_fingerprint_match(self):
31	+ def test_locate_key_exact_fingerprint_match(self):
32	self.assertKeyFile(
33	'0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get',
34	'0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
35
36	- def test_keyid_glob_match(self):
37	+ def test_locate_key_keyid_glob_match(self):
38	self.assertKeyFile(
39	'0xDFD20543.get',
40	'0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
41
42	- def test_keyid_without_prefix_glob_match(self):
43	+ def test_locate_key_keyid_without_prefix_glob_match(self):
44	self.assertKeyFile(
45	'DFD20543.get',
46	'0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
47
48	- def test_keyid_no_match(self):
49	+ def test_locate_key_no_match(self):
50	self.assertKeyFile('0xDEADBEEF.get', None)
51
52
53
54	=== modified file 'lib/canonical/zeca/zeca.py'
55	--- lib/canonical/zeca/zeca.py 2009-08-20 01:07:58 +0000
56	+++ lib/canonical/zeca/zeca.py 2009-08-20 13:44:16 +0000
57	@@ -49,7 +49,7 @@
58	SecretGPGKeyImportDetected)
59
60
61	-GREETING = 'Copyright 2004-2008 Canonical Ltd.\n'
62	+GREETING = 'Copyright 2004-2009 Canonical Ltd.\n'
63
64
65	def locate_key(root, suffix):

Launchpad itself

Merge lp:~wgrant/launchpad/make-zeca-useful into lp:launchpad

Commit message

Description of the change

Preview Diff

Subscribers

 === added file 'lib/canonical/zeca/ftests/test_locate_key.py'
 --- lib/canonical/zeca/ftests/test_locate_key.py	1970-01-01 00:00:00 +0000
 +++ lib/canonical/zeca/ftests/test_locate_key.py	2009-08-20 01:01:54 +0000
@@ -0,0 +1,43 @@
++# Copyright 2009 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++import unittest
++import os.path
++
++from canonical.zeca.zeca import locate_key
++
++
++class LocateKeyTestCase(unittest.TestCase):
++    root = os.path.join(os.path.dirname(__file__), 'keys')
++
++    def assertKeyFile(self, suffix, filename):
++        """Verify that a suffix maps to the given filename."""
++
++        if filename is not None:
++            filename = os.path.join(self.root, filename)
++        self.assertEqual(locate_key(self.root, suffix), filename)
++
++    def test_exact_fingerprint_match(self):
++        self.assertKeyFile(
++            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get',
++            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
++
++    def test_keyid_glob_match(self):
++        self.assertKeyFile(
++            '0xDFD20543.get',
++            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
++
++    def test_keyid_without_prefix_glob_match(self):
++        self.assertKeyFile(
++            'DFD20543.get',
++            '0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543.get')
++
++    def test_keyid_no_match(self):
++        self.assertKeyFile('0xDEADBEEF.get', None)
++
++
++def test_suite():
++    suite = unittest.TestSuite()
++    suite.addTest(unittest.makeSuite(LocateKeyTestCase))
++    return suite
++
 === modified file 'lib/canonical/zeca/zeca.py'
 --- lib/canonical/zeca/zeca.py	2009-08-15 03:47:48 +0000
 +++ lib/canonical/zeca/zeca.py	2009-08-20 01:07:44 +0000
@@ -9,12 +9,13 @@
   - 'index' : returns key index information
   - 'get': returns an ASCII armored public key
--
--It does not depend on GPG; it simply serves the information stored in
--files at a given HOME (default to /home/keys/) with the following name
--format:
--
--0x<keyid>.<operation>
++ - 'add': adds a key to the collection (does not update the index)
++
++It only depends on GPG for key submission; for retrieval and searching
++it just looks for files in the root (eg. /var/tmp/zeca). The files
++are named like this:
++
++0x<keyid|fingerprint>.<operation>
  Example:
@@ -51,6 +52,33 @@
  GREETING = 'Copyright 2004-2008 Canonical Ltd.\n'
++def locate_key(root, suffix):
++    """Find a key file in the root with the given suffix.
++
++    This does some globbing to possibly find a fingerprint-named key
++    file when given a key ID.
++
++    :param root: The root directory in which to look.
++    :param suffix: The key ID or fingerprint, of the form
++        0x<FINGERPRINT|KEYID>.<METHOD>
++    :returns: An absolute path to the key file.
++    """
++    path = os.path.join(root, suffix)
++
++    if not os.path.exists(path):
++        # GPG might request a key ID from us, but we name the keys by
++        # fingerprint. Let's glob.
++        if suffix.startswith('0x'):
++            suffix = suffix[2:]
++        keys = glob.glob(os.path.join(root, '*'+suffix))
++        if len(keys) == 1:
++            path = keys[0]
++        else:
++            return None
++
++    return path
++
++
  class Zeca(Resource):
      def getChild(self, name, request):
          if name == '':
@@ -96,22 +124,11 @@
          filename = '%s.%s' % (keyid, action)
--        try:
--            path = os.path.join(self.root, filename)
--            fp = open(path)
--        except IOError:
--            # GPG might request a key ID from us, but we name the keys by
--            # fingerprint. Let's glob.
--            if filename.startswith('0x'):
--                filename = filename[2:]
--            keys = glob.glob(os.path.join(self.root, '*'+filename))
--            if len(keys) == 1:
--                content = open(keys[0]).read()
--            else:
--                content = 'Key Not Found'
++        path = locate_key(self.root, filename)
++        if path is not None:
++            content = cgi.escape(open(path).read())
          else:
--            content = cgi.escape(fp.read())
--            fp.close()
++            content = 'Key Not Found'
          page += '<pre>\n%s\n</pre>\n</html>' % content

 === modified file 'configs/testrunner/launchpad-lazr.conf'
 --- configs/testrunner/launchpad-lazr.conf	2009-07-29 18:53:51 +0000
 +++ configs/testrunner/launchpad-lazr.conf	2009-08-15 03:43:17 +0000
@@ -195,3 +195,6 @@
  [vhosts]
  use_https: False
++
++[zeca]
++root: /var/tmp/zeca.test
 === modified file 'lib/canonical/zeca/ftests/harness.py'
 --- lib/canonical/zeca/ftests/harness.py	2009-06-25 05:30:52 +0000
 +++ lib/canonical/zeca/ftests/harness.py	2009-08-15 03:46:59 +0000
@@ -41,6 +41,8 @@
      ...
      <title>Results for Key 0xDFD20543</title>
      ...
++    pub  1024D/DFD20543 2005-04-13 Sample Person (revoked) &lt;sample.revoked@canonical.com&gt;
++    ...
      A key content lookup form via GET.
@@ -52,6 +54,41 @@
      ...
      <title>Results for Key 0xA419AE861E88BC9E04B9C26FBA2B9389DFD20543</title>
      ...
++    -----BEGIN PGP PUBLIC KEY BLOCK-----
++    Version: GnuPG v1.4.9 (GNU/Linux)
++    <BLANKLINE>
++    mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
++    ...
++
++    We can also request a key ID instead of a fingerprint, and it will glob
++    for the fingerprint.
++
++    >>> print urlopen(
++    ...    '%s/pks/lookup?op=get&'
++    ...    'search=0xDFD20543' % root_url
++    ...    ).read()
++    <html>
++    ...
++    <title>Results for Key 0xDFD20543</title>
++    ...
++    -----BEGIN PGP PUBLIC KEY BLOCK-----
++    Version: GnuPG v1.4.9 (GNU/Linux)
++    <BLANKLINE>
++    mQGiBEJdmOcRBADkNJPTBuCIefBdRAhvWyD9SSVHh8GHQWS7l9sRLEsirQkKz1yB
++    ...
++
++    If we request a nonexistent key, we get a nice error.
++
++    >>> print urlopen(
++    ...    '%s/pks/lookup?op=get&'
++    ...    'search=0xDFD20544' % root_url
++    ...    ).read()
++    <html>
++    ...
++    <title>Results for Key 0xDFD20544</title>
++    ...
++    Key Not Found
++    ...
      A key submit form via POST (see doc/gpghandler.txt for more information).
 === modified file 'lib/canonical/zeca/zeca.py'
 --- lib/canonical/zeca/zeca.py	2009-06-25 05:30:52 +0000
 +++ lib/canonical/zeca/zeca.py	2009-08-15 03:47:48 +0000
@@ -35,6 +35,7 @@
      'Zeca',
+     ]
++import glob
  import os
  import cgi
@@ -95,12 +96,19 @@
          filename = '%s.%s' % (keyid, action)
--        path = os.path.join(self.root, filename)
--
          try:
++            path = os.path.join(self.root, filename)
              fp = open(path)
          except IOError:
--            content = 'Key Not Found'
++            # GPG might request a key ID from us, but we name the keys by
++            # fingerprint. Let's glob.
++            if filename.startswith('0x'):
++                filename = filename[2:]
++            keys = glob.glob(os.path.join(self.root, '*'+filename))
++            if len(keys) == 1:
++                content = open(keys[0]).read()
++            else:
++                content = 'Key Not Found'
          else:
              content = cgi.escape(fp.read())
              fp.close()