CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Replace sq-keyring-linter with sq >= 0.31.0

Browse Source
This commit is contained in:
David Runge 2023-07-09 15:33:22 +02:00
parent f3d2c171e7
commit 3365f8607c
No known key found for this signature in database
GPG Key ID: 139B09DA5BF0D338
4 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -24,12 +24,11 @@ Build:
Runtime: Runtime:
* python * python
* sequoia-sq * sequoia-sq >= 0.31.0
Optional: Optional:
* hopenpgp-tools (verify) * hopenpgp-tools (verify)
* sq-keyring-linter (verify)
* git (ci) * git (ci)
## Usage ## Usage

2
libkeyringctl/ci.py
View File

@ -10,7 +10,7 @@ from .verify import verify
def ci(working_dir: Path, keyring_root: Path, project_root: Path) -> None: def ci(working_dir: Path, keyring_root: Path, project_root: Path) -> None:
"""Verify certificates against modern expectations using sq-keyring-linter and hokey """Verify certificates against modern expectations using `sq keyring lint` and hokey
Currently only newly added certificates will be checked against the expectations as existing Currently only newly added certificates will be checked against the expectations as existing
keys are not all fully compatible with those assumptions. keys are not all fully compatible with those assumptions.

2
libkeyringctl/cli.py
View File

@ -118,7 +118,7 @@ verify_parser.add_argument(
) )
verify_parser.add_argument("--no-lint-hokey", dest="lint_hokey", action="store_false", help="Do not run hokey lint") verify_parser.add_argument("--no-lint-hokey", dest="lint_hokey", action="store_false", help="Do not run hokey lint")
verify_parser.add_argument( verify_parser.add_argument(
"--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq-keyring-linter" "--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq keyring lint"
) )
verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True) verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True)

6
libkeyringctl/verify.py
View File

@ -29,7 +29,7 @@ def verify( # noqa: ignore=C901
lint_hokey: bool = True, lint_hokey: bool = True,
lint_sq_keyring: bool = True, lint_sq_keyring: bool = True,
) -> None: ) -> None:
"""Verify certificates against modern expectations using sq-keyring-linter and hokey """Verify certificates against modern expectations using `sq keyring lint` and hokey
Parameters Parameters
---------- ----------
@ -38,7 +38,7 @@ def verify( # noqa: ignore=C901
sources: A list of username, fingerprint or directories from which to read PGP packet information sources: A list of username, fingerprint or directories from which to read PGP packet information
(defaults to `keyring_root`) (defaults to `keyring_root`)
lint_hokey: Whether to run hokey lint lint_hokey: Whether to run hokey lint
lint_sq_keyring: Whether to run sq-keyring-linter lint_sq_keyring: Whether to run sq keyring lint
""" """
if not sources: if not sources:
@ -71,7 +71,7 @@ def verify( # noqa: ignore=C901
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="") print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
if lint_sq_keyring: if lint_sq_keyring:
print(system(["sq-keyring-linter", f"{str(keyring_path)}"]), end="") print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901 def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901