Merge branch 'use-pysequoia' into 'master'

Draft: Convert sequoia backend to use PySequoia

See merge request archlinux/archlinux-keyring!225

.gitlab-ci.yml

@@ -24,7 +24,7 @@ test:
   stage: test
   needs: []
   before_script:
-    - pacman -Syu --needed --noconfirm make python sequoia-sq python-coverage python-pytest python-tomli
+    - pacman -Syu --needed --noconfirm make python sequoia-sq python-coverage python-pysequoia python-pytest python-tomli
   script:
     - make test
   only:

libkeyringctl/sequoia.py

@@ -5,6 +5,7 @@ from datetime import datetime
 from functools import reduce
 from pathlib import Path
 from platform import python_version_tuple
+from pysequoia import Cert
 from re import sub
 from tempfile import mkdtemp
 from typing import Dict
@@ -316,11 +317,12 @@ def key_generate(uids: List[Uid], outfile: Path) -> str:
     The result of the key generate call
     """
 
-    cmd = ["sq", "key", "generate"]
+    # Current limitation of pysequoia: only one User ID allowed
-    for uid in uids:
+    assert len(uids) == 1
-        cmd.extend(["--userid", str(uid)])
+    cert = str(Cert.generate(user_id = uids[0]))
-    cmd.extend(["--export", str(outfile)])
+    with open(outfile, "wb") as f:
-    return system(cmd)
+        f.write(cert.encode("utf8"))
+    return cert
 
 
 def key_extract_certificate(key: Path, output: Optional[Path]) -> str:
@@ -336,10 +338,13 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str:
     The result of the extract in case output is None
     """
 
-    cmd = ["sq", "key", "extract-cert", str(key)]
+    cert = Cert.from_file(str(key))
+    # Conversion to string exports only public parts
+    public = str(cert)
     if output:
-        cmd.extend(["--output", str(output)])
+        with open(output, "wb") as f:
-    return system(cmd)
+            f.write(public.encode("utf8"))
+    return public
 
 
 def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> str: