update
This commit is contained in:
parent
c9f1da7027
commit
ea131e4bc1
4
Makefile
4
Makefile
@ -39,10 +39,10 @@ test:
|
||||
coverage report --fail-under=100.0
|
||||
|
||||
build: $(SOURCES)
|
||||
./keyringctl -v $(BUILD_DIR)
|
||||
./keyringctl -v build
|
||||
|
||||
wkd: build
|
||||
sq -f wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
|
||||
sq -f network wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
|
||||
|
||||
wkd_inspect: wkd
|
||||
for file in $(WKD_BUILD_DIR)/.well-known/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect $$file; done
|
||||
|
@ -1,3 +0,0 @@
|
||||
2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09:4:
|
||||
597244DBEA52EC6EFE5F36A4FDD42A59FD43C07B:4:
|
||||
9E646BB0630C8FD18ACD15541B93E6A766CD229D:4:
|
@ -1,86 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xjMEZNlVYBYJKwYBBAHaRw8BAQdAqrHl4S2UIU1DVv75VVqxYWzMXIj6DUYOEdx5
|
||||
9S54zibNO0tldmluIE11w7FveiAoQ2liZXJTZWN1cml0eSBFbmdpbmVlcikgPGtt
|
||||
dW5vekBjb25kb3Jicy5uZXQ+wpAEExYIADgWIQQrnSK0HyrxBCv85zo8oLnfG+fO
|
||||
CQUCZNlVYAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA8oLnfG+fOCS2Y
|
||||
AP9NkmVFAljJiYFLtc7o1xB3xT/qtfJKw95khnhQFLqd5AEAsb5vlZ/bDvb56Yge
|
||||
a+O/ar+qpq1q+cGvnUx2/OGPJg7CdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9
|
||||
Q8B7BQJk9L04AAoJEP3UKln9Q8B7tsUBAI3bUgjtoc57+lpT+Nfa/JDfddLejElW
|
||||
mZBITOnpHtT9AQDPBcKJwR4BXdPvXKYizEUq758weamJJK+YC/OHFQGHBM07S2V2
|
||||
aW4gTXXDsW96IChDeWJlclNlY3VyaXR5IEVuZ2luZWVyKSA8a211bm96QGNvbmRv
|
||||
cmJzLm5ldD7CwGYEExYIAM4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEW
|
||||
IQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZOd3g0MUgAAAAAAQACpwcm9vZkBhcmlh
|
||||
ZG5lLmlkaHR0cHM6Ly9tYXN0b2Rvbi5jZW50YXVyaWNvcmV4Lm5ldC9Aa211bm96
|
||||
ThSAAAAAABAANXByb29mQGFyaWFkbmUuaWRodHRwczovL3QubWUvRXJyb3I0MDRI
|
||||
YWNrZXJOb3RGb3VuZD9wcm9vZj1QZWxvY29uY2hhMwAKCRA8oLnfG+fOCTTjAP9f
|
||||
6xcZSQeJ1uoudcekhEAs9aPZnfExnSWFC0agXDOV5QD/eqjVyUJGyyEPM9yiDOFv
|
||||
Xuy7F54UKlzGeEEGAiJAcADCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7
|
||||
BQJk9L0xAAoJEP3UKln9Q8B7VRoA/3W2b2yzRIw/jz6HKGrCKPBZ4YSFqDU0WHau
|
||||
wcm9kkjrAQCsbcVMj1+nrYqLPqt2EaGoI0vL7HNqkDFtZBJ1sOXgA84zBGTZVm8W
|
||||
CSsGAQQB2kcPAQEHQFdn0G+sy9PxbV67iR8YmLpVtAv0VXSR+bv7LXWeFwmqwngE
|
||||
GBYIACAWIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNlWbwIbIAAKCRA8oLnfG+fO
|
||||
CcclAP9vH93UilCUalYkdkg0IIimuOrYJAFE3PoYzM3Yfh9VSAD/b750y/y65soK
|
||||
AhwaVWI0mD+2ktStLv5GQQVsD9aYqALOOARk2Va/EgorBgEEAZdVAQUBAQdARB6y
|
||||
g2ApZUudIRWiTyl30XISWQZjXMMpeyJlpVhxNGQDAQgHwngEGBYIACAWIQQrnSK0
|
||||
HyrxBCv85zo8oLnfG+fOCQUCZNlWvwIbDAAKCRA8oLnfG+fOCU8IAP43YS3bfntH
|
||||
ouOiZk7UuxLbHeXQl6YkBTgO0W+uKTPtrwD8CBgI2PEDktTsoBkDQxKzGJRmCRwn
|
||||
aK1yIipT/mwQEQ/GMwRk74e+FgkrBgEEAdpHDwEBB0DRmBzOdoNSNtQoyh3Q7VM8
|
||||
DDPO3/Svh6UGE7Dsxtdbic0uIChDb25kb3JCUyBNYXN0ZXIgS2V5KSA8Y29udGFj
|
||||
dG9AY29uZG9yYnMubmV0PsKQBBMWCAA4FiEEWXJE2+pS7G7+Xzak/dQqWf1DwHsF
|
||||
AmTvh74CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/dQqWf1DwHsavAEA
|
||||
nrULtiu3Y7DozXJrc3qig9nBfUmy5MrqCM0F4h0gvNABAPR+lv2nK1qj8RnXwv8W
|
||||
W2DQ0Ay/hENwAqVyUE9x8kcGzjMEZO+KdRYJKwYBBAHaRw8BAQdAYbnrkxnt+czK
|
||||
37JQ26fC0VrmdCfCSHn2xoECi99TBOHCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3U
|
||||
Kln9Q8B7BQJk74p1AhsgAAoJEP3UKln9Q8B7gNkA/ROCE7kfkv47989kajklGJjP
|
||||
hQwMbPvgsbE+nSAk740/AQC2RDCFK2O12nTpgLWlhgTmRdrUtMphW+nJGLJ/atGi
|
||||
B844BGTvijUSCisGAQQBl1UBBQEBB0BZDz+DYUKdCrEn4YYk77LKruz8oExl0Iu0
|
||||
Hh+M/lHeSQMBCAfCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk74o1
|
||||
AhsMAAoJEP3UKln9Q8B79DUA/AyMo+fm7r+pzyJJk1uZWgTgSA4BhLpZNUBytVXu
|
||||
sXp9AP9n6mXXMx8Ki4OIc7hmaUWN40vZ5e5kFkKT+VaERW7/DcaTBGTJlSETBSuB
|
||||
BAAjBCMEADIOqFyLQXzfaJ/cY4mZbtdoCdbSyIeR/KG2AtYXXPHaeSPf69kg8jKH
|
||||
Sq92AkWi57zva5MKCfBu2mNFl8o+Dv3NAL6LC5w71C6AXsUAelR7TJFnvboGwdHG
|
||||
QeeBCSa/qXWiVIpjsmU9F90DJkkYUwa4gIZ1P55PSg34mRMjDG/LmRI5zVBKZXN1
|
||||
cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5kIERldmVs
|
||||
b3BlcikgPGpvcnRlZ2FAY29uZG9yYnMubmV0PsLAEwQTEwoAOBYhBJ5ka7BjDI/R
|
||||
is0VVBuT5qdmzSKdBQJkyegfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
|
||||
EBuT5qdmzSKdD/wCCQHcb/w21KKkRkZ8HXBARcKmYtdv7/ivSBoC7L5jsgJZbiJ6
|
||||
f2lhvMOojtRnK+7s+QoUPqgsDwXt3AUETYhN3udpXwII1I7xDut5yMAgoBEVDamm
|
||||
g2aK5VWFJTRvyjtWyfAU+oiWCNq7o9dI7d0/BzkA+0foBNysntr90Do/Ie10gxdH
|
||||
t2XCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk9MSHAAoJEP3UKln9
|
||||
Q8B7Yu4A/212jMoLDU9SkO98vILe8pzsQWolKQNhGHI1iZz6DvS2AQC0poP2EsZV
|
||||
jsTtLv4wfHdOE59zPuCn2ZNHOtn/80WzCcJ1BBAWCAAdFiEEK50itB8q8QQr/Oc6
|
||||
PKC53xvnzgkFAmTamuwACgkQPKC53xvnzglqmQEA90Gox/7Wkf7qoT4ma7t8aPsp
|
||||
bwot2bs2qC0mAjH1lIgBALgH7rJse0XLY8vJPdv966Aols9R4JsBrQF3wwAMYLgN
|
||||
zVpKZXN1cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5k
|
||||
IERldmVsb3BlcikgPG1hcnRpbi5vcnRlZ2EuYXJhc2hpQGdtYWlsLmNvbT7CwBME
|
||||
ExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp0QIbAwULCQgHAgYVCgkI
|
||||
CwIEFgIDAQIeAQIXgAAKCRAbk+anZs0indBjAgkBGFbgUf7gtpK6pwkX4DcNWUAz
|
||||
jjp6s2lRbHQhkat6I7nn0gr7Vgp0OUxeCJqDbpdVco0zZAauweEDBT350vF8LgUC
|
||||
B07VsXWg9P0BIqWNepwV/Lj63Zf/ye/UExOXm716wI/tVn3FRGKsimSUnBg1wO1F
|
||||
YxlJfjGswGeR2f7HTwTAubNNwnUEEBYIAB0WIQRZckTb6lLsbv5fNqT91CpZ/UPA
|
||||
ewUCZPTEgQAKCRD91CpZ/UPAe0rYAQCl6lPg73DMmTeAUV1Uqi2nyMjNIefvEtUY
|
||||
2uabv8FvMwD9FiFMI0yDbmocc/sYuHcQqZhxzBJDlOYymnjw9OAv+QPCdQQQFggA
|
||||
HRYhBCudIrQfKvEEK/znOjygud8b584JBQJk2prsAAoJEDygud8b584JLUsA/jgR
|
||||
XXhniU635eJUVTOYG6OrrSbj9u9ONsHvu0P0u816AQCN5SQ+iLcm0fFYEwodwkPT
|
||||
sudZLSGqt2U/EWX12nlTCM1ZSmVzdXMgTWFydGluIE9ydGVnYSBNYXJ0aW5leiAo
|
||||
U3lzYWRtaW4vQmFja2VuZCBEZXZlbG9wZXIpIDxtYXJ0aW5vcnRlZ2FAY2llbmNp
|
||||
YXMudW5hbS5teD7CwBQEExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp
|
||||
fwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAbk+anZs0inZqDAgkByLGd
|
||||
+av82alglrShLrBgHrX2l6STeAzN4toFfdVdse6zen8o89wEirQ1uMZ7pXulzAdb
|
||||
ap30irjfMf8u0YMJWdgCCQEK/0TNGltdCsw21zd8eJH+9sJEh4/gtWdBhxMiYWHv
|
||||
6euWavTUWXiDLggwQXTJ2kUzDBMt0DXwKmNVYnKxos+iB8J1BBAWCAAdFiEEWXJE
|
||||
2+pS7G7+Xzak/dQqWf1DwHsFAmT0xIgACgkQ/dQqWf1DwHsBCAEA9U7+hsnnIAPC
|
||||
L3hR3xlUbrP4QoAKEnODzDMliNecqckBAPhTZWbJrnhrpZH7JDKcDJqfwZFWItz7
|
||||
QY2thvcjUYIHwnUEEBYIAB0WIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNqa7AAK
|
||||
CRA8oLnfG+fOCS0rAQCJXdLjaSluAAs2/llUmSyNMEiHrewhW/1xMGT+flLeJwD+
|
||||
IbKRpqVSnxdv1Zf1l7V4twaNTR9Szn+y79/iAXKi3QrOlwRkyZUhEgUrgQQAIwQj
|
||||
BAG1EFibPYiRvzU2DYNDW819tK896ACcEaB4Fdyk3+iWQI/L9mWScptx+XcgpByU
|
||||
UWLn47Gf3ACXtyNSIQnYjmHBegAbPkHv6yP5hwWr6uDRhxepZm2DOq0dcSW8HxwW
|
||||
5rVeVVfn97yeWUUiZKxajL5LHTF+TCemfqOSy9sAJFYAKm4HxgMBCgnCuwQYEwoA
|
||||
IBYhBJ5ka7BjDI/Ris0VVBuT5qdmzSKdBQJkyZUhAhsMAAoJEBuT5qdmzSKdQ7oC
|
||||
CIYeYcvDgfp7jFeoh5qAi85gZhlaOncvh+WCiA5R637TjM9XQaIfhoRuiM+VL1CC
|
||||
Kzq7NWx2S+DZpNWVPWY2vChaAgkBJC6GG5u2gq8zU6o84ThaDd0kZe3jfmhg8O8K
|
||||
13tpOV6ovOjgK7kCtILqYsnW7RmZ4YEhfYUJtuhIe7CkI1xrpo0=
|
||||
=N+0o
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,11 +1,15 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
|
||||
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
|
||||
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
|
||||
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
|
||||
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
|
||||
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
|
||||
xnhBBgIiQHAA
|
||||
=kX0Z
|
||||
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
|
||||
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
|
||||
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
|
||||
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
|
||||
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
|
||||
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
|
||||
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
|
||||
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
|
||||
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
|
||||
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
|
||||
C54282BJtgI=
|
||||
=Ak/D
|
||||
-----END PGP SIGNATURE-----
|
||||
|
@ -1,11 +1,15 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
|
||||
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
|
||||
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
|
||||
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
|
||||
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
|
||||
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
|
||||
xnhBBgIiQHAA
|
||||
=kX0Z
|
||||
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
|
||||
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
|
||||
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
|
||||
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
|
||||
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
|
||||
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
|
||||
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
|
||||
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
|
||||
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
|
||||
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
|
||||
C54282BJtgI=
|
||||
=Ak/D
|
||||
-----END PGP SIGNATURE-----
|
||||
|
@ -1,6 +1,8 @@
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from collections import defaultdict
|
||||
from enum import Enum
|
||||
from enum import unique
|
||||
from itertools import chain
|
||||
from logging import debug
|
||||
from logging import error
|
||||
@ -50,6 +52,18 @@ from .util import transform_fd_to_tmpfile
|
||||
PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S"
|
||||
|
||||
|
||||
@unique
|
||||
class PacketType(Enum):
|
||||
"""All understood OpenPGP packet types and the file endings as output by `sq packet split`"""
|
||||
|
||||
PUBLIC_KEY = "Public-Key Packet"
|
||||
USER_ID = "User ID Packet"
|
||||
USER_ATTRIBUTE = "User Attribute Packet"
|
||||
PUBLIC_SUBKEY = "Public-Subkey Packet"
|
||||
SECRET_KEY = "Secret-Key Packet"
|
||||
SIGNATURE = "Signature Packet"
|
||||
|
||||
|
||||
def is_pgp_fingerprint(string: str) -> bool:
|
||||
"""Returns whether the passed string looks like a PGP (long) fingerprint
|
||||
|
||||
@ -375,14 +389,14 @@ def convert_certificate(
|
||||
|
||||
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
||||
debug(f"Processing packet {packet.name}")
|
||||
if packet.name.endswith("--PublicKey"):
|
||||
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
|
||||
current_packet_mode = "pubkey"
|
||||
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
||||
current_packet_uid = None
|
||||
|
||||
certificate_fingerprint = current_packet_fingerprint
|
||||
pubkey = packet
|
||||
elif packet.name.endswith("--UserID"):
|
||||
elif packet.name.endswith(PacketType.USER_ID.value):
|
||||
current_packet_mode = "uid"
|
||||
current_packet_fingerprint = None
|
||||
current_packet_uid = Uid(packet_dump_field(packet, "Value"))
|
||||
@ -392,17 +406,17 @@ def convert_certificate(
|
||||
f"Duplicate User ID {current_packet_uid} used in packet {uids[current_packet_uid]} and {packet}"
|
||||
)
|
||||
uids[current_packet_uid] = packet
|
||||
elif packet.name.endswith("UserAttribute"):
|
||||
elif packet.name.endswith(PacketType.USER_ATTRIBUTE.value):
|
||||
current_packet_mode = "uattr"
|
||||
current_packet_fingerprint = None
|
||||
current_packet_uid = None
|
||||
elif packet.name.endswith("--PublicSubkey"):
|
||||
elif packet.name.endswith(PacketType.PUBLIC_SUBKEY.value):
|
||||
current_packet_mode = "subkey"
|
||||
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
||||
current_packet_uid = None
|
||||
|
||||
subkeys[current_packet_fingerprint] = packet
|
||||
elif packet.name.endswith("--SecretKey"):
|
||||
elif packet.name.endswith(PacketType.SECRET_KEY.value):
|
||||
error(
|
||||
"\n###################################################################\n"
|
||||
"Do not ever process your private key file!\n"
|
||||
@ -410,7 +424,7 @@ def convert_certificate(
|
||||
"###################################################################"
|
||||
)
|
||||
raise Exception("Secret key detected, aborting")
|
||||
elif packet.name.endswith("--Signature"):
|
||||
elif packet.name.endswith(PacketType.SIGNATURE.value):
|
||||
convert_signature_packet(
|
||||
packet=packet,
|
||||
current_packet_mode=current_packet_mode,
|
||||
@ -953,7 +967,7 @@ def get_fingerprints_from_keyring_files(working_dir: Path, source: Iterable[Path
|
||||
for key in keys:
|
||||
for certificate in keyring_split(working_dir=working_dir, keyring=key, preserve_filename=True):
|
||||
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
||||
if packet.name.endswith("--PublicKey"):
|
||||
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
|
||||
fingerprints[Fingerprint(packet_dump_field(packet, "Fingerprint"))] = Username(certificate.stem)
|
||||
|
||||
debug(f"Fingerprints of PGP public keys in {source}: {fingerprints}")
|
||||
@ -1133,19 +1147,19 @@ def build(
|
||||
target_dir.mkdir(parents=True, exist_ok=True)
|
||||
target_dir.touch()
|
||||
|
||||
keyring: Path = target_dir / Path("archlinux.gpg")
|
||||
keyring: Path = target_dir / Path("condorcore.gpg")
|
||||
export(working_dir=working_dir, keyring_root=keyring_root, output=keyring)
|
||||
|
||||
trusted_main_keys = export_ownertrust(
|
||||
certs=[keyring_root / "main"],
|
||||
keyring_root=keyring_root,
|
||||
output=target_dir / "archlinux-trusted",
|
||||
output=target_dir / "condorcore-trusted",
|
||||
)
|
||||
export_revoked(
|
||||
certs=[keyring_root],
|
||||
keyring_root=keyring_root,
|
||||
main_keys=set(trusted_main_keys),
|
||||
output=target_dir / "archlinux-revoked",
|
||||
output=target_dir / "condorcore-revoked",
|
||||
)
|
||||
|
||||
|
||||
|
@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa
|
||||
keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute()
|
||||
|
||||
with cwd(keyring_dir):
|
||||
system(["sq", "keyring", "split", "--prefix", "", str(keyring)])
|
||||
system(["sq", "toolbox", "keyring", "split", str(keyring)])
|
||||
|
||||
keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir()))
|
||||
|
||||
@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force
|
||||
The result if no output file has been used
|
||||
"""
|
||||
|
||||
cmd = ["sq", "keyring", "merge"]
|
||||
cmd = ["sq", "toolbox", "keyring", "merge"]
|
||||
if force:
|
||||
cmd.insert(1, "--force")
|
||||
if output:
|
||||
@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]:
|
||||
packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute()
|
||||
|
||||
with cwd(packet_dir):
|
||||
system(["sq", "packet", "split", "--prefix", "", str(certificate)])
|
||||
system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)])
|
||||
return natural_sort_path(packet_dir.iterdir())
|
||||
|
||||
|
||||
@ -121,7 +121,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool
|
||||
The result if no output file has been used
|
||||
"""
|
||||
|
||||
cmd = ["sq", "packet", "join"]
|
||||
cmd = ["sq", "toolbox", "packet", "join"]
|
||||
if force:
|
||||
cmd.insert(1, "--force")
|
||||
packets_str = list(map(lambda path: str(path), packets))
|
||||
@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str:
|
||||
The contents of the packet dump
|
||||
"""
|
||||
|
||||
return system(["sq", "packet", "dump", str(packet)])
|
||||
return system(["sq", "toolbox", "packet", "dump", str(packet)])
|
||||
|
||||
|
||||
def packet_dump_field(packet: Path, query: str) -> str:
|
||||
@ -336,7 +336,7 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str:
|
||||
The result of the extract in case output is None
|
||||
"""
|
||||
|
||||
cmd = ["sq", "key", "extract-cert", str(key)]
|
||||
cmd = ["sq", "toolbox", "extract-cert", str(key)]
|
||||
if output:
|
||||
cmd.extend(["--output", str(output)])
|
||||
return system(cmd)
|
||||
@ -357,7 +357,7 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s
|
||||
The result of the certification in case output is None
|
||||
"""
|
||||
|
||||
cmd = ["sq", "certify", str(key), str(certificate), uid]
|
||||
cmd = ["sq", "pki", "certify", str(key), str(certificate), uid]
|
||||
if output:
|
||||
cmd.extend(["--output", str(output)])
|
||||
return system(cmd)
|
||||
|
@ -202,15 +202,15 @@ def trust_icon(trust: Trust) -> str:
|
||||
-------
|
||||
The single character icon representing the passed trust status
|
||||
"""
|
||||
if trust == Trust.revoked:
|
||||
return "✗"
|
||||
if trust == Trust.unknown:
|
||||
return "~"
|
||||
if trust == Trust.marginal:
|
||||
return "~"
|
||||
if trust == Trust.full:
|
||||
return "✓"
|
||||
return "?"
|
||||
icon = "?"
|
||||
match trust:
|
||||
case Trust.revoked:
|
||||
icon = "✗"
|
||||
case Trust.unknown | Trust.marginal:
|
||||
icon = "~"
|
||||
case Trust.full:
|
||||
icon = "✓"
|
||||
return icon
|
||||
|
||||
|
||||
def trust_color(trust: Trust) -> Color:
|
||||
|
@ -68,10 +68,10 @@ def verify( # noqa: ignore=C901
|
||||
)
|
||||
|
||||
if lint_hokey:
|
||||
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
|
||||
keyring_fd = Popen(("sq", "toolbox", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
|
||||
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
|
||||
if lint_sq_keyring:
|
||||
print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
|
||||
print(system(["sq", "cert", "lint", f"{str(keyring_path)}"]), end="")
|
||||
|
||||
|
||||
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901
|
||||
|
@ -409,12 +409,12 @@ def test_convert_signature_packet(
|
||||
(
|
||||
Path("foo.asc"),
|
||||
[
|
||||
Path("--PublicKey"),
|
||||
Path("--Signature"),
|
||||
Path("--UserID"),
|
||||
Path("--UserAttribute"),
|
||||
Path("--PublicSubkey"),
|
||||
Path("--Signature"),
|
||||
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||
Path(keyring.PacketType.SIGNATURE.value),
|
||||
Path(keyring.PacketType.USER_ID.value),
|
||||
Path(keyring.PacketType.USER_ATTRIBUTE.value),
|
||||
Path(keyring.PacketType.PUBLIC_SUBKEY.value),
|
||||
Path(keyring.PacketType.SIGNATURE.value),
|
||||
],
|
||||
[
|
||||
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
||||
@ -427,10 +427,10 @@ def test_convert_signature_packet(
|
||||
(
|
||||
Path("foo.asc"),
|
||||
[
|
||||
Path("--PublicKey"),
|
||||
Path("--Signature"),
|
||||
Path("--UserID"),
|
||||
Path("--UserID"),
|
||||
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||
Path(keyring.PacketType.SIGNATURE.value),
|
||||
Path(keyring.PacketType.USER_ID.value),
|
||||
Path(keyring.PacketType.USER_ID.value),
|
||||
],
|
||||
[
|
||||
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
||||
@ -443,7 +443,7 @@ def test_convert_signature_packet(
|
||||
(
|
||||
Path("foo.asc"),
|
||||
[
|
||||
Path("--SecretKey"),
|
||||
Path(keyring.PacketType.SECRET_KEY.value),
|
||||
],
|
||||
[],
|
||||
None,
|
||||
@ -461,7 +461,7 @@ def test_convert_signature_packet(
|
||||
(
|
||||
Path("foo.asc"),
|
||||
[
|
||||
Path("--PublicKey"),
|
||||
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||
],
|
||||
[
|
||||
None,
|
||||
|
@ -166,7 +166,7 @@ def test_inspect(
|
||||
def test_packet_dump(system_mock: Mock) -> None:
|
||||
system_mock.return_value = "return"
|
||||
assert sequoia.packet_dump(packet=Path("packet")) == "return"
|
||||
system_mock.called_once_with(["sq", "packet", "dump", "packet"])
|
||||
system_mock.assert_called_once_with(["sq", "toolbox", "packet", "dump", "packet"])
|
||||
|
||||
|
||||
@mark.parametrize(
|
||||
|
7
wkd_sync/archlinux-keyring-wkd-sync
Executable file → Normal file
7
wkd_sync/archlinux-keyring-wkd-sync
Executable file → Normal file
@ -13,14 +13,11 @@
|
||||
|
||||
set -eu
|
||||
|
||||
readonly main_key_domain_match="@master-key.archlinux.org$"
|
||||
readonly packager_domain_match="@archlinux.org$"
|
||||
readonly main_key_domain_match="@condorbs.net$"
|
||||
readonly packager_domain_match="@condorbs.net$"
|
||||
readonly homedir="$(pacman-conf GPGDir)"
|
||||
# fingerprints of keys with SHA-1 self-signatures (no longer used)
|
||||
readonly invalid_fingerprints=(
|
||||
0F334D8698881578F65D2AE55ED514A45BD5C938 # djgera@archlinux.org
|
||||
F4DDD6DDCEC320B665F502AAE8F18BA1615137BC # ibiru@archlinux.org
|
||||
EA84EA00866F51FB10CD19AE426991CD8406FFF3 # ronald@archlinux.org
|
||||
)
|
||||
|
||||
domain_match=""
|
||||
|
Loading…
Reference in New Issue
Block a user