From ea131e4bc14d32d8afbb87073014be1ea981abb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kevin=20Mu=C3=B1oz?= Date: Mon, 29 Apr 2024 11:02:40 -0500 Subject: [PATCH] update --- Makefile | 4 +- build/archlinux-revoked | 0 build/archlinux-trusted | 3 - build/archlinux.gpg | 86 ------------------- ...9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc | 20 +++-- ...9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc | 20 +++-- libkeyringctl/keyring.py | 34 +++++--- libkeyringctl/sequoia.py | 14 +-- libkeyringctl/trust.py | 18 ++-- libkeyringctl/verify.py | 4 +- tests/test_keyring.py | 24 +++--- tests/test_sequoia.py | 2 +- wkd_sync/archlinux-keyring-wkd-sync | 7 +- 13 files changed, 83 insertions(+), 153 deletions(-) delete mode 100644 build/archlinux-revoked delete mode 100644 build/archlinux-trusted delete mode 100644 build/archlinux.gpg mode change 100755 => 100644 wkd_sync/archlinux-keyring-wkd-sync diff --git a/Makefile b/Makefile index a71cc7d..efa8c4b 100644 --- a/Makefile +++ b/Makefile @@ -39,10 +39,10 @@ test: coverage report --fail-under=100.0 build: $(SOURCES) - ./keyringctl -v $(BUILD_DIR) + ./keyringctl -v build wkd: build - sq -f wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE) + sq -f network wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE) wkd_inspect: wkd for file in $(WKD_BUILD_DIR)/.well-known/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect $$file; done diff --git a/build/archlinux-revoked b/build/archlinux-revoked deleted file mode 100644 index e69de29..0000000 diff --git a/build/archlinux-trusted b/build/archlinux-trusted deleted file mode 100644 index 9af5bcc..0000000 --- a/build/archlinux-trusted +++ /dev/null @@ -1,3 +0,0 @@ -2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09:4: -597244DBEA52EC6EFE5F36A4FDD42A59FD43C07B:4: -9E646BB0630C8FD18ACD15541B93E6A766CD229D:4: diff --git a/build/archlinux.gpg b/build/archlinux.gpg deleted file mode 100644 index e08d75b..0000000 --- a/build/archlinux.gpg +++ /dev/null @@ -1,86 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -xjMEZNlVYBYJKwYBBAHaRw8BAQdAqrHl4S2UIU1DVv75VVqxYWzMXIj6DUYOEdx5 -9S54zibNO0tldmluIE11w7FveiAoQ2liZXJTZWN1cml0eSBFbmdpbmVlcikgPGtt -dW5vekBjb25kb3Jicy5uZXQ+wpAEExYIADgWIQQrnSK0HyrxBCv85zo8oLnfG+fO -CQUCZNlVYAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA8oLnfG+fOCS2Y -AP9NkmVFAljJiYFLtc7o1xB3xT/qtfJKw95khnhQFLqd5AEAsb5vlZ/bDvb56Yge -a+O/ar+qpq1q+cGvnUx2/OGPJg7CdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9 -Q8B7BQJk9L04AAoJEP3UKln9Q8B7tsUBAI3bUgjtoc57+lpT+Nfa/JDfddLejElW -mZBITOnpHtT9AQDPBcKJwR4BXdPvXKYizEUq758weamJJK+YC/OHFQGHBM07S2V2 -aW4gTXXDsW96IChDeWJlclNlY3VyaXR5IEVuZ2luZWVyKSA8a211bm96QGNvbmRv -cmJzLm5ldD7CwGYEExYIAM4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEW -IQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZOd3g0MUgAAAAAAQACpwcm9vZkBhcmlh -ZG5lLmlkaHR0cHM6Ly9tYXN0b2Rvbi5jZW50YXVyaWNvcmV4Lm5ldC9Aa211bm96 -ThSAAAAAABAANXByb29mQGFyaWFkbmUuaWRodHRwczovL3QubWUvRXJyb3I0MDRI -YWNrZXJOb3RGb3VuZD9wcm9vZj1QZWxvY29uY2hhMwAKCRA8oLnfG+fOCTTjAP9f -6xcZSQeJ1uoudcekhEAs9aPZnfExnSWFC0agXDOV5QD/eqjVyUJGyyEPM9yiDOFv -Xuy7F54UKlzGeEEGAiJAcADCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7 -BQJk9L0xAAoJEP3UKln9Q8B7VRoA/3W2b2yzRIw/jz6HKGrCKPBZ4YSFqDU0WHau -wcm9kkjrAQCsbcVMj1+nrYqLPqt2EaGoI0vL7HNqkDFtZBJ1sOXgA84zBGTZVm8W -CSsGAQQB2kcPAQEHQFdn0G+sy9PxbV67iR8YmLpVtAv0VXSR+bv7LXWeFwmqwngE -GBYIACAWIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNlWbwIbIAAKCRA8oLnfG+fO -CcclAP9vH93UilCUalYkdkg0IIimuOrYJAFE3PoYzM3Yfh9VSAD/b750y/y65soK -AhwaVWI0mD+2ktStLv5GQQVsD9aYqALOOARk2Va/EgorBgEEAZdVAQUBAQdARB6y -g2ApZUudIRWiTyl30XISWQZjXMMpeyJlpVhxNGQDAQgHwngEGBYIACAWIQQrnSK0 -HyrxBCv85zo8oLnfG+fOCQUCZNlWvwIbDAAKCRA8oLnfG+fOCU8IAP43YS3bfntH -ouOiZk7UuxLbHeXQl6YkBTgO0W+uKTPtrwD8CBgI2PEDktTsoBkDQxKzGJRmCRwn -aK1yIipT/mwQEQ/GMwRk74e+FgkrBgEEAdpHDwEBB0DRmBzOdoNSNtQoyh3Q7VM8 -DDPO3/Svh6UGE7Dsxtdbic0uIChDb25kb3JCUyBNYXN0ZXIgS2V5KSA8Y29udGFj -dG9AY29uZG9yYnMubmV0PsKQBBMWCAA4FiEEWXJE2+pS7G7+Xzak/dQqWf1DwHsF -AmTvh74CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/dQqWf1DwHsavAEA -nrULtiu3Y7DozXJrc3qig9nBfUmy5MrqCM0F4h0gvNABAPR+lv2nK1qj8RnXwv8W -W2DQ0Ay/hENwAqVyUE9x8kcGzjMEZO+KdRYJKwYBBAHaRw8BAQdAYbnrkxnt+czK -37JQ26fC0VrmdCfCSHn2xoECi99TBOHCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3U -Kln9Q8B7BQJk74p1AhsgAAoJEP3UKln9Q8B7gNkA/ROCE7kfkv47989kajklGJjP -hQwMbPvgsbE+nSAk740/AQC2RDCFK2O12nTpgLWlhgTmRdrUtMphW+nJGLJ/atGi -B844BGTvijUSCisGAQQBl1UBBQEBB0BZDz+DYUKdCrEn4YYk77LKruz8oExl0Iu0 -Hh+M/lHeSQMBCAfCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk74o1 -AhsMAAoJEP3UKln9Q8B79DUA/AyMo+fm7r+pzyJJk1uZWgTgSA4BhLpZNUBytVXu -sXp9AP9n6mXXMx8Ki4OIc7hmaUWN40vZ5e5kFkKT+VaERW7/DcaTBGTJlSETBSuB -BAAjBCMEADIOqFyLQXzfaJ/cY4mZbtdoCdbSyIeR/KG2AtYXXPHaeSPf69kg8jKH -Sq92AkWi57zva5MKCfBu2mNFl8o+Dv3NAL6LC5w71C6AXsUAelR7TJFnvboGwdHG -QeeBCSa/qXWiVIpjsmU9F90DJkkYUwa4gIZ1P55PSg34mRMjDG/LmRI5zVBKZXN1 -cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5kIERldmVs -b3BlcikgPGpvcnRlZ2FAY29uZG9yYnMubmV0PsLAEwQTEwoAOBYhBJ5ka7BjDI/R -is0VVBuT5qdmzSKdBQJkyegfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ -EBuT5qdmzSKdD/wCCQHcb/w21KKkRkZ8HXBARcKmYtdv7/ivSBoC7L5jsgJZbiJ6 -f2lhvMOojtRnK+7s+QoUPqgsDwXt3AUETYhN3udpXwII1I7xDut5yMAgoBEVDamm -g2aK5VWFJTRvyjtWyfAU+oiWCNq7o9dI7d0/BzkA+0foBNysntr90Do/Ie10gxdH -t2XCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk9MSHAAoJEP3UKln9 -Q8B7Yu4A/212jMoLDU9SkO98vILe8pzsQWolKQNhGHI1iZz6DvS2AQC0poP2EsZV -jsTtLv4wfHdOE59zPuCn2ZNHOtn/80WzCcJ1BBAWCAAdFiEEK50itB8q8QQr/Oc6 -PKC53xvnzgkFAmTamuwACgkQPKC53xvnzglqmQEA90Gox/7Wkf7qoT4ma7t8aPsp -bwot2bs2qC0mAjH1lIgBALgH7rJse0XLY8vJPdv966Aols9R4JsBrQF3wwAMYLgN -zVpKZXN1cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5k -IERldmVsb3BlcikgPG1hcnRpbi5vcnRlZ2EuYXJhc2hpQGdtYWlsLmNvbT7CwBME -ExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp0QIbAwULCQgHAgYVCgkI -CwIEFgIDAQIeAQIXgAAKCRAbk+anZs0indBjAgkBGFbgUf7gtpK6pwkX4DcNWUAz -jjp6s2lRbHQhkat6I7nn0gr7Vgp0OUxeCJqDbpdVco0zZAauweEDBT350vF8LgUC -B07VsXWg9P0BIqWNepwV/Lj63Zf/ye/UExOXm716wI/tVn3FRGKsimSUnBg1wO1F -YxlJfjGswGeR2f7HTwTAubNNwnUEEBYIAB0WIQRZckTb6lLsbv5fNqT91CpZ/UPA -ewUCZPTEgQAKCRD91CpZ/UPAe0rYAQCl6lPg73DMmTeAUV1Uqi2nyMjNIefvEtUY -2uabv8FvMwD9FiFMI0yDbmocc/sYuHcQqZhxzBJDlOYymnjw9OAv+QPCdQQQFggA -HRYhBCudIrQfKvEEK/znOjygud8b584JBQJk2prsAAoJEDygud8b584JLUsA/jgR -XXhniU635eJUVTOYG6OrrSbj9u9ONsHvu0P0u816AQCN5SQ+iLcm0fFYEwodwkPT -sudZLSGqt2U/EWX12nlTCM1ZSmVzdXMgTWFydGluIE9ydGVnYSBNYXJ0aW5leiAo -U3lzYWRtaW4vQmFja2VuZCBEZXZlbG9wZXIpIDxtYXJ0aW5vcnRlZ2FAY2llbmNp -YXMudW5hbS5teD7CwBQEExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp -fwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAbk+anZs0inZqDAgkByLGd -+av82alglrShLrBgHrX2l6STeAzN4toFfdVdse6zen8o89wEirQ1uMZ7pXulzAdb -ap30irjfMf8u0YMJWdgCCQEK/0TNGltdCsw21zd8eJH+9sJEh4/gtWdBhxMiYWHv -6euWavTUWXiDLggwQXTJ2kUzDBMt0DXwKmNVYnKxos+iB8J1BBAWCAAdFiEEWXJE -2+pS7G7+Xzak/dQqWf1DwHsFAmT0xIgACgkQ/dQqWf1DwHsBCAEA9U7+hsnnIAPC -L3hR3xlUbrP4QoAKEnODzDMliNecqckBAPhTZWbJrnhrpZH7JDKcDJqfwZFWItz7 -QY2thvcjUYIHwnUEEBYIAB0WIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNqa7AAK -CRA8oLnfG+fOCS0rAQCJXdLjaSluAAs2/llUmSyNMEiHrewhW/1xMGT+flLeJwD+ -IbKRpqVSnxdv1Zf1l7V4twaNTR9Szn+y79/iAXKi3QrOlwRkyZUhEgUrgQQAIwQj -BAG1EFibPYiRvzU2DYNDW819tK896ACcEaB4Fdyk3+iWQI/L9mWScptx+XcgpByU -UWLn47Gf3ACXtyNSIQnYjmHBegAbPkHv6yP5hwWr6uDRhxepZm2DOq0dcSW8HxwW -5rVeVVfn97yeWUUiZKxajL5LHTF+TCemfqOSy9sAJFYAKm4HxgMBCgnCuwQYEwoA -IBYhBJ5ka7BjDI/Ris0VVBuT5qdmzSKdBQJkyZUhAhsMAAoJEBuT5qdmzSKdQ7oC -CIYeYcvDgfp7jFeoh5qAi85gZhlaOncvh+WCiA5R637TjM9XQaIfhoRuiM+VL1CC -Kzq7NWx2S+DZpNWVPWY2vChaAgkBJC6GG5u2gq8zU6o84ThaDd0kZe3jfmhg8O8K -13tpOV6ovOjgK7kCtILqYsnW7RmZ4YEhfYUJtuhIe7CkI1xrpo0= -=N+0o ------END PGP PUBLIC KEY BLOCK----- diff --git a/keyring/main/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc b/keyring/main/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc index 4266ab8..bafdb6f 100644 --- a/keyring/main/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc +++ b/keyring/main/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc @@ -1,11 +1,15 @@ -----BEGIN PGP SIGNATURE----- -wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q -8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0 -dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ -ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90 -Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq -LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc -xnhBBgIiQHAA -=kX0Z +wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy +b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3 +M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6 +YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l +LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA +AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy +Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu +ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx +BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd +vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR +C54282BJtgI= +=Ak/D -----END PGP SIGNATURE----- diff --git a/keyring/packager/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc b/keyring/packager/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc index 4266ab8..bafdb6f 100644 --- a/keyring/packager/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc +++ b/keyring/packager/mrhacker/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09/uid/Kevin_Mu_oz__CyberSecurity_Engineer___kmunoz@condorbs.net_6546871d/certification/2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09.asc @@ -1,11 +1,15 @@ -----BEGIN PGP SIGNATURE----- -wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q -8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0 -dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ -ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90 -Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq -LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc -xnhBBgIiQHAA -=kX0Z +wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy +b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3 +M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6 +YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l +LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA +AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy +Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu +ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx +BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd +vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR +C54282BJtgI= +=Ak/D -----END PGP SIGNATURE----- diff --git a/libkeyringctl/keyring.py b/libkeyringctl/keyring.py index cd6085e..a2a8cfb 100644 --- a/libkeyringctl/keyring.py +++ b/libkeyringctl/keyring.py @@ -1,6 +1,8 @@ # SPDX-License-Identifier: GPL-3.0-or-later from collections import defaultdict +from enum import Enum +from enum import unique from itertools import chain from logging import debug from logging import error @@ -50,6 +52,18 @@ from .util import transform_fd_to_tmpfile PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S" +@unique +class PacketType(Enum): + """All understood OpenPGP packet types and the file endings as output by `sq packet split`""" + + PUBLIC_KEY = "Public-Key Packet" + USER_ID = "User ID Packet" + USER_ATTRIBUTE = "User Attribute Packet" + PUBLIC_SUBKEY = "Public-Subkey Packet" + SECRET_KEY = "Secret-Key Packet" + SIGNATURE = "Signature Packet" + + def is_pgp_fingerprint(string: str) -> bool: """Returns whether the passed string looks like a PGP (long) fingerprint @@ -375,14 +389,14 @@ def convert_certificate( for packet in packet_split(working_dir=working_dir, certificate=certificate): debug(f"Processing packet {packet.name}") - if packet.name.endswith("--PublicKey"): + if packet.name.endswith(PacketType.PUBLIC_KEY.value): current_packet_mode = "pubkey" current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint")) current_packet_uid = None certificate_fingerprint = current_packet_fingerprint pubkey = packet - elif packet.name.endswith("--UserID"): + elif packet.name.endswith(PacketType.USER_ID.value): current_packet_mode = "uid" current_packet_fingerprint = None current_packet_uid = Uid(packet_dump_field(packet, "Value")) @@ -392,17 +406,17 @@ def convert_certificate( f"Duplicate User ID {current_packet_uid} used in packet {uids[current_packet_uid]} and {packet}" ) uids[current_packet_uid] = packet - elif packet.name.endswith("UserAttribute"): + elif packet.name.endswith(PacketType.USER_ATTRIBUTE.value): current_packet_mode = "uattr" current_packet_fingerprint = None current_packet_uid = None - elif packet.name.endswith("--PublicSubkey"): + elif packet.name.endswith(PacketType.PUBLIC_SUBKEY.value): current_packet_mode = "subkey" current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint")) current_packet_uid = None subkeys[current_packet_fingerprint] = packet - elif packet.name.endswith("--SecretKey"): + elif packet.name.endswith(PacketType.SECRET_KEY.value): error( "\n###################################################################\n" "Do not ever process your private key file!\n" @@ -410,7 +424,7 @@ def convert_certificate( "###################################################################" ) raise Exception("Secret key detected, aborting") - elif packet.name.endswith("--Signature"): + elif packet.name.endswith(PacketType.SIGNATURE.value): convert_signature_packet( packet=packet, current_packet_mode=current_packet_mode, @@ -953,7 +967,7 @@ def get_fingerprints_from_keyring_files(working_dir: Path, source: Iterable[Path for key in keys: for certificate in keyring_split(working_dir=working_dir, keyring=key, preserve_filename=True): for packet in packet_split(working_dir=working_dir, certificate=certificate): - if packet.name.endswith("--PublicKey"): + if packet.name.endswith(PacketType.PUBLIC_KEY.value): fingerprints[Fingerprint(packet_dump_field(packet, "Fingerprint"))] = Username(certificate.stem) debug(f"Fingerprints of PGP public keys in {source}: {fingerprints}") @@ -1133,19 +1147,19 @@ def build( target_dir.mkdir(parents=True, exist_ok=True) target_dir.touch() - keyring: Path = target_dir / Path("archlinux.gpg") + keyring: Path = target_dir / Path("condorcore.gpg") export(working_dir=working_dir, keyring_root=keyring_root, output=keyring) trusted_main_keys = export_ownertrust( certs=[keyring_root / "main"], keyring_root=keyring_root, - output=target_dir / "archlinux-trusted", + output=target_dir / "condorcore-trusted", ) export_revoked( certs=[keyring_root], keyring_root=keyring_root, main_keys=set(trusted_main_keys), - output=target_dir / "archlinux-revoked", + output=target_dir / "condorcore-revoked", ) diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py index 775db18..094edc0 100644 --- a/libkeyringctl/sequoia.py +++ b/libkeyringctl/sequoia.py @@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute() with cwd(keyring_dir): - system(["sq", "keyring", "split", "--prefix", "", str(keyring)]) + system(["sq", "toolbox", "keyring", "split", str(keyring)]) keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir())) @@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force The result if no output file has been used """ - cmd = ["sq", "keyring", "merge"] + cmd = ["sq", "toolbox", "keyring", "merge"] if force: cmd.insert(1, "--force") if output: @@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]: packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute() with cwd(packet_dir): - system(["sq", "packet", "split", "--prefix", "", str(certificate)]) + system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)]) return natural_sort_path(packet_dir.iterdir()) @@ -121,7 +121,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool The result if no output file has been used """ - cmd = ["sq", "packet", "join"] + cmd = ["sq", "toolbox", "packet", "join"] if force: cmd.insert(1, "--force") packets_str = list(map(lambda path: str(path), packets)) @@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str: The contents of the packet dump """ - return system(["sq", "packet", "dump", str(packet)]) + return system(["sq", "toolbox", "packet", "dump", str(packet)]) def packet_dump_field(packet: Path, query: str) -> str: @@ -336,7 +336,7 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str: The result of the extract in case output is None """ - cmd = ["sq", "key", "extract-cert", str(key)] + cmd = ["sq", "toolbox", "extract-cert", str(key)] if output: cmd.extend(["--output", str(output)]) return system(cmd) @@ -357,7 +357,7 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s The result of the certification in case output is None """ - cmd = ["sq", "certify", str(key), str(certificate), uid] + cmd = ["sq", "pki", "certify", str(key), str(certificate), uid] if output: cmd.extend(["--output", str(output)]) return system(cmd) diff --git a/libkeyringctl/trust.py b/libkeyringctl/trust.py index 67ea0ed..4353bcd 100644 --- a/libkeyringctl/trust.py +++ b/libkeyringctl/trust.py @@ -202,15 +202,15 @@ def trust_icon(trust: Trust) -> str: ------- The single character icon representing the passed trust status """ - if trust == Trust.revoked: - return "✗" - if trust == Trust.unknown: - return "~" - if trust == Trust.marginal: - return "~" - if trust == Trust.full: - return "✓" - return "?" + icon = "?" + match trust: + case Trust.revoked: + icon = "✗" + case Trust.unknown | Trust.marginal: + icon = "~" + case Trust.full: + icon = "✓" + return icon def trust_color(trust: Trust) -> Color: diff --git a/libkeyringctl/verify.py b/libkeyringctl/verify.py index a0c582b..6f41815 100644 --- a/libkeyringctl/verify.py +++ b/libkeyringctl/verify.py @@ -68,10 +68,10 @@ def verify( # noqa: ignore=C901 ) if lint_hokey: - keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) + keyring_fd = Popen(("sq", "toolbox", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="") if lint_sq_keyring: - print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="") + print(system(["sq", "cert", "lint", f"{str(keyring_path)}"]), end="") def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901 diff --git a/tests/test_keyring.py b/tests/test_keyring.py index 3f3716d..f955cd2 100644 --- a/tests/test_keyring.py +++ b/tests/test_keyring.py @@ -409,12 +409,12 @@ def test_convert_signature_packet( ( Path("foo.asc"), [ - Path("--PublicKey"), - Path("--Signature"), - Path("--UserID"), - Path("--UserAttribute"), - Path("--PublicSubkey"), - Path("--Signature"), + Path(keyring.PacketType.PUBLIC_KEY.value), + Path(keyring.PacketType.SIGNATURE.value), + Path(keyring.PacketType.USER_ID.value), + Path(keyring.PacketType.USER_ATTRIBUTE.value), + Path(keyring.PacketType.PUBLIC_SUBKEY.value), + Path(keyring.PacketType.SIGNATURE.value), ], [ "".join(choice("ABCDEF" + digits) for _ in range(40)), @@ -427,10 +427,10 @@ def test_convert_signature_packet( ( Path("foo.asc"), [ - Path("--PublicKey"), - Path("--Signature"), - Path("--UserID"), - Path("--UserID"), + Path(keyring.PacketType.PUBLIC_KEY.value), + Path(keyring.PacketType.SIGNATURE.value), + Path(keyring.PacketType.USER_ID.value), + Path(keyring.PacketType.USER_ID.value), ], [ "".join(choice("ABCDEF" + digits) for _ in range(40)), @@ -443,7 +443,7 @@ def test_convert_signature_packet( ( Path("foo.asc"), [ - Path("--SecretKey"), + Path(keyring.PacketType.SECRET_KEY.value), ], [], None, @@ -461,7 +461,7 @@ def test_convert_signature_packet( ( Path("foo.asc"), [ - Path("--PublicKey"), + Path(keyring.PacketType.PUBLIC_KEY.value), ], [ None, diff --git a/tests/test_sequoia.py b/tests/test_sequoia.py index 6213a91..ccdd896 100644 --- a/tests/test_sequoia.py +++ b/tests/test_sequoia.py @@ -166,7 +166,7 @@ def test_inspect( def test_packet_dump(system_mock: Mock) -> None: system_mock.return_value = "return" assert sequoia.packet_dump(packet=Path("packet")) == "return" - system_mock.called_once_with(["sq", "packet", "dump", "packet"]) + system_mock.assert_called_once_with(["sq", "toolbox", "packet", "dump", "packet"]) @mark.parametrize( diff --git a/wkd_sync/archlinux-keyring-wkd-sync b/wkd_sync/archlinux-keyring-wkd-sync old mode 100755 new mode 100644 index 867acae..78cb133 --- a/wkd_sync/archlinux-keyring-wkd-sync +++ b/wkd_sync/archlinux-keyring-wkd-sync @@ -13,14 +13,11 @@ set -eu -readonly main_key_domain_match="@master-key.archlinux.org$" -readonly packager_domain_match="@archlinux.org$" +readonly main_key_domain_match="@condorbs.net$" +readonly packager_domain_match="@condorbs.net$" readonly homedir="$(pacman-conf GPGDir)" # fingerprints of keys with SHA-1 self-signatures (no longer used) readonly invalid_fingerprints=( - 0F334D8698881578F65D2AE55ED514A45BD5C938 # djgera@archlinux.org - F4DDD6DDCEC320B665F502AAE8F18BA1615137BC # ibiru@archlinux.org - EA84EA00866F51FB10CD19AE426991CD8406FFF3 # ronald@archlinux.org ) domain_match=""