update
This commit is contained in:
parent
c9f1da7027
commit
ea131e4bc1
4
Makefile
4
Makefile
@ -39,10 +39,10 @@ test:
|
|||||||
coverage report --fail-under=100.0
|
coverage report --fail-under=100.0
|
||||||
|
|
||||||
build: $(SOURCES)
|
build: $(SOURCES)
|
||||||
./keyringctl -v $(BUILD_DIR)
|
./keyringctl -v build
|
||||||
|
|
||||||
wkd: build
|
wkd: build
|
||||||
sq -f wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
|
sq -f network wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
|
||||||
|
|
||||||
wkd_inspect: wkd
|
wkd_inspect: wkd
|
||||||
for file in $(WKD_BUILD_DIR)/.well-known/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect $$file; done
|
for file in $(WKD_BUILD_DIR)/.well-known/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect $$file; done
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09:4:
|
|
||||||
597244DBEA52EC6EFE5F36A4FDD42A59FD43C07B:4:
|
|
||||||
9E646BB0630C8FD18ACD15541B93E6A766CD229D:4:
|
|
||||||
@ -1,86 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
xjMEZNlVYBYJKwYBBAHaRw8BAQdAqrHl4S2UIU1DVv75VVqxYWzMXIj6DUYOEdx5
|
|
||||||
9S54zibNO0tldmluIE11w7FveiAoQ2liZXJTZWN1cml0eSBFbmdpbmVlcikgPGtt
|
|
||||||
dW5vekBjb25kb3Jicy5uZXQ+wpAEExYIADgWIQQrnSK0HyrxBCv85zo8oLnfG+fO
|
|
||||||
CQUCZNlVYAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA8oLnfG+fOCS2Y
|
|
||||||
AP9NkmVFAljJiYFLtc7o1xB3xT/qtfJKw95khnhQFLqd5AEAsb5vlZ/bDvb56Yge
|
|
||||||
a+O/ar+qpq1q+cGvnUx2/OGPJg7CdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9
|
|
||||||
Q8B7BQJk9L04AAoJEP3UKln9Q8B7tsUBAI3bUgjtoc57+lpT+Nfa/JDfddLejElW
|
|
||||||
mZBITOnpHtT9AQDPBcKJwR4BXdPvXKYizEUq758weamJJK+YC/OHFQGHBM07S2V2
|
|
||||||
aW4gTXXDsW96IChDeWJlclNlY3VyaXR5IEVuZ2luZWVyKSA8a211bm96QGNvbmRv
|
|
||||||
cmJzLm5ldD7CwGYEExYIAM4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEW
|
|
||||||
IQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZOd3g0MUgAAAAAAQACpwcm9vZkBhcmlh
|
|
||||||
ZG5lLmlkaHR0cHM6Ly9tYXN0b2Rvbi5jZW50YXVyaWNvcmV4Lm5ldC9Aa211bm96
|
|
||||||
ThSAAAAAABAANXByb29mQGFyaWFkbmUuaWRodHRwczovL3QubWUvRXJyb3I0MDRI
|
|
||||||
YWNrZXJOb3RGb3VuZD9wcm9vZj1QZWxvY29uY2hhMwAKCRA8oLnfG+fOCTTjAP9f
|
|
||||||
6xcZSQeJ1uoudcekhEAs9aPZnfExnSWFC0agXDOV5QD/eqjVyUJGyyEPM9yiDOFv
|
|
||||||
Xuy7F54UKlzGeEEGAiJAcADCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7
|
|
||||||
BQJk9L0xAAoJEP3UKln9Q8B7VRoA/3W2b2yzRIw/jz6HKGrCKPBZ4YSFqDU0WHau
|
|
||||||
wcm9kkjrAQCsbcVMj1+nrYqLPqt2EaGoI0vL7HNqkDFtZBJ1sOXgA84zBGTZVm8W
|
|
||||||
CSsGAQQB2kcPAQEHQFdn0G+sy9PxbV67iR8YmLpVtAv0VXSR+bv7LXWeFwmqwngE
|
|
||||||
GBYIACAWIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNlWbwIbIAAKCRA8oLnfG+fO
|
|
||||||
CcclAP9vH93UilCUalYkdkg0IIimuOrYJAFE3PoYzM3Yfh9VSAD/b750y/y65soK
|
|
||||||
AhwaVWI0mD+2ktStLv5GQQVsD9aYqALOOARk2Va/EgorBgEEAZdVAQUBAQdARB6y
|
|
||||||
g2ApZUudIRWiTyl30XISWQZjXMMpeyJlpVhxNGQDAQgHwngEGBYIACAWIQQrnSK0
|
|
||||||
HyrxBCv85zo8oLnfG+fOCQUCZNlWvwIbDAAKCRA8oLnfG+fOCU8IAP43YS3bfntH
|
|
||||||
ouOiZk7UuxLbHeXQl6YkBTgO0W+uKTPtrwD8CBgI2PEDktTsoBkDQxKzGJRmCRwn
|
|
||||||
aK1yIipT/mwQEQ/GMwRk74e+FgkrBgEEAdpHDwEBB0DRmBzOdoNSNtQoyh3Q7VM8
|
|
||||||
DDPO3/Svh6UGE7Dsxtdbic0uIChDb25kb3JCUyBNYXN0ZXIgS2V5KSA8Y29udGFj
|
|
||||||
dG9AY29uZG9yYnMubmV0PsKQBBMWCAA4FiEEWXJE2+pS7G7+Xzak/dQqWf1DwHsF
|
|
||||||
AmTvh74CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/dQqWf1DwHsavAEA
|
|
||||||
nrULtiu3Y7DozXJrc3qig9nBfUmy5MrqCM0F4h0gvNABAPR+lv2nK1qj8RnXwv8W
|
|
||||||
W2DQ0Ay/hENwAqVyUE9x8kcGzjMEZO+KdRYJKwYBBAHaRw8BAQdAYbnrkxnt+czK
|
|
||||||
37JQ26fC0VrmdCfCSHn2xoECi99TBOHCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3U
|
|
||||||
Kln9Q8B7BQJk74p1AhsgAAoJEP3UKln9Q8B7gNkA/ROCE7kfkv47989kajklGJjP
|
|
||||||
hQwMbPvgsbE+nSAk740/AQC2RDCFK2O12nTpgLWlhgTmRdrUtMphW+nJGLJ/atGi
|
|
||||||
B844BGTvijUSCisGAQQBl1UBBQEBB0BZDz+DYUKdCrEn4YYk77LKruz8oExl0Iu0
|
|
||||||
Hh+M/lHeSQMBCAfCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk74o1
|
|
||||||
AhsMAAoJEP3UKln9Q8B79DUA/AyMo+fm7r+pzyJJk1uZWgTgSA4BhLpZNUBytVXu
|
|
||||||
sXp9AP9n6mXXMx8Ki4OIc7hmaUWN40vZ5e5kFkKT+VaERW7/DcaTBGTJlSETBSuB
|
|
||||||
BAAjBCMEADIOqFyLQXzfaJ/cY4mZbtdoCdbSyIeR/KG2AtYXXPHaeSPf69kg8jKH
|
|
||||||
Sq92AkWi57zva5MKCfBu2mNFl8o+Dv3NAL6LC5w71C6AXsUAelR7TJFnvboGwdHG
|
|
||||||
QeeBCSa/qXWiVIpjsmU9F90DJkkYUwa4gIZ1P55PSg34mRMjDG/LmRI5zVBKZXN1
|
|
||||||
cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5kIERldmVs
|
|
||||||
b3BlcikgPGpvcnRlZ2FAY29uZG9yYnMubmV0PsLAEwQTEwoAOBYhBJ5ka7BjDI/R
|
|
||||||
is0VVBuT5qdmzSKdBQJkyegfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
|
|
||||||
EBuT5qdmzSKdD/wCCQHcb/w21KKkRkZ8HXBARcKmYtdv7/ivSBoC7L5jsgJZbiJ6
|
|
||||||
f2lhvMOojtRnK+7s+QoUPqgsDwXt3AUETYhN3udpXwII1I7xDut5yMAgoBEVDamm
|
|
||||||
g2aK5VWFJTRvyjtWyfAU+oiWCNq7o9dI7d0/BzkA+0foBNysntr90Do/Ie10gxdH
|
|
||||||
t2XCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk9MSHAAoJEP3UKln9
|
|
||||||
Q8B7Yu4A/212jMoLDU9SkO98vILe8pzsQWolKQNhGHI1iZz6DvS2AQC0poP2EsZV
|
|
||||||
jsTtLv4wfHdOE59zPuCn2ZNHOtn/80WzCcJ1BBAWCAAdFiEEK50itB8q8QQr/Oc6
|
|
||||||
PKC53xvnzgkFAmTamuwACgkQPKC53xvnzglqmQEA90Gox/7Wkf7qoT4ma7t8aPsp
|
|
||||||
bwot2bs2qC0mAjH1lIgBALgH7rJse0XLY8vJPdv966Aols9R4JsBrQF3wwAMYLgN
|
|
||||||
zVpKZXN1cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5k
|
|
||||||
IERldmVsb3BlcikgPG1hcnRpbi5vcnRlZ2EuYXJhc2hpQGdtYWlsLmNvbT7CwBME
|
|
||||||
ExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp0QIbAwULCQgHAgYVCgkI
|
|
||||||
CwIEFgIDAQIeAQIXgAAKCRAbk+anZs0indBjAgkBGFbgUf7gtpK6pwkX4DcNWUAz
|
|
||||||
jjp6s2lRbHQhkat6I7nn0gr7Vgp0OUxeCJqDbpdVco0zZAauweEDBT350vF8LgUC
|
|
||||||
B07VsXWg9P0BIqWNepwV/Lj63Zf/ye/UExOXm716wI/tVn3FRGKsimSUnBg1wO1F
|
|
||||||
YxlJfjGswGeR2f7HTwTAubNNwnUEEBYIAB0WIQRZckTb6lLsbv5fNqT91CpZ/UPA
|
|
||||||
ewUCZPTEgQAKCRD91CpZ/UPAe0rYAQCl6lPg73DMmTeAUV1Uqi2nyMjNIefvEtUY
|
|
||||||
2uabv8FvMwD9FiFMI0yDbmocc/sYuHcQqZhxzBJDlOYymnjw9OAv+QPCdQQQFggA
|
|
||||||
HRYhBCudIrQfKvEEK/znOjygud8b584JBQJk2prsAAoJEDygud8b584JLUsA/jgR
|
|
||||||
XXhniU635eJUVTOYG6OrrSbj9u9ONsHvu0P0u816AQCN5SQ+iLcm0fFYEwodwkPT
|
|
||||||
sudZLSGqt2U/EWX12nlTCM1ZSmVzdXMgTWFydGluIE9ydGVnYSBNYXJ0aW5leiAo
|
|
||||||
U3lzYWRtaW4vQmFja2VuZCBEZXZlbG9wZXIpIDxtYXJ0aW5vcnRlZ2FAY2llbmNp
|
|
||||||
YXMudW5hbS5teD7CwBQEExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp
|
|
||||||
fwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAbk+anZs0inZqDAgkByLGd
|
|
||||||
+av82alglrShLrBgHrX2l6STeAzN4toFfdVdse6zen8o89wEirQ1uMZ7pXulzAdb
|
|
||||||
ap30irjfMf8u0YMJWdgCCQEK/0TNGltdCsw21zd8eJH+9sJEh4/gtWdBhxMiYWHv
|
|
||||||
6euWavTUWXiDLggwQXTJ2kUzDBMt0DXwKmNVYnKxos+iB8J1BBAWCAAdFiEEWXJE
|
|
||||||
2+pS7G7+Xzak/dQqWf1DwHsFAmT0xIgACgkQ/dQqWf1DwHsBCAEA9U7+hsnnIAPC
|
|
||||||
L3hR3xlUbrP4QoAKEnODzDMliNecqckBAPhTZWbJrnhrpZH7JDKcDJqfwZFWItz7
|
|
||||||
QY2thvcjUYIHwnUEEBYIAB0WIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNqa7AAK
|
|
||||||
CRA8oLnfG+fOCS0rAQCJXdLjaSluAAs2/llUmSyNMEiHrewhW/1xMGT+flLeJwD+
|
|
||||||
IbKRpqVSnxdv1Zf1l7V4twaNTR9Szn+y79/iAXKi3QrOlwRkyZUhEgUrgQQAIwQj
|
|
||||||
BAG1EFibPYiRvzU2DYNDW819tK896ACcEaB4Fdyk3+iWQI/L9mWScptx+XcgpByU
|
|
||||||
UWLn47Gf3ACXtyNSIQnYjmHBegAbPkHv6yP5hwWr6uDRhxepZm2DOq0dcSW8HxwW
|
|
||||||
5rVeVVfn97yeWUUiZKxajL5LHTF+TCemfqOSy9sAJFYAKm4HxgMBCgnCuwQYEwoA
|
|
||||||
IBYhBJ5ka7BjDI/Ris0VVBuT5qdmzSKdBQJkyZUhAhsMAAoJEBuT5qdmzSKdQ7oC
|
|
||||||
CIYeYcvDgfp7jFeoh5qAi85gZhlaOncvh+WCiA5R637TjM9XQaIfhoRuiM+VL1CC
|
|
||||||
Kzq7NWx2S+DZpNWVPWY2vChaAgkBJC6GG5u2gq8zU6o84ThaDd0kZe3jfmhg8O8K
|
|
||||||
13tpOV6ovOjgK7kCtILqYsnW7RmZ4YEhfYUJtuhIe7CkI1xrpo0=
|
|
||||||
=N+0o
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@ -1,11 +1,15 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
|
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
|
||||||
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
|
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
|
||||||
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
|
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
|
||||||
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
|
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
|
||||||
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
|
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
|
||||||
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
|
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
|
||||||
xnhBBgIiQHAA
|
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
|
||||||
=kX0Z
|
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
|
||||||
|
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
|
||||||
|
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
|
||||||
|
C54282BJtgI=
|
||||||
|
=Ak/D
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|||||||
@ -1,11 +1,15 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
|
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
|
||||||
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
|
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
|
||||||
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
|
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
|
||||||
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
|
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
|
||||||
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
|
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
|
||||||
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
|
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
|
||||||
xnhBBgIiQHAA
|
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
|
||||||
=kX0Z
|
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
|
||||||
|
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
|
||||||
|
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
|
||||||
|
C54282BJtgI=
|
||||||
|
=Ak/D
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|||||||
@ -1,6 +1,8 @@
|
|||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
|
from enum import Enum
|
||||||
|
from enum import unique
|
||||||
from itertools import chain
|
from itertools import chain
|
||||||
from logging import debug
|
from logging import debug
|
||||||
from logging import error
|
from logging import error
|
||||||
@ -50,6 +52,18 @@ from .util import transform_fd_to_tmpfile
|
|||||||
PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S"
|
PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S"
|
||||||
|
|
||||||
|
|
||||||
|
@unique
|
||||||
|
class PacketType(Enum):
|
||||||
|
"""All understood OpenPGP packet types and the file endings as output by `sq packet split`"""
|
||||||
|
|
||||||
|
PUBLIC_KEY = "Public-Key Packet"
|
||||||
|
USER_ID = "User ID Packet"
|
||||||
|
USER_ATTRIBUTE = "User Attribute Packet"
|
||||||
|
PUBLIC_SUBKEY = "Public-Subkey Packet"
|
||||||
|
SECRET_KEY = "Secret-Key Packet"
|
||||||
|
SIGNATURE = "Signature Packet"
|
||||||
|
|
||||||
|
|
||||||
def is_pgp_fingerprint(string: str) -> bool:
|
def is_pgp_fingerprint(string: str) -> bool:
|
||||||
"""Returns whether the passed string looks like a PGP (long) fingerprint
|
"""Returns whether the passed string looks like a PGP (long) fingerprint
|
||||||
|
|
||||||
@ -375,14 +389,14 @@ def convert_certificate(
|
|||||||
|
|
||||||
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
||||||
debug(f"Processing packet {packet.name}")
|
debug(f"Processing packet {packet.name}")
|
||||||
if packet.name.endswith("--PublicKey"):
|
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
|
||||||
current_packet_mode = "pubkey"
|
current_packet_mode = "pubkey"
|
||||||
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
||||||
current_packet_uid = None
|
current_packet_uid = None
|
||||||
|
|
||||||
certificate_fingerprint = current_packet_fingerprint
|
certificate_fingerprint = current_packet_fingerprint
|
||||||
pubkey = packet
|
pubkey = packet
|
||||||
elif packet.name.endswith("--UserID"):
|
elif packet.name.endswith(PacketType.USER_ID.value):
|
||||||
current_packet_mode = "uid"
|
current_packet_mode = "uid"
|
||||||
current_packet_fingerprint = None
|
current_packet_fingerprint = None
|
||||||
current_packet_uid = Uid(packet_dump_field(packet, "Value"))
|
current_packet_uid = Uid(packet_dump_field(packet, "Value"))
|
||||||
@ -392,17 +406,17 @@ def convert_certificate(
|
|||||||
f"Duplicate User ID {current_packet_uid} used in packet {uids[current_packet_uid]} and {packet}"
|
f"Duplicate User ID {current_packet_uid} used in packet {uids[current_packet_uid]} and {packet}"
|
||||||
)
|
)
|
||||||
uids[current_packet_uid] = packet
|
uids[current_packet_uid] = packet
|
||||||
elif packet.name.endswith("UserAttribute"):
|
elif packet.name.endswith(PacketType.USER_ATTRIBUTE.value):
|
||||||
current_packet_mode = "uattr"
|
current_packet_mode = "uattr"
|
||||||
current_packet_fingerprint = None
|
current_packet_fingerprint = None
|
||||||
current_packet_uid = None
|
current_packet_uid = None
|
||||||
elif packet.name.endswith("--PublicSubkey"):
|
elif packet.name.endswith(PacketType.PUBLIC_SUBKEY.value):
|
||||||
current_packet_mode = "subkey"
|
current_packet_mode = "subkey"
|
||||||
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
|
||||||
current_packet_uid = None
|
current_packet_uid = None
|
||||||
|
|
||||||
subkeys[current_packet_fingerprint] = packet
|
subkeys[current_packet_fingerprint] = packet
|
||||||
elif packet.name.endswith("--SecretKey"):
|
elif packet.name.endswith(PacketType.SECRET_KEY.value):
|
||||||
error(
|
error(
|
||||||
"\n###################################################################\n"
|
"\n###################################################################\n"
|
||||||
"Do not ever process your private key file!\n"
|
"Do not ever process your private key file!\n"
|
||||||
@ -410,7 +424,7 @@ def convert_certificate(
|
|||||||
"###################################################################"
|
"###################################################################"
|
||||||
)
|
)
|
||||||
raise Exception("Secret key detected, aborting")
|
raise Exception("Secret key detected, aborting")
|
||||||
elif packet.name.endswith("--Signature"):
|
elif packet.name.endswith(PacketType.SIGNATURE.value):
|
||||||
convert_signature_packet(
|
convert_signature_packet(
|
||||||
packet=packet,
|
packet=packet,
|
||||||
current_packet_mode=current_packet_mode,
|
current_packet_mode=current_packet_mode,
|
||||||
@ -953,7 +967,7 @@ def get_fingerprints_from_keyring_files(working_dir: Path, source: Iterable[Path
|
|||||||
for key in keys:
|
for key in keys:
|
||||||
for certificate in keyring_split(working_dir=working_dir, keyring=key, preserve_filename=True):
|
for certificate in keyring_split(working_dir=working_dir, keyring=key, preserve_filename=True):
|
||||||
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
for packet in packet_split(working_dir=working_dir, certificate=certificate):
|
||||||
if packet.name.endswith("--PublicKey"):
|
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
|
||||||
fingerprints[Fingerprint(packet_dump_field(packet, "Fingerprint"))] = Username(certificate.stem)
|
fingerprints[Fingerprint(packet_dump_field(packet, "Fingerprint"))] = Username(certificate.stem)
|
||||||
|
|
||||||
debug(f"Fingerprints of PGP public keys in {source}: {fingerprints}")
|
debug(f"Fingerprints of PGP public keys in {source}: {fingerprints}")
|
||||||
@ -1133,19 +1147,19 @@ def build(
|
|||||||
target_dir.mkdir(parents=True, exist_ok=True)
|
target_dir.mkdir(parents=True, exist_ok=True)
|
||||||
target_dir.touch()
|
target_dir.touch()
|
||||||
|
|
||||||
keyring: Path = target_dir / Path("archlinux.gpg")
|
keyring: Path = target_dir / Path("condorcore.gpg")
|
||||||
export(working_dir=working_dir, keyring_root=keyring_root, output=keyring)
|
export(working_dir=working_dir, keyring_root=keyring_root, output=keyring)
|
||||||
|
|
||||||
trusted_main_keys = export_ownertrust(
|
trusted_main_keys = export_ownertrust(
|
||||||
certs=[keyring_root / "main"],
|
certs=[keyring_root / "main"],
|
||||||
keyring_root=keyring_root,
|
keyring_root=keyring_root,
|
||||||
output=target_dir / "archlinux-trusted",
|
output=target_dir / "condorcore-trusted",
|
||||||
)
|
)
|
||||||
export_revoked(
|
export_revoked(
|
||||||
certs=[keyring_root],
|
certs=[keyring_root],
|
||||||
keyring_root=keyring_root,
|
keyring_root=keyring_root,
|
||||||
main_keys=set(trusted_main_keys),
|
main_keys=set(trusted_main_keys),
|
||||||
output=target_dir / "archlinux-revoked",
|
output=target_dir / "condorcore-revoked",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa
|
|||||||
keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute()
|
keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute()
|
||||||
|
|
||||||
with cwd(keyring_dir):
|
with cwd(keyring_dir):
|
||||||
system(["sq", "keyring", "split", "--prefix", "", str(keyring)])
|
system(["sq", "toolbox", "keyring", "split", str(keyring)])
|
||||||
|
|
||||||
keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir()))
|
keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir()))
|
||||||
|
|
||||||
@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force
|
|||||||
The result if no output file has been used
|
The result if no output file has been used
|
||||||
"""
|
"""
|
||||||
|
|
||||||
cmd = ["sq", "keyring", "merge"]
|
cmd = ["sq", "toolbox", "keyring", "merge"]
|
||||||
if force:
|
if force:
|
||||||
cmd.insert(1, "--force")
|
cmd.insert(1, "--force")
|
||||||
if output:
|
if output:
|
||||||
@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]:
|
|||||||
packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute()
|
packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute()
|
||||||
|
|
||||||
with cwd(packet_dir):
|
with cwd(packet_dir):
|
||||||
system(["sq", "packet", "split", "--prefix", "", str(certificate)])
|
system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)])
|
||||||
return natural_sort_path(packet_dir.iterdir())
|
return natural_sort_path(packet_dir.iterdir())
|
||||||
|
|
||||||
|
|
||||||
@ -121,7 +121,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool
|
|||||||
The result if no output file has been used
|
The result if no output file has been used
|
||||||
"""
|
"""
|
||||||
|
|
||||||
cmd = ["sq", "packet", "join"]
|
cmd = ["sq", "toolbox", "packet", "join"]
|
||||||
if force:
|
if force:
|
||||||
cmd.insert(1, "--force")
|
cmd.insert(1, "--force")
|
||||||
packets_str = list(map(lambda path: str(path), packets))
|
packets_str = list(map(lambda path: str(path), packets))
|
||||||
@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str:
|
|||||||
The contents of the packet dump
|
The contents of the packet dump
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return system(["sq", "packet", "dump", str(packet)])
|
return system(["sq", "toolbox", "packet", "dump", str(packet)])
|
||||||
|
|
||||||
|
|
||||||
def packet_dump_field(packet: Path, query: str) -> str:
|
def packet_dump_field(packet: Path, query: str) -> str:
|
||||||
@ -336,7 +336,7 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str:
|
|||||||
The result of the extract in case output is None
|
The result of the extract in case output is None
|
||||||
"""
|
"""
|
||||||
|
|
||||||
cmd = ["sq", "key", "extract-cert", str(key)]
|
cmd = ["sq", "toolbox", "extract-cert", str(key)]
|
||||||
if output:
|
if output:
|
||||||
cmd.extend(["--output", str(output)])
|
cmd.extend(["--output", str(output)])
|
||||||
return system(cmd)
|
return system(cmd)
|
||||||
@ -357,7 +357,7 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s
|
|||||||
The result of the certification in case output is None
|
The result of the certification in case output is None
|
||||||
"""
|
"""
|
||||||
|
|
||||||
cmd = ["sq", "certify", str(key), str(certificate), uid]
|
cmd = ["sq", "pki", "certify", str(key), str(certificate), uid]
|
||||||
if output:
|
if output:
|
||||||
cmd.extend(["--output", str(output)])
|
cmd.extend(["--output", str(output)])
|
||||||
return system(cmd)
|
return system(cmd)
|
||||||
|
|||||||
@ -202,15 +202,15 @@ def trust_icon(trust: Trust) -> str:
|
|||||||
-------
|
-------
|
||||||
The single character icon representing the passed trust status
|
The single character icon representing the passed trust status
|
||||||
"""
|
"""
|
||||||
if trust == Trust.revoked:
|
icon = "?"
|
||||||
return "✗"
|
match trust:
|
||||||
if trust == Trust.unknown:
|
case Trust.revoked:
|
||||||
return "~"
|
icon = "✗"
|
||||||
if trust == Trust.marginal:
|
case Trust.unknown | Trust.marginal:
|
||||||
return "~"
|
icon = "~"
|
||||||
if trust == Trust.full:
|
case Trust.full:
|
||||||
return "✓"
|
icon = "✓"
|
||||||
return "?"
|
return icon
|
||||||
|
|
||||||
|
|
||||||
def trust_color(trust: Trust) -> Color:
|
def trust_color(trust: Trust) -> Color:
|
||||||
|
|||||||
@ -68,10 +68,10 @@ def verify( # noqa: ignore=C901
|
|||||||
)
|
)
|
||||||
|
|
||||||
if lint_hokey:
|
if lint_hokey:
|
||||||
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
|
keyring_fd = Popen(("sq", "toolbox", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
|
||||||
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
|
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
|
||||||
if lint_sq_keyring:
|
if lint_sq_keyring:
|
||||||
print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
|
print(system(["sq", "cert", "lint", f"{str(keyring_path)}"]), end="")
|
||||||
|
|
||||||
|
|
||||||
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901
|
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901
|
||||||
|
|||||||
@ -409,12 +409,12 @@ def test_convert_signature_packet(
|
|||||||
(
|
(
|
||||||
Path("foo.asc"),
|
Path("foo.asc"),
|
||||||
[
|
[
|
||||||
Path("--PublicKey"),
|
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||||
Path("--Signature"),
|
Path(keyring.PacketType.SIGNATURE.value),
|
||||||
Path("--UserID"),
|
Path(keyring.PacketType.USER_ID.value),
|
||||||
Path("--UserAttribute"),
|
Path(keyring.PacketType.USER_ATTRIBUTE.value),
|
||||||
Path("--PublicSubkey"),
|
Path(keyring.PacketType.PUBLIC_SUBKEY.value),
|
||||||
Path("--Signature"),
|
Path(keyring.PacketType.SIGNATURE.value),
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
||||||
@ -427,10 +427,10 @@ def test_convert_signature_packet(
|
|||||||
(
|
(
|
||||||
Path("foo.asc"),
|
Path("foo.asc"),
|
||||||
[
|
[
|
||||||
Path("--PublicKey"),
|
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||||
Path("--Signature"),
|
Path(keyring.PacketType.SIGNATURE.value),
|
||||||
Path("--UserID"),
|
Path(keyring.PacketType.USER_ID.value),
|
||||||
Path("--UserID"),
|
Path(keyring.PacketType.USER_ID.value),
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
"".join(choice("ABCDEF" + digits) for _ in range(40)),
|
||||||
@ -443,7 +443,7 @@ def test_convert_signature_packet(
|
|||||||
(
|
(
|
||||||
Path("foo.asc"),
|
Path("foo.asc"),
|
||||||
[
|
[
|
||||||
Path("--SecretKey"),
|
Path(keyring.PacketType.SECRET_KEY.value),
|
||||||
],
|
],
|
||||||
[],
|
[],
|
||||||
None,
|
None,
|
||||||
@ -461,7 +461,7 @@ def test_convert_signature_packet(
|
|||||||
(
|
(
|
||||||
Path("foo.asc"),
|
Path("foo.asc"),
|
||||||
[
|
[
|
||||||
Path("--PublicKey"),
|
Path(keyring.PacketType.PUBLIC_KEY.value),
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
None,
|
None,
|
||||||
|
|||||||
@ -166,7 +166,7 @@ def test_inspect(
|
|||||||
def test_packet_dump(system_mock: Mock) -> None:
|
def test_packet_dump(system_mock: Mock) -> None:
|
||||||
system_mock.return_value = "return"
|
system_mock.return_value = "return"
|
||||||
assert sequoia.packet_dump(packet=Path("packet")) == "return"
|
assert sequoia.packet_dump(packet=Path("packet")) == "return"
|
||||||
system_mock.called_once_with(["sq", "packet", "dump", "packet"])
|
system_mock.assert_called_once_with(["sq", "toolbox", "packet", "dump", "packet"])
|
||||||
|
|
||||||
|
|
||||||
@mark.parametrize(
|
@mark.parametrize(
|
||||||
|
|||||||
7
wkd_sync/archlinux-keyring-wkd-sync
Executable file → Normal file
7
wkd_sync/archlinux-keyring-wkd-sync
Executable file → Normal file
@ -13,14 +13,11 @@
|
|||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
readonly main_key_domain_match="@master-key.archlinux.org$"
|
readonly main_key_domain_match="@condorbs.net$"
|
||||||
readonly packager_domain_match="@archlinux.org$"
|
readonly packager_domain_match="@condorbs.net$"
|
||||||
readonly homedir="$(pacman-conf GPGDir)"
|
readonly homedir="$(pacman-conf GPGDir)"
|
||||||
# fingerprints of keys with SHA-1 self-signatures (no longer used)
|
# fingerprints of keys with SHA-1 self-signatures (no longer used)
|
||||||
readonly invalid_fingerprints=(
|
readonly invalid_fingerprints=(
|
||||||
0F334D8698881578F65D2AE55ED514A45BD5C938 # djgera@archlinux.org
|
|
||||||
F4DDD6DDCEC320B665F502AAE8F18BA1615137BC # ibiru@archlinux.org
|
|
||||||
EA84EA00866F51FB10CD19AE426991CD8406FFF3 # ronald@archlinux.org
|
|
||||||
)
|
)
|
||||||
|
|
||||||
domain_match=""
|
domain_match=""
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user