This commit is contained in:
Kevin Muñoz 2024-04-29 11:02:40 -05:00
parent c9f1da7027
commit ea131e4bc1
No known key found for this signature in database
GPG Key ID: 3CA0B9DF1BE7CE09
13 changed files with 83 additions and 153 deletions

View File

@ -39,10 +39,10 @@ test:
coverage report --fail-under=100.0
build: $(SOURCES)
./keyringctl -v $(BUILD_DIR)
./keyringctl -v build
wkd: build
sq -f wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
sq -f network wkd generate -s $(WKD_BUILD_DIR)/ $(WKD_FQDN) $(BUILD_DIR)/$(KEYRING_FILE)
wkd_inspect: wkd
for file in $(WKD_BUILD_DIR)/.well-known/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect $$file; done

View File

@ -1,3 +0,0 @@
2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09:4:
597244DBEA52EC6EFE5F36A4FDD42A59FD43C07B:4:
9E646BB0630C8FD18ACD15541B93E6A766CD229D:4:

View File

@ -1,86 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZNlVYBYJKwYBBAHaRw8BAQdAqrHl4S2UIU1DVv75VVqxYWzMXIj6DUYOEdx5
9S54zibNO0tldmluIE11w7FveiAoQ2liZXJTZWN1cml0eSBFbmdpbmVlcikgPGtt
dW5vekBjb25kb3Jicy5uZXQ+wpAEExYIADgWIQQrnSK0HyrxBCv85zo8oLnfG+fO
CQUCZNlVYAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA8oLnfG+fOCS2Y
AP9NkmVFAljJiYFLtc7o1xB3xT/qtfJKw95khnhQFLqd5AEAsb5vlZ/bDvb56Yge
a+O/ar+qpq1q+cGvnUx2/OGPJg7CdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9
Q8B7BQJk9L04AAoJEP3UKln9Q8B7tsUBAI3bUgjtoc57+lpT+Nfa/JDfddLejElW
mZBITOnpHtT9AQDPBcKJwR4BXdPvXKYizEUq758weamJJK+YC/OHFQGHBM07S2V2
aW4gTXXDsW96IChDeWJlclNlY3VyaXR5IEVuZ2luZWVyKSA8a211bm96QGNvbmRv
cmJzLm5ldD7CwGYEExYIAM4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEW
IQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZOd3g0MUgAAAAAAQACpwcm9vZkBhcmlh
ZG5lLmlkaHR0cHM6Ly9tYXN0b2Rvbi5jZW50YXVyaWNvcmV4Lm5ldC9Aa211bm96
ThSAAAAAABAANXByb29mQGFyaWFkbmUuaWRodHRwczovL3QubWUvRXJyb3I0MDRI
YWNrZXJOb3RGb3VuZD9wcm9vZj1QZWxvY29uY2hhMwAKCRA8oLnfG+fOCTTjAP9f
6xcZSQeJ1uoudcekhEAs9aPZnfExnSWFC0agXDOV5QD/eqjVyUJGyyEPM9yiDOFv
Xuy7F54UKlzGeEEGAiJAcADCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7
BQJk9L0xAAoJEP3UKln9Q8B7VRoA/3W2b2yzRIw/jz6HKGrCKPBZ4YSFqDU0WHau
wcm9kkjrAQCsbcVMj1+nrYqLPqt2EaGoI0vL7HNqkDFtZBJ1sOXgA84zBGTZVm8W
CSsGAQQB2kcPAQEHQFdn0G+sy9PxbV67iR8YmLpVtAv0VXSR+bv7LXWeFwmqwngE
GBYIACAWIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNlWbwIbIAAKCRA8oLnfG+fO
CcclAP9vH93UilCUalYkdkg0IIimuOrYJAFE3PoYzM3Yfh9VSAD/b750y/y65soK
AhwaVWI0mD+2ktStLv5GQQVsD9aYqALOOARk2Va/EgorBgEEAZdVAQUBAQdARB6y
g2ApZUudIRWiTyl30XISWQZjXMMpeyJlpVhxNGQDAQgHwngEGBYIACAWIQQrnSK0
HyrxBCv85zo8oLnfG+fOCQUCZNlWvwIbDAAKCRA8oLnfG+fOCU8IAP43YS3bfntH
ouOiZk7UuxLbHeXQl6YkBTgO0W+uKTPtrwD8CBgI2PEDktTsoBkDQxKzGJRmCRwn
aK1yIipT/mwQEQ/GMwRk74e+FgkrBgEEAdpHDwEBB0DRmBzOdoNSNtQoyh3Q7VM8
DDPO3/Svh6UGE7Dsxtdbic0uIChDb25kb3JCUyBNYXN0ZXIgS2V5KSA8Y29udGFj
dG9AY29uZG9yYnMubmV0PsKQBBMWCAA4FiEEWXJE2+pS7G7+Xzak/dQqWf1DwHsF
AmTvh74CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/dQqWf1DwHsavAEA
nrULtiu3Y7DozXJrc3qig9nBfUmy5MrqCM0F4h0gvNABAPR+lv2nK1qj8RnXwv8W
W2DQ0Ay/hENwAqVyUE9x8kcGzjMEZO+KdRYJKwYBBAHaRw8BAQdAYbnrkxnt+czK
37JQ26fC0VrmdCfCSHn2xoECi99TBOHCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3U
Kln9Q8B7BQJk74p1AhsgAAoJEP3UKln9Q8B7gNkA/ROCE7kfkv47989kajklGJjP
hQwMbPvgsbE+nSAk740/AQC2RDCFK2O12nTpgLWlhgTmRdrUtMphW+nJGLJ/atGi
B844BGTvijUSCisGAQQBl1UBBQEBB0BZDz+DYUKdCrEn4YYk77LKruz8oExl0Iu0
Hh+M/lHeSQMBCAfCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk74o1
AhsMAAoJEP3UKln9Q8B79DUA/AyMo+fm7r+pzyJJk1uZWgTgSA4BhLpZNUBytVXu
sXp9AP9n6mXXMx8Ki4OIc7hmaUWN40vZ5e5kFkKT+VaERW7/DcaTBGTJlSETBSuB
BAAjBCMEADIOqFyLQXzfaJ/cY4mZbtdoCdbSyIeR/KG2AtYXXPHaeSPf69kg8jKH
Sq92AkWi57zva5MKCfBu2mNFl8o+Dv3NAL6LC5w71C6AXsUAelR7TJFnvboGwdHG
QeeBCSa/qXWiVIpjsmU9F90DJkkYUwa4gIZ1P55PSg34mRMjDG/LmRI5zVBKZXN1
cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5kIERldmVs
b3BlcikgPGpvcnRlZ2FAY29uZG9yYnMubmV0PsLAEwQTEwoAOBYhBJ5ka7BjDI/R
is0VVBuT5qdmzSKdBQJkyegfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EBuT5qdmzSKdD/wCCQHcb/w21KKkRkZ8HXBARcKmYtdv7/ivSBoC7L5jsgJZbiJ6
f2lhvMOojtRnK+7s+QoUPqgsDwXt3AUETYhN3udpXwII1I7xDut5yMAgoBEVDamm
g2aK5VWFJTRvyjtWyfAU+oiWCNq7o9dI7d0/BzkA+0foBNysntr90Do/Ie10gxdH
t2XCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk9MSHAAoJEP3UKln9
Q8B7Yu4A/212jMoLDU9SkO98vILe8pzsQWolKQNhGHI1iZz6DvS2AQC0poP2EsZV
jsTtLv4wfHdOE59zPuCn2ZNHOtn/80WzCcJ1BBAWCAAdFiEEK50itB8q8QQr/Oc6
PKC53xvnzgkFAmTamuwACgkQPKC53xvnzglqmQEA90Gox/7Wkf7qoT4ma7t8aPsp
bwot2bs2qC0mAjH1lIgBALgH7rJse0XLY8vJPdv966Aols9R4JsBrQF3wwAMYLgN
zVpKZXN1cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5k
IERldmVsb3BlcikgPG1hcnRpbi5vcnRlZ2EuYXJhc2hpQGdtYWlsLmNvbT7CwBME
ExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp0QIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRAbk+anZs0indBjAgkBGFbgUf7gtpK6pwkX4DcNWUAz
jjp6s2lRbHQhkat6I7nn0gr7Vgp0OUxeCJqDbpdVco0zZAauweEDBT350vF8LgUC
B07VsXWg9P0BIqWNepwV/Lj63Zf/ye/UExOXm716wI/tVn3FRGKsimSUnBg1wO1F
YxlJfjGswGeR2f7HTwTAubNNwnUEEBYIAB0WIQRZckTb6lLsbv5fNqT91CpZ/UPA
ewUCZPTEgQAKCRD91CpZ/UPAe0rYAQCl6lPg73DMmTeAUV1Uqi2nyMjNIefvEtUY
2uabv8FvMwD9FiFMI0yDbmocc/sYuHcQqZhxzBJDlOYymnjw9OAv+QPCdQQQFggA
HRYhBCudIrQfKvEEK/znOjygud8b584JBQJk2prsAAoJEDygud8b584JLUsA/jgR
XXhniU635eJUVTOYG6OrrSbj9u9ONsHvu0P0u816AQCN5SQ+iLcm0fFYEwodwkPT
sudZLSGqt2U/EWX12nlTCM1ZSmVzdXMgTWFydGluIE9ydGVnYSBNYXJ0aW5leiAo
U3lzYWRtaW4vQmFja2VuZCBEZXZlbG9wZXIpIDxtYXJ0aW5vcnRlZ2FAY2llbmNp
YXMudW5hbS5teD7CwBQEExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp
fwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAbk+anZs0inZqDAgkByLGd
+av82alglrShLrBgHrX2l6STeAzN4toFfdVdse6zen8o89wEirQ1uMZ7pXulzAdb
ap30irjfMf8u0YMJWdgCCQEK/0TNGltdCsw21zd8eJH+9sJEh4/gtWdBhxMiYWHv
6euWavTUWXiDLggwQXTJ2kUzDBMt0DXwKmNVYnKxos+iB8J1BBAWCAAdFiEEWXJE
2+pS7G7+Xzak/dQqWf1DwHsFAmT0xIgACgkQ/dQqWf1DwHsBCAEA9U7+hsnnIAPC
L3hR3xlUbrP4QoAKEnODzDMliNecqckBAPhTZWbJrnhrpZH7JDKcDJqfwZFWItz7
QY2thvcjUYIHwnUEEBYIAB0WIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNqa7AAK
CRA8oLnfG+fOCS0rAQCJXdLjaSluAAs2/llUmSyNMEiHrewhW/1xMGT+flLeJwD+
IbKRpqVSnxdv1Zf1l7V4twaNTR9Szn+y79/iAXKi3QrOlwRkyZUhEgUrgQQAIwQj
BAG1EFibPYiRvzU2DYNDW819tK896ACcEaB4Fdyk3+iWQI/L9mWScptx+XcgpByU
UWLn47Gf3ACXtyNSIQnYjmHBegAbPkHv6yP5hwWr6uDRhxepZm2DOq0dcSW8HxwW
5rVeVVfn97yeWUUiZKxajL5LHTF+TCemfqOSy9sAJFYAKm4HxgMBCgnCuwQYEwoA
IBYhBJ5ka7BjDI/Ris0VVBuT5qdmzSKdBQJkyZUhAhsMAAoJEBuT5qdmzSKdQ7oC
CIYeYcvDgfp7jFeoh5qAi85gZhlaOncvh+WCiA5R637TjM9XQaIfhoRuiM+VL1CC
Kzq7NWx2S+DZpNWVPWY2vChaAgkBJC6GG5u2gq8zU6o84ThaDd0kZe3jfmhg8O8K
13tpOV6ovOjgK7kCtILqYsnW7RmZ4YEhfYUJtuhIe7CkI1xrpo0=
=N+0o
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,11 +1,15 @@
-----BEGIN PGP SIGNATURE-----
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
xnhBBgIiQHAA
=kX0Z
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
C54282BJtgI=
=Ak/D
-----END PGP SIGNATURE-----

View File

@ -1,11 +1,15 @@
-----BEGIN PGP SIGNATURE-----
wsBmBBMWCADOAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEEK50itB8q
8QQr/Oc6PKC53xvnzgkFAmTnd4NDFIAAAAAAEAAqcHJvb2ZAYXJpYWRuZS5pZGh0
dHBzOi8vbWFzdG9kb24uY2VudGF1cmljb3JleC5uZXQvQGttdW5vek4UgAAAAAAQ
ADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2VyTm90
Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTMACgkQPKC53xvnzgk04wD/X+sXGUkHidbq
LnXHpIRALPWj2Z3xMZ0lhQtGoFwzleUA/3qo1clCRsshDzPcogzhb17suxeeFCpc
xnhBBgIiQHAA
=kX0Z
wsElBBMWCAGNAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheATRSAAAAAABAANHBy
b29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjoyQjlEMjJCNDFGMkFGMTA0MkJGQ0U3
M0EzQ0EwQjlERjFCRTdDRTA5NhSAAAAAABAAHXByb29mQGFyaWFkbmUuaWRkbnM6
YXVyLmNvbmRvcmJzLm5ldD90eXBlPVRYVEEUgAAAAAAQAChwcm9vZkBhcmlhZG5l
LmlkaHR0cHM6Ly9zb2NpYWwuZ2FydWRhbGludXgub3JnL0BtcmhhY2tlck4UgAAA
AAAQADVwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly90Lm1lL0Vycm9yNDA0SGFja2Vy
Tm90Rm91bmQ/cHJvb2Y9UGVsb2NvbmNoYTM7FIAAAAAAEAAicHJvb2ZAYXJpYWRu
ZS5pZGRuczphdXIuY2VudGF1cmljb3JleC5uZXQ/dHlwZT1UWFQWIQQrnSK0Hyrx
BCv85zo8oLnfG+fOCQUCZiMHLwIZAQAKCRA8oLnfG+fOCSWZAP460yI0bFLSXXLd
vPLmazR8M7N0G0eQBPypqfOy3TuzjQD8D+9uzIJGEW+wjC4AeoW9PqLuC7jokdeR
C54282BJtgI=
=Ak/D
-----END PGP SIGNATURE-----

View File

@ -1,6 +1,8 @@
# SPDX-License-Identifier: GPL-3.0-or-later
from collections import defaultdict
from enum import Enum
from enum import unique
from itertools import chain
from logging import debug
from logging import error
@ -50,6 +52,18 @@ from .util import transform_fd_to_tmpfile
PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S"
@unique
class PacketType(Enum):
"""All understood OpenPGP packet types and the file endings as output by `sq packet split`"""
PUBLIC_KEY = "Public-Key Packet"
USER_ID = "User ID Packet"
USER_ATTRIBUTE = "User Attribute Packet"
PUBLIC_SUBKEY = "Public-Subkey Packet"
SECRET_KEY = "Secret-Key Packet"
SIGNATURE = "Signature Packet"
def is_pgp_fingerprint(string: str) -> bool:
"""Returns whether the passed string looks like a PGP (long) fingerprint
@ -375,14 +389,14 @@ def convert_certificate(
for packet in packet_split(working_dir=working_dir, certificate=certificate):
debug(f"Processing packet {packet.name}")
if packet.name.endswith("--PublicKey"):
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
current_packet_mode = "pubkey"
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
current_packet_uid = None
certificate_fingerprint = current_packet_fingerprint
pubkey = packet
elif packet.name.endswith("--UserID"):
elif packet.name.endswith(PacketType.USER_ID.value):
current_packet_mode = "uid"
current_packet_fingerprint = None
current_packet_uid = Uid(packet_dump_field(packet, "Value"))
@ -392,17 +406,17 @@ def convert_certificate(
f"Duplicate User ID {current_packet_uid} used in packet {uids[current_packet_uid]} and {packet}"
)
uids[current_packet_uid] = packet
elif packet.name.endswith("UserAttribute"):
elif packet.name.endswith(PacketType.USER_ATTRIBUTE.value):
current_packet_mode = "uattr"
current_packet_fingerprint = None
current_packet_uid = None
elif packet.name.endswith("--PublicSubkey"):
elif packet.name.endswith(PacketType.PUBLIC_SUBKEY.value):
current_packet_mode = "subkey"
current_packet_fingerprint = Fingerprint(packet_dump_field(packet, "Fingerprint"))
current_packet_uid = None
subkeys[current_packet_fingerprint] = packet
elif packet.name.endswith("--SecretKey"):
elif packet.name.endswith(PacketType.SECRET_KEY.value):
error(
"\n###################################################################\n"
"Do not ever process your private key file!\n"
@ -410,7 +424,7 @@ def convert_certificate(
"###################################################################"
)
raise Exception("Secret key detected, aborting")
elif packet.name.endswith("--Signature"):
elif packet.name.endswith(PacketType.SIGNATURE.value):
convert_signature_packet(
packet=packet,
current_packet_mode=current_packet_mode,
@ -953,7 +967,7 @@ def get_fingerprints_from_keyring_files(working_dir: Path, source: Iterable[Path
for key in keys:
for certificate in keyring_split(working_dir=working_dir, keyring=key, preserve_filename=True):
for packet in packet_split(working_dir=working_dir, certificate=certificate):
if packet.name.endswith("--PublicKey"):
if packet.name.endswith(PacketType.PUBLIC_KEY.value):
fingerprints[Fingerprint(packet_dump_field(packet, "Fingerprint"))] = Username(certificate.stem)
debug(f"Fingerprints of PGP public keys in {source}: {fingerprints}")
@ -1133,19 +1147,19 @@ def build(
target_dir.mkdir(parents=True, exist_ok=True)
target_dir.touch()
keyring: Path = target_dir / Path("archlinux.gpg")
keyring: Path = target_dir / Path("condorcore.gpg")
export(working_dir=working_dir, keyring_root=keyring_root, output=keyring)
trusted_main_keys = export_ownertrust(
certs=[keyring_root / "main"],
keyring_root=keyring_root,
output=target_dir / "archlinux-trusted",
output=target_dir / "condorcore-trusted",
)
export_revoked(
certs=[keyring_root],
keyring_root=keyring_root,
main_keys=set(trusted_main_keys),
output=target_dir / "archlinux-revoked",
output=target_dir / "condorcore-revoked",
)

View File

@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa
keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute()
with cwd(keyring_dir):
system(["sq", "keyring", "split", "--prefix", "", str(keyring)])
system(["sq", "toolbox", "keyring", "split", str(keyring)])
keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir()))
@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force
The result if no output file has been used
"""
cmd = ["sq", "keyring", "merge"]
cmd = ["sq", "toolbox", "keyring", "merge"]
if force:
cmd.insert(1, "--force")
if output:
@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]:
packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute()
with cwd(packet_dir):
system(["sq", "packet", "split", "--prefix", "", str(certificate)])
system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)])
return natural_sort_path(packet_dir.iterdir())
@ -121,7 +121,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool
The result if no output file has been used
"""
cmd = ["sq", "packet", "join"]
cmd = ["sq", "toolbox", "packet", "join"]
if force:
cmd.insert(1, "--force")
packets_str = list(map(lambda path: str(path), packets))
@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str:
The contents of the packet dump
"""
return system(["sq", "packet", "dump", str(packet)])
return system(["sq", "toolbox", "packet", "dump", str(packet)])
def packet_dump_field(packet: Path, query: str) -> str:
@ -336,7 +336,7 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str:
The result of the extract in case output is None
"""
cmd = ["sq", "key", "extract-cert", str(key)]
cmd = ["sq", "toolbox", "extract-cert", str(key)]
if output:
cmd.extend(["--output", str(output)])
return system(cmd)
@ -357,7 +357,7 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s
The result of the certification in case output is None
"""
cmd = ["sq", "certify", str(key), str(certificate), uid]
cmd = ["sq", "pki", "certify", str(key), str(certificate), uid]
if output:
cmd.extend(["--output", str(output)])
return system(cmd)

View File

@ -202,15 +202,15 @@ def trust_icon(trust: Trust) -> str:
-------
The single character icon representing the passed trust status
"""
if trust == Trust.revoked:
return ""
if trust == Trust.unknown:
return "~"
if trust == Trust.marginal:
return "~"
if trust == Trust.full:
return ""
return "?"
icon = "?"
match trust:
case Trust.revoked:
icon = ""
case Trust.unknown | Trust.marginal:
icon = "~"
case Trust.full:
icon = ""
return icon
def trust_color(trust: Trust) -> Color:

View File

@ -68,10 +68,10 @@ def verify( # noqa: ignore=C901
)
if lint_hokey:
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
keyring_fd = Popen(("sq", "toolbox", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
if lint_sq_keyring:
print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
print(system(["sq", "cert", "lint", f"{str(keyring_path)}"]), end="")
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901

View File

@ -409,12 +409,12 @@ def test_convert_signature_packet(
(
Path("foo.asc"),
[
Path("--PublicKey"),
Path("--Signature"),
Path("--UserID"),
Path("--UserAttribute"),
Path("--PublicSubkey"),
Path("--Signature"),
Path(keyring.PacketType.PUBLIC_KEY.value),
Path(keyring.PacketType.SIGNATURE.value),
Path(keyring.PacketType.USER_ID.value),
Path(keyring.PacketType.USER_ATTRIBUTE.value),
Path(keyring.PacketType.PUBLIC_SUBKEY.value),
Path(keyring.PacketType.SIGNATURE.value),
],
[
"".join(choice("ABCDEF" + digits) for _ in range(40)),
@ -427,10 +427,10 @@ def test_convert_signature_packet(
(
Path("foo.asc"),
[
Path("--PublicKey"),
Path("--Signature"),
Path("--UserID"),
Path("--UserID"),
Path(keyring.PacketType.PUBLIC_KEY.value),
Path(keyring.PacketType.SIGNATURE.value),
Path(keyring.PacketType.USER_ID.value),
Path(keyring.PacketType.USER_ID.value),
],
[
"".join(choice("ABCDEF" + digits) for _ in range(40)),
@ -443,7 +443,7 @@ def test_convert_signature_packet(
(
Path("foo.asc"),
[
Path("--SecretKey"),
Path(keyring.PacketType.SECRET_KEY.value),
],
[],
None,
@ -461,7 +461,7 @@ def test_convert_signature_packet(
(
Path("foo.asc"),
[
Path("--PublicKey"),
Path(keyring.PacketType.PUBLIC_KEY.value),
],
[
None,

View File

@ -166,7 +166,7 @@ def test_inspect(
def test_packet_dump(system_mock: Mock) -> None:
system_mock.return_value = "return"
assert sequoia.packet_dump(packet=Path("packet")) == "return"
system_mock.called_once_with(["sq", "packet", "dump", "packet"])
system_mock.assert_called_once_with(["sq", "toolbox", "packet", "dump", "packet"])
@mark.parametrize(

7
wkd_sync/archlinux-keyring-wkd-sync Executable file → Normal file
View File

@ -13,14 +13,11 @@
set -eu
readonly main_key_domain_match="@master-key.archlinux.org$"
readonly packager_domain_match="@archlinux.org$"
readonly main_key_domain_match="@condorbs.net$"
readonly packager_domain_match="@condorbs.net$"
readonly homedir="$(pacman-conf GPGDir)"
# fingerprints of keys with SHA-1 self-signatures (no longer used)
readonly invalid_fingerprints=(
0F334D8698881578F65D2AE55ED514A45BD5C938 # djgera@archlinux.org
F4DDD6DDCEC320B665F502AAE8F18BA1615137BC # ibiru@archlinux.org
EA84EA00866F51FB10CD19AE426991CD8406FFF3 # ronald@archlinux.org
)
domain_match=""