Merge branch 'dvzrv/sequoia_changes' into 'master'

Adapt to changes in sequoia-sq 0.31.0.

See merge request archlinux/archlinux-keyring!231
This commit is contained in:
David Runge 2023-07-09 13:59:36 +00:00
commit fa57ba2528
5 changed files with 7 additions and 8 deletions

View File

@ -24,12 +24,11 @@ Build:
Runtime:
* python
* sequoia-sq
* sequoia-sq >= 0.31.0
Optional:
* hopenpgp-tools (verify)
* sq-keyring-linter (verify)
* git (ci)
## Usage

View File

@ -10,7 +10,7 @@ from .verify import verify
def ci(working_dir: Path, keyring_root: Path, project_root: Path) -> None:
"""Verify certificates against modern expectations using sq-keyring-linter and hokey
"""Verify certificates against modern expectations using `sq keyring lint` and hokey
Currently only newly added certificates will be checked against the expectations as existing
keys are not all fully compatible with those assumptions.

View File

@ -118,7 +118,7 @@ verify_parser.add_argument(
)
verify_parser.add_argument("--no-lint-hokey", dest="lint_hokey", action="store_false", help="Do not run hokey lint")
verify_parser.add_argument(
"--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq-keyring-linter"
"--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq keyring lint"
)
verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True)

View File

@ -319,7 +319,7 @@ def key_generate(uids: List[Uid], outfile: Path) -> str:
cmd = ["sq", "key", "generate"]
for uid in uids:
cmd.extend(["--userid", str(uid)])
cmd.extend(["--export", str(outfile)])
cmd.extend(["--output", str(outfile)])
return system(cmd)

View File

@ -29,7 +29,7 @@ def verify( # noqa: ignore=C901
lint_hokey: bool = True,
lint_sq_keyring: bool = True,
) -> None:
"""Verify certificates against modern expectations using sq-keyring-linter and hokey
"""Verify certificates against modern expectations using `sq keyring lint` and hokey
Parameters
----------
@ -38,7 +38,7 @@ def verify( # noqa: ignore=C901
sources: A list of username, fingerprint or directories from which to read PGP packet information
(defaults to `keyring_root`)
lint_hokey: Whether to run hokey lint
lint_sq_keyring: Whether to run sq-keyring-linter
lint_sq_keyring: Whether to run sq keyring lint
"""
if not sources:
@ -71,7 +71,7 @@ def verify( # noqa: ignore=C901
keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
if lint_sq_keyring:
print(system(["sq-keyring-linter", f"{str(keyring_path)}"]), end="")
print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901