Commit Graph

67 Commits

Author SHA1 Message Date
Levente Polyak
aa934d5ff5
chore(keyringctl): declare missing type hinting for cwd 2021-11-30 22:54:07 +01:00
Levente Polyak
04008da268
fix(keyringctl): do not line break before operators
This is a lot easier to read and also fixes a style warning python
issues.
2021-11-30 22:54:06 +01:00
Levente Polyak
4e98585232
feature(keyringctl): use prefixed temp dirs for easier recognition
It makes sense to prefix the temp directories so they can be identified
more easily to which application they belong to or what they may
contain.
2021-11-30 22:54:06 +01:00
Levente Polyak
a0199b0b04
fix(keyringctl): restore cwd before deleting the temporary working dir
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
2021-11-30 22:54:06 +01:00
Levente Polyak
92f07f0d4b
feature(keyringctl): use sq to split a keyring into individual certificates
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.

Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
2021-11-30 22:54:06 +01:00
David Runge
5170319717
keyringctl: Add documentation to all functions
keyringctl:
Add documentation to all functions.
Change the inlined functions `convert()` and `alphanum_key()` in
`natural_sort_path()` to rely on type Union[int, str] instead of type
Any.
Change `convert_certificate()` to derive the username using the stem of
the provided certificate.
2021-11-30 22:54:06 +01:00
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00
David Runge
7f7c2f13f0
keyringctl: Deal with multi-certificate per user files
keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
2021-11-30 22:54:05 +01:00
David Runge
cb8e827112
keyringctl: Copy files instead of moving them
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
2021-11-30 22:54:05 +01:00
David Runge
a5be572136
keyringctl: Derive output dir from file and allow override
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.

Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.

Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
2021-11-30 22:54:05 +01:00
David Runge
40761f44a7
keyringctl: Add handling of KeyRevocations
keyringctl:
Change `persist_direct_sigs()` to track a sig_type parameter in its
signature so that the output directory of the direct signatures can be
altered.
Change `convert_certificate()` to set a `direct_revocations` variable,
that is used to track KeyRevocations for root keys. Extend the logic to
make use of `add_packet_to_direct_sigs()` to set a list of
KeyRevocations for a given root key. Eventually call
`persist_direct_sigs()` with `direct_revocations` and a custom
`sig_type` to persist the revocation certificates.
2021-11-30 22:54:05 +01:00
David Runge
a77b334859
keyringctl: Persist direct signatures generically
keyringctl:
Rename `persist_direct_keys()` to `persist_direct_sigs()` as it is now
not only handling the persistence of DirectKeys but also *Certifications
directly on a root key (those without an explicit User ID).
Add inline function `add_packet_to_direct_sigs()` to
`convert_certificate()` to generically add direct signatures on a root
key, grouped by issuer.
Change `convert_certificate()` to add Certifications on a root key
(without a specified User ID) to the list of direct_sigs, so that they
are persisted alongside any existing DirectKeys.
Remove breakpoints from `persist_certifications()` as they are no longer
reached. The function is now solely used for Certifications on User IDs.
2021-11-30 22:54:05 +01:00
David Runge
0d32d2f00a
keyringctl: Dedicated functions for writing to file
keyringctl:
Add `persist_basic_key()`, `persist_direct_keys()`,
`persist_certifications()` and `persist_revocations()` to allow for
dedicated writing of basic key material, direct key signatures,
per UID certificates and per UID revocations (respectively).
Change `convert_certificate()` to call the new dedicated write functions
instead of implementing the functionality.
Change `convert_certificate()` to raise on missing current_packet_key
when trying to work on signature files (this is unlikely to occur,
unless the input data is somehow broken, but it keeps the linter happy).
Change `convert_certificate()` to handle direct_keys by issuer on a
given root key (DirectKey signatures by the same issuer are combined).
Change the argparse subparser for the 'convert' command to include a
help text.
2021-11-30 22:54:05 +01:00
Levente Polyak
f626e40b84
feature(keyringctl): add tool to work with key data 2021-11-30 22:54:05 +01:00