Commit Graph

526 Commits

Author SHA1 Message Date
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00
David Runge
7f7c2f13f0
keyringctl: Deal with multi-certificate per user files
keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
2021-11-30 22:54:05 +01:00
David Runge
cb8e827112
keyringctl: Copy files instead of moving them
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
2021-11-30 22:54:05 +01:00
David Runge
a5be572136
keyringctl: Derive output dir from file and allow override
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.

Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.

Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
2021-11-30 22:54:05 +01:00
David Runge
40761f44a7
keyringctl: Add handling of KeyRevocations
keyringctl:
Change `persist_direct_sigs()` to track a sig_type parameter in its
signature so that the output directory of the direct signatures can be
altered.
Change `convert_certificate()` to set a `direct_revocations` variable,
that is used to track KeyRevocations for root keys. Extend the logic to
make use of `add_packet_to_direct_sigs()` to set a list of
KeyRevocations for a given root key. Eventually call
`persist_direct_sigs()` with `direct_revocations` and a custom
`sig_type` to persist the revocation certificates.
2021-11-30 22:54:05 +01:00
David Runge
a77b334859
keyringctl: Persist direct signatures generically
keyringctl:
Rename `persist_direct_keys()` to `persist_direct_sigs()` as it is now
not only handling the persistence of DirectKeys but also *Certifications
directly on a root key (those without an explicit User ID).
Add inline function `add_packet_to_direct_sigs()` to
`convert_certificate()` to generically add direct signatures on a root
key, grouped by issuer.
Change `convert_certificate()` to add Certifications on a root key
(without a specified User ID) to the list of direct_sigs, so that they
are persisted alongside any existing DirectKeys.
Remove breakpoints from `persist_certifications()` as they are no longer
reached. The function is now solely used for Certifications on User IDs.
2021-11-30 22:54:05 +01:00
David Runge
0d32d2f00a
keyringctl: Dedicated functions for writing to file
keyringctl:
Add `persist_basic_key()`, `persist_direct_keys()`,
`persist_certifications()` and `persist_revocations()` to allow for
dedicated writing of basic key material, direct key signatures,
per UID certificates and per UID revocations (respectively).
Change `convert_certificate()` to call the new dedicated write functions
instead of implementing the functionality.
Change `convert_certificate()` to raise on missing current_packet_key
when trying to work on signature files (this is unlikely to occur,
unless the input data is somehow broken, but it keeps the linter happy).
Change `convert_certificate()` to handle direct_keys by issuer on a
given root key (DirectKey signatures by the same issuer are combined).
Change the argparse subparser for the 'convert' command to include a
help text.
2021-11-30 22:54:05 +01:00
Levente Polyak
f626e40b84
feature(keyringctl): add tool to work with key data 2021-11-30 22:54:05 +01:00
Levente Polyak
4116f94fbb
feature(editorconfig): add standard python settings 2021-11-30 22:53:57 +01:00
David Runge
4967abcb0c
Merge remote-tracking branch 'origin/key_update'
* origin/key_update:
  Update keyring
2021-11-30 00:21:13 +01:00
David Runge
0271f6121f
Update keyring
Update the archlinux keyring and the packager keys.
2021-11-30 00:18:53 +01:00
David Runge
77a72765b1
Merge remote-tracking branch 'origin/packager_key_mtorromeo'
* origin/packager_key_mtorromeo:
  Add new packager key of Massimiliano Torromeo (mtorromeo)
2021-11-30 00:10:38 +01:00
Massimiliano Torromeo
b8726b2498
Add new packager key of Massimiliano Torromeo (mtorromeo) 2021-11-30 00:07:40 +01:00
David Runge
75b2957f4a
Merge remote-tracking branch 'dbermond/dbermond-new-key'
* dbermond/dbermond-new-key:
  Add new packager key for Daniel Bermond
2021-11-29 17:25:45 +01:00
Daniel Bermond
b9d4aaf8d9 Add new packager key for Daniel Bermond 2021-11-29 16:24:50 +00:00
David Runge
f50472b9e3
Merge remote-tracking branch 'wild/wild-newkey'
* wild/wild-newkey:
  Add packager key for wild
2021-11-29 17:24:26 +01:00
Dan Printzell
d20e6a9f83 Add packager key for wild
Signed-off-by: Dan Printzell <wild@archlinux.org>
2021-11-29 16:23:44 +00:00
David Runge
e21943f9b6
Merge remote-tracking branch 'idevolder/hotfix/new-ike.devolder.archlinux.org-key'
* idevolder/hotfix/new-ike.devolder.archlinux.org-key:
  add new archlinux.org gpg key for Ike
2021-11-29 17:23:05 +01:00
Ike Devolder
cb5fb8705b add new archlinux.org gpg key for Ike 2021-11-29 16:22:10 +00:00
David Runge
5121c2d628
Merge remote-tracking branch 'juergen/new-gpg-key'
* juergen/new-gpg-key:
  add new archlinux.org gpg key for juergen
2021-11-29 17:21:49 +01:00
Jürgen Hötzel
161c70dfc3 add new archlinux.org gpg key for juergen 2021-11-29 16:21:03 +00:00
David Runge
5187908235
Merge remote-tracking branch 'xyne/xyne-add_gpg_key'
* xyne/xyne-add_gpg_key:
  Add new PGP key ID for Xyne.
2021-11-29 17:19:32 +01:00
Xyne
99f56df063 Add new PGP key ID for Xyne. 2021-11-29 16:16:28 +00:00
David Runge
703ce130f1
Merge remote-tracking branch 'escondida/escondida-new-key'
* escondida/escondida-new-key:
  add new key for escondida
2021-11-29 17:16:03 +01:00
Ivy Foster
a5c3b6b02f add new key for escondida 2021-11-29 15:59:29 +00:00
David Runge
61e39d7dfe
Merge remote-tracking branch 'maximbaz/maximbaz-master-patch-40138'
* maximbaz/maximbaz-master-patch-40138:
  Add packager key for maximbaz
2021-11-29 16:58:28 +01:00
Maxim Baz
d6518575d5 Add packager key for maximbaz 2021-11-29 15:54:01 +00:00
David Runge
94cc605d0b
Merge remote-tracking branch 'spupykin/master'
* spupykin/master:
  add new packager key id for spupykin
2021-11-29 16:48:50 +01:00
Sergej Pupykin
596ffb428b add new packager key id for spupykin 2021-11-29 15:47:36 +00:00
David Runge
bae7359ee6
Merge remote-tracking branch 'muflone/master'
Add a new key for muflone.

* muflone/master:
  Added new key for muflone
2021-11-29 16:45:14 +01:00
Muflone
ef9bf94435 Added new key for muflone 2021-11-28 11:49:12 +01:00
Christian Hesse
eef34e85a2
Prepare release 2021-10-28 11:59:05 +02:00
Christian Hesse
e7b1576300
Update keyring
... and collect latest changes.
2021-10-28 11:57:12 +02:00
Christian Hesse
f2f428ff1e
Update keyring
... and collect latest changes.
2021-10-25 13:33:30 +02:00
Christian Hesse
c325a25de5
Prepare release 2021-09-02 22:08:43 +02:00
Christian Hesse
7fc9403560
Update keyring
... and collect latest changes, including key for alex19ep.
2021-09-02 22:07:09 +02:00
David Runge
85b9ed4247
Add packager key ID for alex19ep
packager-keyids:
Add 6C7F7F22E0152A6FD5728592DAD6F3056C897266 as PGP key ID for alex19ep.
2021-09-02 22:02:17 +02:00
Christian Hesse
ad65524ec2
Prepare release 2021-08-20 09:07:31 +02:00
Christian Hesse
01609606b3
Update keyring
... and add new key of Morgan Adamiec (morganamilo).
2021-08-20 08:30:08 +02:00
Christian Hesse
23b36990f8
new key of Morgan Adamiec (morganamilo)
https://lists.archlinux.org/pipermail/aur-general/2021-June/036337.html
2021-08-20 07:50:25 +02:00
Christian Hesse
e3ab3cf2f6
Prepare release 2021-08-18 23:59:07 +02:00
Christian Hesse
5d392d8e84
Update keyring
... and collect latest changes.
2021-08-18 23:52:26 +02:00
Christian Hesse
4c7229bb49
removal of Alad Wenter (alad)
https://lists.archlinux.org/pipermail/aur-general/2021-August/036501.html
2021-08-18 23:39:08 +02:00
Christian Hesse
21f4e63d40
removal of Andrzej Giniewicz (aginiewicz)
https://lists.archlinux.org/pipermail/arch-dev-public/2021-May/030445.html
https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/16
2021-08-18 23:37:54 +02:00
Bruno Pagani
1e97f5193a new key of Caleb Maclennan (alerque)
https://lists.archlinux.org/pipermail/aur-general/2021-June/036321.html
2021-08-18 21:18:18 +00:00
Bruno Pagani
42144ade00
packagers-keyids: fix my handle 2021-08-18 22:27:46 +02:00
Christian Hesse
8836013ea3 Update merge request templates
Merging these makes sense before closing the related issue. So add a
reference, but to not close automatically.
2021-08-18 17:00:51 +00:00