Commit Graph

25 Commits

Author SHA1 Message Date
Levente Polyak
4821087b2b
feature(keyringctl): mark main keys bold during inspect highlight 2021-11-30 22:54:17 +01:00
Levente Polyak
b32c37bec1
feature(keyringctl): raise exception on duplicate uid data 2021-11-30 22:54:17 +01:00
Levente Polyak
b653edfcdc
feature(keyringctl): add trust and colors to inspect output 2021-11-30 22:54:17 +01:00
Levente Polyak
c651bdc61e
feature(keyringctl): add option to filter listing by trust 2021-11-30 22:54:17 +01:00
Levente Polyak
e9dc04df32
feature(keyringctl): split direct key packets into own directory 2021-11-30 22:54:16 +01:00
David Runge
e43a28f4a7
Simplify libkeyringctl.keyring.convert_certificate
libkeyringctl/keyring.py:
Simplify `convert_certificate()` by splitting out the conversion of
signature packets to `convert_signature_packet()` and the persistence of
packet material to `persist_key_material()`.
Add `convert_pubkey_signature_packet()`,
`convert_uid_signature_packet()` and
`convert_subkey_signature_packet()` to deal with the conversion of
public key signatures, UID signatures and subkey signatures
(respectively).

tests/test_keyring.py:
Add tests for `convert_certificate()`, `convert_signature_packet()`,
`convert_{pubkey,uid,subkey}_signature_packet()` and
`persist_subkey_revocations()`.
2021-11-30 22:54:16 +01:00
David Runge
743d2bb3bb
Add tests for introspection and export
libkeyringctl/keyring.py:
Change `get_packets_from_path()` to use full conditional statements
which is easier to cover in tests.

tests/test_keyring.py:
Add simple tests for `get_packets_from_path()`,
`get_packets_from_listing()`, `export()` and `build()`.
2021-11-30 22:54:16 +01:00
Levente Polyak
8689995b69
feature(keyringctl): yell and abort if processing private key data 2021-11-30 22:54:16 +01:00
Levente Polyak
5a83a7b6c1
feature(keyringctl): skip user attribute packets as none relevant 2021-11-30 22:54:16 +01:00
Levente Polyak
bce5bc550e
feature(keyringctl): rework str simplification for printable uids 2021-11-30 22:54:16 +01:00
Levente Polyak
9741ada9ef
fix(keyringctl): put subkey revocations into the correct subkey dirs 2021-11-30 22:54:15 +01:00
Levente Polyak
e55042e45b
feature(keyringctl): verify file structure integrity and packets
This moves all verify code to an own module and adds support to check
all packet files in the structure for integrity. This is done by parsing
assumptions like packet kind, type, issuer and location etc.
2021-11-30 22:54:15 +01:00
Levente Polyak
d9e9453d84
feature(keyringctl): write all packet files with full issuer fingerprint
This avoids collision between same issuer using key-id and full
fingerprint in different versions of a packet, like signature.
2021-11-30 22:54:15 +01:00
Levente Polyak
cd585f4be2
chore(keyringctl): increase test coverage and fix trust expectations 2021-11-30 22:54:14 +01:00
Levente Polyak
86eb172ac3
chore(keyringctl): add missing type annotations for tests 2021-11-30 22:54:14 +01:00
Levente Polyak
0ca74e243b
feature(keyringctl): adding basic infrastructure for running tests 2021-11-30 22:54:13 +01:00
Levente Polyak
8ba7dc1dc9
feature(keyringctl): acquire trust status from key assumptions
Rework the whole trust handling by acquiring the trust status from
actual assumptions related to the amount of ownertrust signatures and
revocations.
2021-11-30 22:54:13 +01:00
Levente Polyak
26c7027660
feature(keyringctl): support importing from a piped fd
This feature allows to import from a piped fd like:
> ./keyringctl import --name foobar <(gpg --export foo@bar)

We achieve this even with hidepid by taking the naive approach of
copying the processes fd source to a tempfile and pass around latter.
2021-11-30 22:54:13 +01:00
Levente Polyak
2384d0337b
fix(keyringctl): resolve cert dir per fingerprint and not parent user 2021-11-30 22:54:13 +01:00
Levente Polyak
03d5899f87
fix(keyring): use a single applied revocation to declare a key revoked
Otherwise the PGP trust and revocation status file will not match our
expectations. A single applied revocation to this directory structure
should be checked either way.

We can later create TODO's to have at least two revocations for the keys
that would otherwise be still trusted and then change this value.
2021-11-30 22:54:13 +01:00
Levente Polyak
878752dc13
fix(keyringctl): avoid leaking unclosed file descriptors 2021-11-30 22:54:13 +01:00
Levente Polyak
a9e63edfa8
feature(keyringctl): adding ci command to verify newly added certs
Currently only newly added certificates will be checked against the
expectations as existing keys are not all fully compatible with those
assumptions.  New certificates are determined by using
$CI_MERGE_REQUEST_DIFF_BASE_SHA as the base,
2021-11-30 22:54:12 +01:00
Levente Polyak
9733fbafd8
feature(keyringctl): add verify command to check certificate expectation
This command checks certain expectations using sq and hokey, prints the
results to stdout and potentially exists non successfully.
2021-11-30 22:54:12 +01:00
Levente Polyak
94c3b4c8e9
fix(keyrinctl): yield file not found errors instead of blocking on stdin
Handle missing or wrong certificate paths in a way that does not lead to
a blocking command by reading from stdin. Instead throw either file not
found errors or expect optional outputs.
2021-11-30 22:54:12 +01:00
Levente Polyak
58307c629d
chore(keyringctl): modularize the code for overview and testing 2021-11-30 22:54:12 +01:00