Commit Graph

753 Commits

Author SHA1 Message Date
Levente Polyak
d0ea790c6a
fix(make): use proper dependency tracking for the build output
Declare the whole keyring data as well as the code as input dependency
for the build target. This way we can properly depend on the build
target for installation without forcing rebuilding on every invocation.

A rebuild will be triggered if either the keyring or the source code
creating the build output changes.

The directories are added to the source dependencies on purpose to
guarantee that changes like deleted files will result in a rebuild.

The mtime of the build directory is force updated on every run to allow
make to track the output artifacts mtime compared against the
dependencies.
2021-11-30 22:54:17 +01:00
Levente Polyak
0ceb6c743e
fix(keyringctl): avoid simplified uid collisions using a hash
Add a postfix hash of the raw uid data to the filenames to avoid
collisions with the simplified uid.
2021-11-30 22:54:17 +01:00
Levente Polyak
4821087b2b
feature(keyringctl): mark main keys bold during inspect highlight 2021-11-30 22:54:17 +01:00
Levente Polyak
b32c37bec1
feature(keyringctl): raise exception on duplicate uid data 2021-11-30 22:54:17 +01:00
Levente Polyak
b653edfcdc
feature(keyringctl): add trust and colors to inspect output 2021-11-30 22:54:17 +01:00
Levente Polyak
c651bdc61e
feature(keyringctl): add option to filter listing by trust 2021-11-30 22:54:17 +01:00
Levente Polyak
e9dc04df32
feature(keyringctl): split direct key packets into own directory 2021-11-30 22:54:16 +01:00
David Runge
31a49c89a3
Fail test target under 100% test coverage
Makefile:
Fail coverage report below 100% test coverage.
2021-11-30 22:54:16 +01:00
David Runge
e43a28f4a7
Simplify libkeyringctl.keyring.convert_certificate
libkeyringctl/keyring.py:
Simplify `convert_certificate()` by splitting out the conversion of
signature packets to `convert_signature_packet()` and the persistence of
packet material to `persist_key_material()`.
Add `convert_pubkey_signature_packet()`,
`convert_uid_signature_packet()` and
`convert_subkey_signature_packet()` to deal with the conversion of
public key signatures, UID signatures and subkey signatures
(respectively).

tests/test_keyring.py:
Add tests for `convert_certificate()`, `convert_signature_packet()`,
`convert_{pubkey,uid,subkey}_signature_packet()` and
`persist_subkey_revocations()`.
2021-11-30 22:54:16 +01:00
David Runge
bb30e3d2fd
Add tests for list and inspect functions
tests/test_keyring.py:
Add tests for `list_keyring()` and `inspect_keyring()`.
2021-11-30 22:54:16 +01:00
David Runge
743d2bb3bb
Add tests for introspection and export
libkeyringctl/keyring.py:
Change `get_packets_from_path()` to use full conditional statements
which is easier to cover in tests.

tests/test_keyring.py:
Add simple tests for `get_packets_from_path()`,
`get_packets_from_listing()`, `export()` and `build()`.
2021-11-30 22:54:16 +01:00
Levente Polyak
8689995b69
feature(keyringctl): yell and abort if processing private key data 2021-11-30 22:54:16 +01:00
Levente Polyak
5a83a7b6c1
feature(keyringctl): skip user attribute packets as none relevant 2021-11-30 22:54:16 +01:00
David Runge
3d8e88dfaf
Add tests for convert and export functionality
tests/test_keyring.py:
Add basic tests for `convert()`, `export_ownertrust()` and
`export_revoked()`.
2021-11-30 22:54:16 +01:00
Levente Polyak
e8fb9d17b3
chore(keyringctl): add test for simplify_ascii 2021-11-30 22:54:16 +01:00
Levente Polyak
83a345a1b8
feature(keyringctl): rework ci module to execute full lint for new certs 2021-11-30 22:54:16 +01:00
Levente Polyak
bce5bc550e
feature(keyringctl): rework str simplification for printable uids 2021-11-30 22:54:16 +01:00
Levente Polyak
2030de06a0
fix(keyringctl): set HOME, PATH, LANG required for hokey
This effectively requires en_US.UTF-8 to be an available lang, which is
a relative fair requirement and mandatory to set for hokey.
2021-11-30 22:54:15 +01:00
Levente Polyak
f74a1be1ac
chore(keyringctl): add integrity checks for binding/revocation sigs 2021-11-30 22:54:15 +01:00
Levente Polyak
9741ada9ef
fix(keyringctl): put subkey revocations into the correct subkey dirs 2021-11-30 22:54:15 +01:00
David Runge
17d27e2274
Add unit test for libkeyringctl.sequoia.packet_kinds
tests/test_sequoia.py:
Add unit test for libkeyringctl.sequoia.packet_kinds.
2021-11-30 22:54:15 +01:00
Levente Polyak
5f36beff90
feature(ci): run keyring integrity check if keyring or code changes 2021-11-30 22:54:15 +01:00
Levente Polyak
0456e9a5f8
fix(tests): use working dir via fixture instead of cluttering cwd 2021-11-30 22:54:15 +01:00
David Runge
ddf19a4362
Add first unit tests for libkeyringctl.keyring
tests/test_keyring.py:
Add tests for `is_pgp_fingerprint()`,
`transform_{fingerprint,username}_to_keyring_path()`,
`derive_username_from_fingerprint()` and get_fingerprints_from_paths()`.
2021-11-30 22:54:15 +01:00
David Runge
16bed8ac4a
Add fixtures for valid and invalid fingerprints
tests/conftest.py:
Add `valid_fingerprint()` and `valid_subkey_fingerprint()` fixtures to
produce a generic "valid" PGP fingerprint string.
Add the `invalid_fingerprint()` fixture to generate a set of "invalid"
fingerprint strings.
2021-11-30 22:54:15 +01:00
Levente Polyak
e42a895889
fix(keyringctl): add missing python-toml for coverage run 2021-11-30 22:54:15 +01:00
Levente Polyak
e55042e45b
feature(keyringctl): verify file structure integrity and packets
This moves all verify code to an own module and adds support to check
all packet files in the structure for integrity. This is done by parsing
assumptions like packet kind, type, issuer and location etc.
2021-11-30 22:54:15 +01:00
Levente Polyak
d9e9453d84
feature(keyringctl): write all packet files with full issuer fingerprint
This avoids collision between same issuer using key-id and full
fingerprint in different versions of a packet, like signature.
2021-11-30 22:54:15 +01:00
Levente Polyak
279765b22a
fix(keyringctl): fix system stderr case due to wrongly written test
CalledProcessError returns bytes for our invocations, the fix that
decoded bytes of stdout was purely to make the mocked test happy while
breaking the actual usage. Restore the behavior and fix the wrong mocked
data.
2021-11-30 22:54:14 +01:00
Levente Polyak
cd585f4be2
chore(keyringctl): increase test coverage and fix trust expectations 2021-11-30 22:54:14 +01:00
Levente Polyak
7513e71b3f
chore(keyringctl): add key revocation trust tests 2021-11-30 22:54:14 +01:00
David Runge
a25c267f26
Add more specific coverage configuration
pyproject.toml:
Set specific source for `toolscoverage.paths` (as we only provide one
module).
Set `tools.coverage.run.relative_files` to true (although it is still
bug riddled and does not seem to work as advertized in regards to xml
output: https://github.com/nedbat/coveragepy/issues/963,
https://github.com/nedbat/coveragepy/issues/1147).
Set `tool.coverage.xml.output`, so we don't have to provide it on the
commandline.

Makefile:
Do not provide an output file to the coverage xml call, as we do that in
configuration now.
2021-11-30 22:54:14 +01:00
Levente Polyak
86eb172ac3
chore(keyringctl): add missing type annotations for tests 2021-11-30 22:54:14 +01:00
Levente Polyak
c807a81a57
feature(ci): add testing and coverage data to gitlab ci artifacts 2021-11-30 22:54:14 +01:00
David Runge
b9bbe3f1d4
Also trigger tests and linting on changes to CI
.gitlab-ci.yml:
Also trigger tests and linting on changes to .gitlab-ci.yml.
2021-11-30 22:54:14 +01:00
David Runge
c75c3ee7ee
.gitignore: Add coverage and pycache
.gitignore:
Add .coverage and __pycache__ dirs to ignore.
2021-11-30 22:54:14 +01:00
David Runge
358e840f8f
Add unit tests for util functions
tests/test_util.py:
Add tests for `cwd()`, `natural_sort_path()`, `system()`,
`absolute_path()`, `transform_fd_to_tmpfile()`, `get_cert_paths()`,
`get_parent_cert_paths()` and `contains_fingerprint()`.
2021-11-30 22:54:14 +01:00
David Runge
c1f59488e5
Add unit tests for code calling sequoia
tests/test_sequoia.py:
Add unit tests for `keyring_split()`, `keyring_merge()`,
`packet_split()`, `packet_join()`, `inspect()`, `packet_dump()`,
`packet_dump_field()`, `packet_signature_creation_time()`, and
`latest_certification()`.
2021-11-30 22:54:14 +01:00
David Runge
52e0936524
Add unit test for git integration
tests/test_git.py:
Add unit test for `git_changed_files()`.
2021-11-30 22:54:14 +01:00
David Runge
d969587bf7
Add python-coverage as dependency for contributing
CONTRIBUTING.md:
Add python-coverage to the list of dependencies for testing.
2021-11-30 22:54:13 +01:00
David Runge
f27a7b90c2
Makefile: Use coverage instead of pytest
Makefile:
Run pytest via coverage in `make test` to also generate a coverage
report.
2021-11-30 22:54:13 +01:00
David Runge
c968e7815a
Add python-coverage to test target
.gitlab-ci.yml:
Add python-coverage to test target.
2021-11-30 22:54:13 +01:00
David Runge
a21e6f21fb
Write bytes to stderr when raising during system call
libkeyringctl/util.py:
Change `system()` to write bytes to stderr.buffer, as before
CalledProcessError.stdout had been used, which returns a string.
2021-11-30 22:54:13 +01:00
David Runge
4597fba6ba
Rename test directory to tests
tests/*:
The existing coverage configuration is setup to use/ omit a tests
directory.
2021-11-30 22:54:13 +01:00
Levente Polyak
0ca74e243b
feature(keyringctl): adding basic infrastructure for running tests 2021-11-30 22:54:13 +01:00
Levente Polyak
8ba7dc1dc9
feature(keyringctl): acquire trust status from key assumptions
Rework the whole trust handling by acquiring the trust status from
actual assumptions related to the amount of ownertrust signatures and
revocations.
2021-11-30 22:54:13 +01:00
Levente Polyak
26c7027660
feature(keyringctl): support importing from a piped fd
This feature allows to import from a piped fd like:
> ./keyringctl import --name foobar <(gpg --export foo@bar)

We achieve this even with hidepid by taking the naive approach of
copying the processes fd source to a tempfile and pass around latter.
2021-11-30 22:54:13 +01:00
Levente Polyak
2384d0337b
fix(keyringctl): resolve cert dir per fingerprint and not parent user 2021-11-30 22:54:13 +01:00
Levente Polyak
03d5899f87
fix(keyring): use a single applied revocation to declare a key revoked
Otherwise the PGP trust and revocation status file will not match our
expectations. A single applied revocation to this directory structure
should be checked either way.

We can later create TODO's to have at least two revocations for the keys
that would otherwise be still trusted and then change this value.
2021-11-30 22:54:13 +01:00
Levente Polyak
878752dc13
fix(keyringctl): avoid leaking unclosed file descriptors 2021-11-30 22:54:13 +01:00