Commit Graph

772 Commits

Author SHA1 Message Date
Levente Polyak
94b910a55e
fix(ci): use unified multi import command 2021-11-30 22:54:10 +01:00
Levente Polyak
edbbc77086
chore(keyringctl): use python 3.9 iterable/iterator type imports 2021-11-30 22:54:10 +01:00
Levente Polyak
74f317344f
feature(keyringctl): support importing multiple paths
Lets pass in a list of path's and reduce them to one set of path
iterables. This allows us to specify multiple source files/directories
2021-11-30 22:54:10 +01:00
Levente Polyak
1b1aa7f738
fix(doc): improve splitting topics across README.md and CONTRIBUTING.md 2021-11-30 22:54:09 +01:00
Levente Polyak
c214022300
fix(keyringctl): restore --target option for convert command 2021-11-30 22:54:09 +01:00
Levente Polyak
40592b3534
feature(keyringctl): print help if invoked without any subcommand 2021-11-30 22:54:09 +01:00
Levente Polyak
8bc0ae1da0
feature(keyringctl): unify import subcommand for condensed api
Both commands are basically doing the same with the same params except
the target directory differs. Lets condense this behavior by using a
single subcommand with a boolean options.
2021-11-30 22:54:09 +01:00
Levente Polyak
2f9ef0ef1d
feature(keyringctl): keep filename if keyring split yields one keyring
Instead of always returning an artificial name try to preserve the
keyring filename if the split only yields a single certificate.
2021-11-30 22:54:09 +01:00
Levente Polyak
b91e8b983c
feature(keyringctl): move main/packager folders to isolated keyring dir
This helps to structure the layout of the repository better by having
one root folder that contains the actual decomposed keyring structure.
2021-11-30 22:54:09 +01:00
Levente Polyak
48e9bb67cb
chore(keyringctl): use singular for packager directory as well
So far we have used singular for all directories, lets keep that for the
packager directory as well.
2021-11-30 22:54:09 +01:00
Levente Polyak
37d0a5f633
chore(keyringctl): apply black formatter 2021-11-30 22:54:09 +01:00
Levente Polyak
930b5896a0
feature(keyringctl): introduce Username type instead of plain str 2021-11-30 22:54:09 +01:00
Levente Polyak
e422149c8a
feature(keyringctl): add type hinting direct sigs/revocations 2021-11-30 22:54:09 +01:00
Levente Polyak
147287959f
feature(keyringctl): derive username from short key id fingerprints
Allow short key id fingerprints to be used with the username derive
function by adding a glob in front of the fingerprint component.
2021-11-30 22:54:09 +01:00
Levente Polyak
60ee3d6d94
feature(keyringctl): avoid splitting a certificate multiple times
Move the name cascade to derive the username into the
`convert_certificate` function which allows to use the
certificate_fingerprint directly instead of trying to find it by
splitting the certificate one more time before converting.
2021-11-30 22:54:09 +01:00
Levente Polyak
cf6bac5fd9
chore(keyringctl): fix typo in docstring for convert_certificate 2021-11-30 22:54:08 +01:00
Levente Polyak
2206fe07b6
feature(keyringctl): simplification by removing static data from types
The certificate fingerprint in the convert function remains always the
same as we only process a single certificate and loop outside over
multiple keyrings. Therefor remove that layer from the data structures
and implicitly simplify all the assignments and usages.
2021-11-30 22:54:08 +01:00
Levente Polyak
a43d3dfac6
chore(keyringctl): add docstring for export_keyring() pacman_integration 2021-11-30 22:54:08 +01:00
Levente Polyak
f92a5884c5
chore(keyringctl): remove used input_path from get_fingerprints 2021-11-30 22:54:08 +01:00
Levente Polyak
e001de10d6
chore(keyringctl): blake compatible formatting of binary or chain 2021-11-30 22:54:08 +01:00
Levente Polyak
0bd10b9b4f
chore(keyringctl): avoid shadowing convert function 2021-11-30 22:54:08 +01:00
Levente Polyak
77b1eab89e
feature(keyringctl): add type hinting for fingerprint and uid
This drastically improves readability and type safety when joggling with
different keys in the data structures.
2021-11-30 22:54:08 +01:00
David Runge
cd0a2005a7
isort: Configure to use single lines
pyproject.toml:
Configure isort to use single lines (one line for each import) to ease
merge conflicts.

keyringctl:
Reformat using new isort settings.
2021-11-30 22:54:08 +01:00
David Runge
49ff2df1fc
keyringctl: Implement filtering of certifications
keyringctl:
Add `get_fingerprints_from_import_source()` to derive all fingerprints
of PGP public keys found in the import source.
Add `get_fingerprints_from_decomposed_dir()` to derive all fingerprints
of PGP public keys found in a directory structure holding decomposed PGP
packet data.
Add `get_fingerprints()` to derive a set of fingerprints of PGP public
keys provided through `get_fingerprints_from_import_source()` and
`get_fingerprints_from_decomposed_dir()`.
Change `convert()` and `convert_certificate()` to accept an optional set
of strings (`fingerprint_filter`) that may be used as a filter for
valid fingerprints when considering certifications.
Change `__main__` to call `convert()` when importing keys to packager or
main dir, providing `fingerprint_filter` which will attempt to look up
fingerprints in the source as well as the target.
2021-11-30 22:54:08 +01:00
David Runge
4b70feb2fb
keyringctl: Derive username from target when importing existing key
keyringctl:
Add `derive_user_from_target()` to derive the username from an existing
public key in the target directory when importing (updates to) an
already known key.
Change `convert()` to either use a custom name override (if provided), a
username derived from target dir (if existing) or the file name of the
to be imported file as username.
2021-11-30 22:54:08 +01:00
David Runge
5e6a8a2e98
gitlab-ci: Run lint, build and install
.gitlab-ci.yml:
Add rule to run `make lint` if `keyringctl` changes in a merge request.
Add integration stage to always attempt to build and install the keyring
in a containerized environment.
2021-11-30 22:54:08 +01:00
David Runge
153ae31437
Makefile: Change to use new targets
Makefile:
Remove soon unneeded targets for dist and upload.
Add lint and build targets.
Simplify the installation and uninstallation target.
2021-11-30 22:54:07 +01:00
David Runge
fa0f35a66c
editorconfig: Extend for yaml files
editorconfig:
Add a sane default for YAML files.
2021-11-30 22:54:07 +01:00
David Runge
1cbd360d17
keyringctl: Format file
keyringctl:
Use black to format the file, isort to auto-sort all imports.
Remove commented code and (for now) ignore the high complexity in
`convert()` so that flake8 can be used.
2021-11-30 22:54:07 +01:00
David Runge
0e54261242
keyringctl: Do not persist unbound certifications
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
2021-11-30 22:54:07 +01:00
David Runge
8ec1654e0c
keyringctl: Simplify subcommands
keyringctl:
Change `convert()` to create the target directory including parents.
Change `export_keyring()` to create the output directory and its
parents before outputting data into it.
Remove `keyring_import()` as its functionality is covered by using
`convert()` directly with different subcommands.
Change `__main__` to define `import-main` and `import-packager`
subcommands instead of `import` and to add an `export-keyring`
subcommand. Remove the explicit creation of target dirs (it is now
implemented in `convert()` and `export_keyring()`.
2021-11-30 22:54:07 +01:00
David Runge
819e1adc37
README: Add new default sections and cleanup
README.md:
Add a short purpose introduction.
Add requirements, installation, contribution, releases and license
sections.
2021-11-30 22:54:07 +01:00
Levente Polyak
cc26ca503c
chore(keyringctl): uniformly use path builder via operator
Instead of partially dealing with strings that contain slashes lets just
use the path builder interface by using the operator for every sub path
layer in a uniform way.
2021-11-30 22:54:07 +01:00
Levente Polyak
c86832f3a1
chore(keyringctl): use singular folder names for all sub-folders 2021-11-30 22:54:07 +01:00
Levente Polyak
6299f6416e
chore(keyringctl): deduplicate iteration and split code in convert() 2021-11-30 22:54:07 +01:00
Levente Polyak
ac798eeeab
feature(keyringctl): wire the import command for convenience
Use it to auto write a decompose/convert command into the local keyring
automatically.
2021-11-30 22:54:07 +01:00
Levente Polyak
b989203ff0
chore(doc): extend source parameter description 2021-11-30 22:54:07 +01:00
Levente Polyak
aa934d5ff5
chore(keyringctl): declare missing type hinting for cwd 2021-11-30 22:54:07 +01:00
Levente Polyak
04008da268
fix(keyringctl): do not line break before operators
This is a lot easier to read and also fixes a style warning python
issues.
2021-11-30 22:54:06 +01:00
Levente Polyak
4e98585232
feature(keyringctl): use prefixed temp dirs for easier recognition
It makes sense to prefix the temp directories so they can be identified
more easily to which application they belong to or what they may
contain.
2021-11-30 22:54:06 +01:00
Levente Polyak
a0199b0b04
fix(keyringctl): restore cwd before deleting the temporary working dir
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
2021-11-30 22:54:06 +01:00
Levente Polyak
92f07f0d4b
feature(keyringctl): use sq to split a keyring into individual certificates
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.

Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
2021-11-30 22:54:06 +01:00
David Runge
4e24fe5da4
Add pyproject.toml with tooling configuration
pyproject.toml:
Add configuration for black, coverage, isort and mypy.
2021-11-30 22:54:06 +01:00
David Runge
53ffb80740
Add flake8 configuration
.flake8:
Add integration for flake8.
Set maximum line length to 120 and maximum complexity to 10.
2021-11-30 22:54:06 +01:00
David Runge
b3e1640553
Add contribution guidelines
CONTRIBUTING.md:
Add guidelines describing how code is added and which commands to use to
add or update key material.
2021-11-30 22:54:06 +01:00
David Runge
5170319717
keyringctl: Add documentation to all functions
keyringctl:
Add documentation to all functions.
Change the inlined functions `convert()` and `alphanum_key()` in
`natural_sort_path()` to rely on type Union[int, str] instead of type
Any.
Change `convert_certificate()` to derive the username using the stem of
the provided certificate.
2021-11-30 22:54:06 +01:00
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00