keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.
Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.
Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
keyringctl:
Change `persist_direct_sigs()` to track a sig_type parameter in its
signature so that the output directory of the direct signatures can be
altered.
Change `convert_certificate()` to set a `direct_revocations` variable,
that is used to track KeyRevocations for root keys. Extend the logic to
make use of `add_packet_to_direct_sigs()` to set a list of
KeyRevocations for a given root key. Eventually call
`persist_direct_sigs()` with `direct_revocations` and a custom
`sig_type` to persist the revocation certificates.
keyringctl:
Rename `persist_direct_keys()` to `persist_direct_sigs()` as it is now
not only handling the persistence of DirectKeys but also *Certifications
directly on a root key (those without an explicit User ID).
Add inline function `add_packet_to_direct_sigs()` to
`convert_certificate()` to generically add direct signatures on a root
key, grouped by issuer.
Change `convert_certificate()` to add Certifications on a root key
(without a specified User ID) to the list of direct_sigs, so that they
are persisted alongside any existing DirectKeys.
Remove breakpoints from `persist_certifications()` as they are no longer
reached. The function is now solely used for Certifications on User IDs.
keyringctl:
Add `persist_basic_key()`, `persist_direct_keys()`,
`persist_certifications()` and `persist_revocations()` to allow for
dedicated writing of basic key material, direct key signatures,
per UID certificates and per UID revocations (respectively).
Change `convert_certificate()` to call the new dedicated write functions
instead of implementing the functionality.
Change `convert_certificate()` to raise on missing current_packet_key
when trying to work on signature files (this is unlikely to occur,
unless the input data is somehow broken, but it keeps the linter happy).
Change `convert_certificate()` to handle direct_keys by issuer on a
given root key (DirectKey signatures by the same issuer are combined).
Change the argparse subparser for the 'convert' command to include a
help text.
