Commit Graph

42 Commits

Author SHA1 Message Date
Levente Polyak
b91e8b983c
feature(keyringctl): move main/packager folders to isolated keyring dir
This helps to structure the layout of the repository better by having
one root folder that contains the actual decomposed keyring structure.
2021-11-30 22:54:09 +01:00
Levente Polyak
48e9bb67cb
chore(keyringctl): use singular for packager directory as well
So far we have used singular for all directories, lets keep that for the
packager directory as well.
2021-11-30 22:54:09 +01:00
Levente Polyak
37d0a5f633
chore(keyringctl): apply black formatter 2021-11-30 22:54:09 +01:00
Levente Polyak
930b5896a0
feature(keyringctl): introduce Username type instead of plain str 2021-11-30 22:54:09 +01:00
Levente Polyak
e422149c8a
feature(keyringctl): add type hinting direct sigs/revocations 2021-11-30 22:54:09 +01:00
Levente Polyak
147287959f
feature(keyringctl): derive username from short key id fingerprints
Allow short key id fingerprints to be used with the username derive
function by adding a glob in front of the fingerprint component.
2021-11-30 22:54:09 +01:00
Levente Polyak
60ee3d6d94
feature(keyringctl): avoid splitting a certificate multiple times
Move the name cascade to derive the username into the
`convert_certificate` function which allows to use the
certificate_fingerprint directly instead of trying to find it by
splitting the certificate one more time before converting.
2021-11-30 22:54:09 +01:00
Levente Polyak
cf6bac5fd9
chore(keyringctl): fix typo in docstring for convert_certificate 2021-11-30 22:54:08 +01:00
Levente Polyak
2206fe07b6
feature(keyringctl): simplification by removing static data from types
The certificate fingerprint in the convert function remains always the
same as we only process a single certificate and loop outside over
multiple keyrings. Therefor remove that layer from the data structures
and implicitly simplify all the assignments and usages.
2021-11-30 22:54:08 +01:00
Levente Polyak
a43d3dfac6
chore(keyringctl): add docstring for export_keyring() pacman_integration 2021-11-30 22:54:08 +01:00
Levente Polyak
f92a5884c5
chore(keyringctl): remove used input_path from get_fingerprints 2021-11-30 22:54:08 +01:00
Levente Polyak
e001de10d6
chore(keyringctl): blake compatible formatting of binary or chain 2021-11-30 22:54:08 +01:00
Levente Polyak
0bd10b9b4f
chore(keyringctl): avoid shadowing convert function 2021-11-30 22:54:08 +01:00
Levente Polyak
77b1eab89e
feature(keyringctl): add type hinting for fingerprint and uid
This drastically improves readability and type safety when joggling with
different keys in the data structures.
2021-11-30 22:54:08 +01:00
David Runge
cd0a2005a7
isort: Configure to use single lines
pyproject.toml:
Configure isort to use single lines (one line for each import) to ease
merge conflicts.

keyringctl:
Reformat using new isort settings.
2021-11-30 22:54:08 +01:00
David Runge
49ff2df1fc
keyringctl: Implement filtering of certifications
keyringctl:
Add `get_fingerprints_from_import_source()` to derive all fingerprints
of PGP public keys found in the import source.
Add `get_fingerprints_from_decomposed_dir()` to derive all fingerprints
of PGP public keys found in a directory structure holding decomposed PGP
packet data.
Add `get_fingerprints()` to derive a set of fingerprints of PGP public
keys provided through `get_fingerprints_from_import_source()` and
`get_fingerprints_from_decomposed_dir()`.
Change `convert()` and `convert_certificate()` to accept an optional set
of strings (`fingerprint_filter`) that may be used as a filter for
valid fingerprints when considering certifications.
Change `__main__` to call `convert()` when importing keys to packager or
main dir, providing `fingerprint_filter` which will attempt to look up
fingerprints in the source as well as the target.
2021-11-30 22:54:08 +01:00
David Runge
4b70feb2fb
keyringctl: Derive username from target when importing existing key
keyringctl:
Add `derive_user_from_target()` to derive the username from an existing
public key in the target directory when importing (updates to) an
already known key.
Change `convert()` to either use a custom name override (if provided), a
username derived from target dir (if existing) or the file name of the
to be imported file as username.
2021-11-30 22:54:08 +01:00
David Runge
1cbd360d17
keyringctl: Format file
keyringctl:
Use black to format the file, isort to auto-sort all imports.
Remove commented code and (for now) ignore the high complexity in
`convert()` so that flake8 can be used.
2021-11-30 22:54:07 +01:00
David Runge
0e54261242
keyringctl: Do not persist unbound certifications
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
2021-11-30 22:54:07 +01:00
David Runge
8ec1654e0c
keyringctl: Simplify subcommands
keyringctl:
Change `convert()` to create the target directory including parents.
Change `export_keyring()` to create the output directory and its
parents before outputting data into it.
Remove `keyring_import()` as its functionality is covered by using
`convert()` directly with different subcommands.
Change `__main__` to define `import-main` and `import-packager`
subcommands instead of `import` and to add an `export-keyring`
subcommand. Remove the explicit creation of target dirs (it is now
implemented in `convert()` and `export_keyring()`.
2021-11-30 22:54:07 +01:00
Levente Polyak
cc26ca503c
chore(keyringctl): uniformly use path builder via operator
Instead of partially dealing with strings that contain slashes lets just
use the path builder interface by using the operator for every sub path
layer in a uniform way.
2021-11-30 22:54:07 +01:00
Levente Polyak
c86832f3a1
chore(keyringctl): use singular folder names for all sub-folders 2021-11-30 22:54:07 +01:00
Levente Polyak
6299f6416e
chore(keyringctl): deduplicate iteration and split code in convert() 2021-11-30 22:54:07 +01:00
Levente Polyak
ac798eeeab
feature(keyringctl): wire the import command for convenience
Use it to auto write a decompose/convert command into the local keyring
automatically.
2021-11-30 22:54:07 +01:00
Levente Polyak
b989203ff0
chore(doc): extend source parameter description 2021-11-30 22:54:07 +01:00
Levente Polyak
aa934d5ff5
chore(keyringctl): declare missing type hinting for cwd 2021-11-30 22:54:07 +01:00
Levente Polyak
04008da268
fix(keyringctl): do not line break before operators
This is a lot easier to read and also fixes a style warning python
issues.
2021-11-30 22:54:06 +01:00
Levente Polyak
4e98585232
feature(keyringctl): use prefixed temp dirs for easier recognition
It makes sense to prefix the temp directories so they can be identified
more easily to which application they belong to or what they may
contain.
2021-11-30 22:54:06 +01:00
Levente Polyak
a0199b0b04
fix(keyringctl): restore cwd before deleting the temporary working dir
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
2021-11-30 22:54:06 +01:00
Levente Polyak
92f07f0d4b
feature(keyringctl): use sq to split a keyring into individual certificates
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.

Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
2021-11-30 22:54:06 +01:00
David Runge
5170319717
keyringctl: Add documentation to all functions
keyringctl:
Add documentation to all functions.
Change the inlined functions `convert()` and `alphanum_key()` in
`natural_sort_path()` to rely on type Union[int, str] instead of type
Any.
Change `convert_certificate()` to derive the username using the stem of
the provided certificate.
2021-11-30 22:54:06 +01:00
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00
David Runge
7f7c2f13f0
keyringctl: Deal with multi-certificate per user files
keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
2021-11-30 22:54:05 +01:00
David Runge
cb8e827112
keyringctl: Copy files instead of moving them
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
2021-11-30 22:54:05 +01:00
David Runge
a5be572136
keyringctl: Derive output dir from file and allow override
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.

Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.

Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
2021-11-30 22:54:05 +01:00
David Runge
40761f44a7
keyringctl: Add handling of KeyRevocations
keyringctl:
Change `persist_direct_sigs()` to track a sig_type parameter in its
signature so that the output directory of the direct signatures can be
altered.
Change `convert_certificate()` to set a `direct_revocations` variable,
that is used to track KeyRevocations for root keys. Extend the logic to
make use of `add_packet_to_direct_sigs()` to set a list of
KeyRevocations for a given root key. Eventually call
`persist_direct_sigs()` with `direct_revocations` and a custom
`sig_type` to persist the revocation certificates.
2021-11-30 22:54:05 +01:00
David Runge
a77b334859
keyringctl: Persist direct signatures generically
keyringctl:
Rename `persist_direct_keys()` to `persist_direct_sigs()` as it is now
not only handling the persistence of DirectKeys but also *Certifications
directly on a root key (those without an explicit User ID).
Add inline function `add_packet_to_direct_sigs()` to
`convert_certificate()` to generically add direct signatures on a root
key, grouped by issuer.
Change `convert_certificate()` to add Certifications on a root key
(without a specified User ID) to the list of direct_sigs, so that they
are persisted alongside any existing DirectKeys.
Remove breakpoints from `persist_certifications()` as they are no longer
reached. The function is now solely used for Certifications on User IDs.
2021-11-30 22:54:05 +01:00
David Runge
0d32d2f00a
keyringctl: Dedicated functions for writing to file
keyringctl:
Add `persist_basic_key()`, `persist_direct_keys()`,
`persist_certifications()` and `persist_revocations()` to allow for
dedicated writing of basic key material, direct key signatures,
per UID certificates and per UID revocations (respectively).
Change `convert_certificate()` to call the new dedicated write functions
instead of implementing the functionality.
Change `convert_certificate()` to raise on missing current_packet_key
when trying to work on signature files (this is unlikely to occur,
unless the input data is somehow broken, but it keeps the linter happy).
Change `convert_certificate()` to handle direct_keys by issuer on a
given root key (DirectKey signatures by the same issuer are combined).
Change the argparse subparser for the 'convert' command to include a
help text.
2021-11-30 22:54:05 +01:00
Levente Polyak
f626e40b84
feature(keyringctl): add tool to work with key data 2021-11-30 22:54:05 +01:00