Commit Graph

483 Commits

Author SHA1 Message Date
Levente Polyak
4e98585232
feature(keyringctl): use prefixed temp dirs for easier recognition
It makes sense to prefix the temp directories so they can be identified
more easily to which application they belong to or what they may
contain.
2021-11-30 22:54:06 +01:00
Levente Polyak
a0199b0b04
fix(keyringctl): restore cwd before deleting the temporary working dir
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
2021-11-30 22:54:06 +01:00
Levente Polyak
92f07f0d4b
feature(keyringctl): use sq to split a keyring into individual certificates
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.

Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
2021-11-30 22:54:06 +01:00
David Runge
4e24fe5da4
Add pyproject.toml with tooling configuration
pyproject.toml:
Add configuration for black, coverage, isort and mypy.
2021-11-30 22:54:06 +01:00
David Runge
53ffb80740
Add flake8 configuration
.flake8:
Add integration for flake8.
Set maximum line length to 120 and maximum complexity to 10.
2021-11-30 22:54:06 +01:00
David Runge
b3e1640553
Add contribution guidelines
CONTRIBUTING.md:
Add guidelines describing how code is added and which commands to use to
add or update key material.
2021-11-30 22:54:06 +01:00
David Runge
5170319717
keyringctl: Add documentation to all functions
keyringctl:
Add documentation to all functions.
Change the inlined functions `convert()` and `alphanum_key()` in
`natural_sort_path()` to rely on type Union[int, str] instead of type
Any.
Change `convert_certificate()` to derive the username using the stem of
the provided certificate.
2021-11-30 22:54:06 +01:00
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00
David Runge
7f7c2f13f0
keyringctl: Deal with multi-certificate per user files
keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
2021-11-30 22:54:05 +01:00
David Runge
cb8e827112
keyringctl: Copy files instead of moving them
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
2021-11-30 22:54:05 +01:00
David Runge
a5be572136
keyringctl: Derive output dir from file and allow override
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.

Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.

Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
2021-11-30 22:54:05 +01:00
David Runge
40761f44a7
keyringctl: Add handling of KeyRevocations
keyringctl:
Change `persist_direct_sigs()` to track a sig_type parameter in its
signature so that the output directory of the direct signatures can be
altered.
Change `convert_certificate()` to set a `direct_revocations` variable,
that is used to track KeyRevocations for root keys. Extend the logic to
make use of `add_packet_to_direct_sigs()` to set a list of
KeyRevocations for a given root key. Eventually call
`persist_direct_sigs()` with `direct_revocations` and a custom
`sig_type` to persist the revocation certificates.
2021-11-30 22:54:05 +01:00
David Runge
a77b334859
keyringctl: Persist direct signatures generically
keyringctl:
Rename `persist_direct_keys()` to `persist_direct_sigs()` as it is now
not only handling the persistence of DirectKeys but also *Certifications
directly on a root key (those without an explicit User ID).
Add inline function `add_packet_to_direct_sigs()` to
`convert_certificate()` to generically add direct signatures on a root
key, grouped by issuer.
Change `convert_certificate()` to add Certifications on a root key
(without a specified User ID) to the list of direct_sigs, so that they
are persisted alongside any existing DirectKeys.
Remove breakpoints from `persist_certifications()` as they are no longer
reached. The function is now solely used for Certifications on User IDs.
2021-11-30 22:54:05 +01:00
David Runge
0d32d2f00a
keyringctl: Dedicated functions for writing to file
keyringctl:
Add `persist_basic_key()`, `persist_direct_keys()`,
`persist_certifications()` and `persist_revocations()` to allow for
dedicated writing of basic key material, direct key signatures,
per UID certificates and per UID revocations (respectively).
Change `convert_certificate()` to call the new dedicated write functions
instead of implementing the functionality.
Change `convert_certificate()` to raise on missing current_packet_key
when trying to work on signature files (this is unlikely to occur,
unless the input data is somehow broken, but it keeps the linter happy).
Change `convert_certificate()` to handle direct_keys by issuer on a
given root key (DirectKey signatures by the same issuer are combined).
Change the argparse subparser for the 'convert' command to include a
help text.
2021-11-30 22:54:05 +01:00
Levente Polyak
f626e40b84
feature(keyringctl): add tool to work with key data 2021-11-30 22:54:05 +01:00
Levente Polyak
4116f94fbb
feature(editorconfig): add standard python settings 2021-11-30 22:53:57 +01:00
David Runge
4967abcb0c
Merge remote-tracking branch 'origin/key_update'
* origin/key_update:
  Update keyring
2021-11-30 00:21:13 +01:00
David Runge
0271f6121f
Update keyring
Update the archlinux keyring and the packager keys.
2021-11-30 00:18:53 +01:00
David Runge
77a72765b1
Merge remote-tracking branch 'origin/packager_key_mtorromeo'
* origin/packager_key_mtorromeo:
  Add new packager key of Massimiliano Torromeo (mtorromeo)
2021-11-30 00:10:38 +01:00
Massimiliano Torromeo
b8726b2498
Add new packager key of Massimiliano Torromeo (mtorromeo) 2021-11-30 00:07:40 +01:00
David Runge
75b2957f4a
Merge remote-tracking branch 'dbermond/dbermond-new-key'
* dbermond/dbermond-new-key:
  Add new packager key for Daniel Bermond
2021-11-29 17:25:45 +01:00
Daniel Bermond
b9d4aaf8d9 Add new packager key for Daniel Bermond 2021-11-29 16:24:50 +00:00
David Runge
f50472b9e3
Merge remote-tracking branch 'wild/wild-newkey'
* wild/wild-newkey:
  Add packager key for wild
2021-11-29 17:24:26 +01:00
Dan Printzell
d20e6a9f83 Add packager key for wild
Signed-off-by: Dan Printzell <wild@archlinux.org>
2021-11-29 16:23:44 +00:00
David Runge
e21943f9b6
Merge remote-tracking branch 'idevolder/hotfix/new-ike.devolder.archlinux.org-key'
* idevolder/hotfix/new-ike.devolder.archlinux.org-key:
  add new archlinux.org gpg key for Ike
2021-11-29 17:23:05 +01:00
Ike Devolder
cb5fb8705b add new archlinux.org gpg key for Ike 2021-11-29 16:22:10 +00:00
David Runge
5121c2d628
Merge remote-tracking branch 'juergen/new-gpg-key'
* juergen/new-gpg-key:
  add new archlinux.org gpg key for juergen
2021-11-29 17:21:49 +01:00
Jürgen Hötzel
161c70dfc3 add new archlinux.org gpg key for juergen 2021-11-29 16:21:03 +00:00
David Runge
5187908235
Merge remote-tracking branch 'xyne/xyne-add_gpg_key'
* xyne/xyne-add_gpg_key:
  Add new PGP key ID for Xyne.
2021-11-29 17:19:32 +01:00
Xyne
99f56df063 Add new PGP key ID for Xyne. 2021-11-29 16:16:28 +00:00
David Runge
703ce130f1
Merge remote-tracking branch 'escondida/escondida-new-key'
* escondida/escondida-new-key:
  add new key for escondida
2021-11-29 17:16:03 +01:00
Ivy Foster
a5c3b6b02f add new key for escondida 2021-11-29 15:59:29 +00:00
David Runge
61e39d7dfe
Merge remote-tracking branch 'maximbaz/maximbaz-master-patch-40138'
* maximbaz/maximbaz-master-patch-40138:
  Add packager key for maximbaz
2021-11-29 16:58:28 +01:00
Maxim Baz
d6518575d5 Add packager key for maximbaz 2021-11-29 15:54:01 +00:00
David Runge
94cc605d0b
Merge remote-tracking branch 'spupykin/master'
* spupykin/master:
  add new packager key id for spupykin
2021-11-29 16:48:50 +01:00
Sergej Pupykin
596ffb428b add new packager key id for spupykin 2021-11-29 15:47:36 +00:00
David Runge
bae7359ee6
Merge remote-tracking branch 'muflone/master'
Add a new key for muflone.

* muflone/master:
  Added new key for muflone
2021-11-29 16:45:14 +01:00
Muflone
ef9bf94435 Added new key for muflone 2021-11-28 11:49:12 +01:00
Christian Hesse
eef34e85a2
Prepare release 2021-10-28 11:59:05 +02:00
Christian Hesse
e7b1576300
Update keyring
... and collect latest changes.
2021-10-28 11:57:12 +02:00
Christian Hesse
f2f428ff1e
Update keyring
... and collect latest changes.
2021-10-25 13:33:30 +02:00
Christian Hesse
c325a25de5
Prepare release 2021-09-02 22:08:43 +02:00
Christian Hesse
7fc9403560
Update keyring
... and collect latest changes, including key for alex19ep.
2021-09-02 22:07:09 +02:00
David Runge
85b9ed4247
Add packager key ID for alex19ep
packager-keyids:
Add 6C7F7F22E0152A6FD5728592DAD6F3056C897266 as PGP key ID for alex19ep.
2021-09-02 22:02:17 +02:00
Christian Hesse
ad65524ec2
Prepare release 2021-08-20 09:07:31 +02:00
Christian Hesse
01609606b3
Update keyring
... and add new key of Morgan Adamiec (morganamilo).
2021-08-20 08:30:08 +02:00
Christian Hesse
23b36990f8
new key of Morgan Adamiec (morganamilo)
https://lists.archlinux.org/pipermail/aur-general/2021-June/036337.html
2021-08-20 07:50:25 +02:00