This allows an easy to use cli which invokes the export function to get
the keyring and uses the ownertrust and revoke functions to write all
artifacts into a target directory.
This gives more control over the export command that may be useful to
export a single packager to import it into gpg. This will also give more
flexibility to chain this function to the future verify stage.
By default the command exports the whole keyring directory.
Both commands are basically doing the same with the same params except
the target directory differs. Lets condense this behavior by using a
single subcommand with a boolean options.
Move the name cascade to derive the username into the
`convert_certificate` function which allows to use the
certificate_fingerprint directly instead of trying to find it by
splitting the certificate one more time before converting.
The certificate fingerprint in the convert function remains always the
same as we only process a single certificate and loop outside over
multiple keyrings. Therefor remove that layer from the data structures
and implicitly simplify all the assignments and usages.
keyringctl:
Add `get_fingerprints_from_import_source()` to derive all fingerprints
of PGP public keys found in the import source.
Add `get_fingerprints_from_decomposed_dir()` to derive all fingerprints
of PGP public keys found in a directory structure holding decomposed PGP
packet data.
Add `get_fingerprints()` to derive a set of fingerprints of PGP public
keys provided through `get_fingerprints_from_import_source()` and
`get_fingerprints_from_decomposed_dir()`.
Change `convert()` and `convert_certificate()` to accept an optional set
of strings (`fingerprint_filter`) that may be used as a filter for
valid fingerprints when considering certifications.
Change `__main__` to call `convert()` when importing keys to packager or
main dir, providing `fingerprint_filter` which will attempt to look up
fingerprints in the source as well as the target.
keyringctl:
Add `derive_user_from_target()` to derive the username from an existing
public key in the target directory when importing (updates to) an
already known key.
Change `convert()` to either use a custom name override (if provided), a
username derived from target dir (if existing) or the file name of the
to be imported file as username.
.gitlab-ci.yml:
Add rule to run `make lint` if `keyringctl` changes in a merge request.
Add integration stage to always attempt to build and install the keyring
in a containerized environment.
keyringctl:
Use black to format the file, isort to auto-sort all imports.
Remove commented code and (for now) ignore the high complexity in
`convert()` so that flake8 can be used.
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
keyringctl:
Change `convert()` to create the target directory including parents.
Change `export_keyring()` to create the output directory and its
parents before outputting data into it.
Remove `keyring_import()` as its functionality is covered by using
`convert()` directly with different subcommands.
Change `__main__` to define `import-main` and `import-packager`
subcommands instead of `import` and to add an `export-keyring`
subcommand. Remove the explicit creation of target dirs (it is now
implemented in `convert()` and `export_keyring()`.
Instead of partially dealing with strings that contain slashes lets just
use the path builder interface by using the operator for every sub path
layer in a uniform way.
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.
Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
