Commit Graph

54 Commits

Author SHA1 Message Date
Levente Polyak
f6e3a4e94b
feature(keyringctl): use build command to create final artifacts
This allows an easy to use cli which invokes the export function to get
the keyring and uses the ownertrust and revoke functions to write all
artifacts into a target directory.
2021-11-30 22:54:10 +01:00
Levente Polyak
77e5b36872
feature(keyringctl): add force parameter to keyring_merge 2021-11-30 22:54:10 +01:00
Levente Polyak
86747ecab7
feature(keyringctl): use the export command purely to export keyrings
This gives more control over the export command that may be useful to
export a single packager to import it into gpg. This will also give more
flexibility to chain this function to the future verify stage.

By default the command exports the whole keyring directory.
2021-11-30 22:54:10 +01:00
Levente Polyak
aa2f2ea497
feature(keyringctl): add dedicated keyring_merge function 2021-11-30 22:54:10 +01:00
Levente Polyak
52178f38d5
feature(keyringctl): improve packet_join to optionally return the result 2021-11-30 22:54:10 +01:00
Levente Polyak
deaa312b7d
feature(keyringctl): print a stack trace in case a system cmd fails 2021-11-30 22:54:10 +01:00
Levente Polyak
edbbc77086
chore(keyringctl): use python 3.9 iterable/iterator type imports 2021-11-30 22:54:10 +01:00
Levente Polyak
74f317344f
feature(keyringctl): support importing multiple paths
Lets pass in a list of path's and reduce them to one set of path
iterables. This allows us to specify multiple source files/directories
2021-11-30 22:54:10 +01:00
Levente Polyak
c214022300
fix(keyringctl): restore --target option for convert command 2021-11-30 22:54:09 +01:00
Levente Polyak
40592b3534
feature(keyringctl): print help if invoked without any subcommand 2021-11-30 22:54:09 +01:00
Levente Polyak
8bc0ae1da0
feature(keyringctl): unify import subcommand for condensed api
Both commands are basically doing the same with the same params except
the target directory differs. Lets condense this behavior by using a
single subcommand with a boolean options.
2021-11-30 22:54:09 +01:00
Levente Polyak
2f9ef0ef1d
feature(keyringctl): keep filename if keyring split yields one keyring
Instead of always returning an artificial name try to preserve the
keyring filename if the split only yields a single certificate.
2021-11-30 22:54:09 +01:00
Levente Polyak
b91e8b983c
feature(keyringctl): move main/packager folders to isolated keyring dir
This helps to structure the layout of the repository better by having
one root folder that contains the actual decomposed keyring structure.
2021-11-30 22:54:09 +01:00
Levente Polyak
48e9bb67cb
chore(keyringctl): use singular for packager directory as well
So far we have used singular for all directories, lets keep that for the
packager directory as well.
2021-11-30 22:54:09 +01:00
Levente Polyak
37d0a5f633
chore(keyringctl): apply black formatter 2021-11-30 22:54:09 +01:00
Levente Polyak
930b5896a0
feature(keyringctl): introduce Username type instead of plain str 2021-11-30 22:54:09 +01:00
Levente Polyak
e422149c8a
feature(keyringctl): add type hinting direct sigs/revocations 2021-11-30 22:54:09 +01:00
Levente Polyak
147287959f
feature(keyringctl): derive username from short key id fingerprints
Allow short key id fingerprints to be used with the username derive
function by adding a glob in front of the fingerprint component.
2021-11-30 22:54:09 +01:00
Levente Polyak
60ee3d6d94
feature(keyringctl): avoid splitting a certificate multiple times
Move the name cascade to derive the username into the
`convert_certificate` function which allows to use the
certificate_fingerprint directly instead of trying to find it by
splitting the certificate one more time before converting.
2021-11-30 22:54:09 +01:00
Levente Polyak
cf6bac5fd9
chore(keyringctl): fix typo in docstring for convert_certificate 2021-11-30 22:54:08 +01:00
Levente Polyak
2206fe07b6
feature(keyringctl): simplification by removing static data from types
The certificate fingerprint in the convert function remains always the
same as we only process a single certificate and loop outside over
multiple keyrings. Therefor remove that layer from the data structures
and implicitly simplify all the assignments and usages.
2021-11-30 22:54:08 +01:00
Levente Polyak
a43d3dfac6
chore(keyringctl): add docstring for export_keyring() pacman_integration 2021-11-30 22:54:08 +01:00
Levente Polyak
f92a5884c5
chore(keyringctl): remove used input_path from get_fingerprints 2021-11-30 22:54:08 +01:00
Levente Polyak
e001de10d6
chore(keyringctl): blake compatible formatting of binary or chain 2021-11-30 22:54:08 +01:00
Levente Polyak
0bd10b9b4f
chore(keyringctl): avoid shadowing convert function 2021-11-30 22:54:08 +01:00
Levente Polyak
77b1eab89e
feature(keyringctl): add type hinting for fingerprint and uid
This drastically improves readability and type safety when joggling with
different keys in the data structures.
2021-11-30 22:54:08 +01:00
David Runge
cd0a2005a7
isort: Configure to use single lines
pyproject.toml:
Configure isort to use single lines (one line for each import) to ease
merge conflicts.

keyringctl:
Reformat using new isort settings.
2021-11-30 22:54:08 +01:00
David Runge
49ff2df1fc
keyringctl: Implement filtering of certifications
keyringctl:
Add `get_fingerprints_from_import_source()` to derive all fingerprints
of PGP public keys found in the import source.
Add `get_fingerprints_from_decomposed_dir()` to derive all fingerprints
of PGP public keys found in a directory structure holding decomposed PGP
packet data.
Add `get_fingerprints()` to derive a set of fingerprints of PGP public
keys provided through `get_fingerprints_from_import_source()` and
`get_fingerprints_from_decomposed_dir()`.
Change `convert()` and `convert_certificate()` to accept an optional set
of strings (`fingerprint_filter`) that may be used as a filter for
valid fingerprints when considering certifications.
Change `__main__` to call `convert()` when importing keys to packager or
main dir, providing `fingerprint_filter` which will attempt to look up
fingerprints in the source as well as the target.
2021-11-30 22:54:08 +01:00
David Runge
4b70feb2fb
keyringctl: Derive username from target when importing existing key
keyringctl:
Add `derive_user_from_target()` to derive the username from an existing
public key in the target directory when importing (updates to) an
already known key.
Change `convert()` to either use a custom name override (if provided), a
username derived from target dir (if existing) or the file name of the
to be imported file as username.
2021-11-30 22:54:08 +01:00
David Runge
1cbd360d17
keyringctl: Format file
keyringctl:
Use black to format the file, isort to auto-sort all imports.
Remove commented code and (for now) ignore the high complexity in
`convert()` so that flake8 can be used.
2021-11-30 22:54:07 +01:00
David Runge
0e54261242
keyringctl: Do not persist unbound certifications
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
2021-11-30 22:54:07 +01:00
David Runge
8ec1654e0c
keyringctl: Simplify subcommands
keyringctl:
Change `convert()` to create the target directory including parents.
Change `export_keyring()` to create the output directory and its
parents before outputting data into it.
Remove `keyring_import()` as its functionality is covered by using
`convert()` directly with different subcommands.
Change `__main__` to define `import-main` and `import-packager`
subcommands instead of `import` and to add an `export-keyring`
subcommand. Remove the explicit creation of target dirs (it is now
implemented in `convert()` and `export_keyring()`.
2021-11-30 22:54:07 +01:00
Levente Polyak
cc26ca503c
chore(keyringctl): uniformly use path builder via operator
Instead of partially dealing with strings that contain slashes lets just
use the path builder interface by using the operator for every sub path
layer in a uniform way.
2021-11-30 22:54:07 +01:00
Levente Polyak
c86832f3a1
chore(keyringctl): use singular folder names for all sub-folders 2021-11-30 22:54:07 +01:00
Levente Polyak
6299f6416e
chore(keyringctl): deduplicate iteration and split code in convert() 2021-11-30 22:54:07 +01:00
Levente Polyak
ac798eeeab
feature(keyringctl): wire the import command for convenience
Use it to auto write a decompose/convert command into the local keyring
automatically.
2021-11-30 22:54:07 +01:00
Levente Polyak
b989203ff0
chore(doc): extend source parameter description 2021-11-30 22:54:07 +01:00
Levente Polyak
aa934d5ff5
chore(keyringctl): declare missing type hinting for cwd 2021-11-30 22:54:07 +01:00
Levente Polyak
04008da268
fix(keyringctl): do not line break before operators
This is a lot easier to read and also fixes a style warning python
issues.
2021-11-30 22:54:06 +01:00
Levente Polyak
4e98585232
feature(keyringctl): use prefixed temp dirs for easier recognition
It makes sense to prefix the temp directories so they can be identified
more easily to which application they belong to or what they may
contain.
2021-11-30 22:54:06 +01:00
Levente Polyak
a0199b0b04
fix(keyringctl): restore cwd before deleting the temporary working dir
This avoids potential issues with wrapped runtime like ipython or pdb
that try to invoke functions at exit and access the current working
directory, which will ultimately lead to an error in case we deleted it
before changing the current working directory.
2021-11-30 22:54:06 +01:00
Levente Polyak
92f07f0d4b
feature(keyringctl): use sq to split a keyring into individual certificates
Lets use sequoia as well to split an input into individual certificates
instead of creating a custom made function for this job.

Pass down the name of the original input file to `convert_certificate`
in case no override has been defined.
2021-11-30 22:54:06 +01:00
David Runge
5170319717
keyringctl: Add documentation to all functions
keyringctl:
Add documentation to all functions.
Change the inlined functions `convert()` and `alphanum_key()` in
`natural_sort_path()` to rely on type Union[int, str] instead of type
Any.
Change `convert_certificate()` to derive the username using the stem of
the provided certificate.
2021-11-30 22:54:06 +01:00
David Runge
5320f2491e
keyringctl: Implement export of ownertrust/ revoker status
keyringctl:
Add `temp_join_keys()` to generically join PGP packets in a directory
below a temporary directory.
Add `get_all_and_revoked_certs()` to retrieve a tuple containing a list
of all public key fingerprints and a list of all self-revoked public key
fingerprints in a list of paths.
Add `export_ownertrust()` to export a list of fingerprints of
non-revoked public keys to a file that can be imported using `gpg
--import-ownertrust`.
Add `export_revoked()` to export the fingerprints of all self-revoked
public keys and the fingerprints of public keys that have been revoked
by third party signing keys (the latter is still fairly naive).
Change `export_keyring()` to make use of `temp_join_keys()` for
preparing main signing keys and general keys for the export to file. Add
integration for exporting ownertrust and revoker status (using
`export_ownertrust()` and `export_revoked()`, respectively).
Change `__main__` by extending the export_parser by a `-m`/ `--main`
argument to provide one or multiple files or directories, that serve as
the signing authority for key material located below `-s`/ `--source`.
Add a `-p`/ `--pacman-integration` to provide the means to export
ownertrust and revoker status on demand.
2021-11-30 22:54:06 +01:00
David Runge
3c31230eb2
keyringctl: Write User IDs to separate files
keyringctl:
Add `persist_uids()` to write User ID related packets: User-ID and
PositiveCertifications (UID binding signatures).
Rename `persist_basic_key()` to `persist_public_key()` and change it to
only persist the PublicKey packet.
Change `persist_{certifications,revocations}()` to persist the
certificates to a key-specific 'uids' subdirectory per PublicKey.
Change `convert_certificate()` to rename `uid_binding_sig` to
`uid_bind_sigs`. Simplify the logic for signature related data
assignments.
2021-11-30 22:54:06 +01:00
David Runge
7e04c50a16
keyringctl: Split out subkeys to separate structure
keyringctl:
Add `persist_subkeys()` and `persist_subkey_revocations()` to persist
the Public-Subkeys and the SubkeyRevocations of a root key out into a
dedicated directory structure below the respective Public-Key.
Change `persist_basic_key()` to not persist the Public-Subkeys and
SubkeyRevocations of a root key anymore and to output debug information
before writing to file.
Change `convert_certificate()` to refer to Public-Subkeys and
PublicSubkeyBinding as `subkeys` and `subkey_binding_sigs`
(respectively) and to explicitly refer to the main certificate
fingerprint when aggregating the data about them. Add
`subkey_revocations` to track any SubkeyRevocations of a given
Public-Subkey, so that it can be persisted to file.
2021-11-30 22:54:06 +01:00
David Runge
c4fbd95041
keyringctl: Add writing to keyring output file
keyringctl:
Change `packet_join()` to add documentation and a `force` parameter with
which sq's force parameter may be toggled (defaults to False).
Add `export_keyring()` to allow writing all provided PGP packet files to
a single output file using `sq keyring merge`.
Change `__main__` to add an `export` subcommand to allow for providing
multiple input sources and one output file. Add an optional `-f/--force`
parameter that can be used to force subcommands that support it. Remove
the unused `start_dir` variable. Move the creation of `target_dir` below
the context that creates the working directory and only create it when
using the `convert` or `import` subcommands (as it is not used
otherwise).
Call `export_keyring()` when using the `export` subcommand.
2021-11-30 22:54:05 +01:00
David Runge
7f7c2f13f0
keyringctl: Deal with multi-certificate per user files
keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
2021-11-30 22:54:05 +01:00
David Runge
cb8e827112
keyringctl: Copy files instead of moving them
keyringctl:
Change `__main__` to create the `target_dir` before calling any further
function that relies on it.
Change `convert()` to require the `target_dir` to be not None and to
create all username based target directories before using
`shutil.copytree()` to copy all sources to their respective target
directories when iterating over the paths to persist. This has the
upside, that updates to a target directory structure can be done on the
fly (overwriting existing data), which is not possible with
`shutil.move()`.
2021-11-30 22:54:05 +01:00
David Runge
a5be572136
keyringctl: Derive output dir from file and allow override
keyringctl:
Change `convert_certificates()` to use a more descriptive
`name_override` parameter in its signature to allow the overriding of
the username directory name into which key material is persisted.
Distinguish between the per-username directory and the eventual key
material directory. Instead of the key directory return the username
directory.
Change the `persist*` functions to use the `key_dir` instead of the
`root_dir` terminology as well.

Change `convert()` to optionally allow a `name_override` as well and use
that in the calls to `convert_certificate()`. Make the moving of files
more robust, by at least allowing to move the per-key directories for a
username, if the username target directory exists already. NOTE: This
needs expansion for the use-case where existing files should be
updated/extended by new files.

Add an additional argument to the 'convert' argparse parser to allow
users to override the target username directory name.
2021-11-30 22:54:05 +01:00