Commit Graph

72 Commits

Author SHA1 Message Date
Levente Polyak
f90e860d16
fix(keyringctl): prioritize latest certification per issuer
When importing a non reduced keyring the certifications were not
deterministic for keys that have multiple certifications per issuer.
This was for example the case for self certifications to extend the
expiry time. Before this commit a random certification could remain the
final one which would lead to a non up to date keyring and a potentially
expired key.
2021-11-30 22:54:12 +01:00
Levente Polyak
32469720f8
fix(keyringctl): deterministic assembling order with single packet files
Fix the assembling of a certificate by joining the packets in the
correct order and splitting combined files into individual single
packets per file.
2021-11-30 22:54:12 +01:00
Levente Polyak
4b136dd6f6
feature(keyringctl): enrich inspect to show explicit label for main keys
This helps to identify if a certification issuer comes from a main key
or not.
2021-11-30 22:54:12 +01:00
Levente Polyak
b6c25fa531
chore(keyringctl): de-duplicate username/fprint transform code
We duplicated resolving usernames and fingerprints to actual keyring
paths in multiple places. De-duplicate the code by using dedicated
functions to do this job.
2021-11-30 22:54:12 +01:00
Levente Polyak
cced93480c
fix(keyringctl): avoid walking non existing paths to resolve certs 2021-11-30 22:54:12 +01:00
Levente Polyak
02605edee5
feature(keyringctl): sort list command for alphabetical listing
Only do so when listing all keys, when a filter is provided, like
usernames or fingerprints, keep the order to allow a 1:1 mapping.
2021-11-30 22:54:12 +01:00
Levente Polyak
f3f3a63385
feature(keyringctl): avoid storing pubkey and uids in certifications
We do not need to duplicates packages in certifications and revocations.
Store the packets separated from their parent as those are already
persisted.
2021-11-30 22:54:12 +01:00
Levente Polyak
5249453726
feature(keyringctl): support passing fingerprint as source
This helps make the CLI more useful by listing, exporting or inspecting
a specific fingerprint.
2021-11-30 22:54:11 +01:00
Levente Polyak
6d336828e1
chore(keyringctl): remove docstring types as the signatures cover them
All modern tooling already reads type hinting from the signatures
instead of the docstring and supports annotating the parameter
accordingly. Remove the duplicated data to avoid out of sync
documentation.
2021-11-30 22:54:11 +01:00
Levente Polyak
619f2a3b68
chore(keyringctl): simplify convert usage by moving fingerprint filter 2021-11-30 22:54:11 +01:00
Levente Polyak
fc9ad848ab
chore(keyringctl): simplify trust functions and return trusted/revoked
The API makes more sense to return (trusted,revoked) as the caller can
simply derive all certificates by joining the two sets.

To simplify the functions, some code has been replaced to use helper
methods to flatten the nested loops.
2021-11-30 22:54:11 +01:00
Levente Polyak
e0abfd195c
feature(keyringctl): collect usernames to fingerprints to enrich output
By collecting the matching usernames to all fingerprints we are able to
enrich the output of `inspect` to show the usernames next to the
certifications.
2021-11-30 22:54:11 +01:00
Levente Polyak
2d1eb93a39
chore(keyringctl): move cert depth first search to own function
This way we can reuse the functionality which will allow to simplify a
lot of places that have multiple layers of inflexible nested loops.
2021-11-30 22:54:11 +01:00
Levente Polyak
3776ca942c
fix(keyringctl): preserve keyring split filenames in separated dirs
This aids initial imports of keyrings that contain multiple certificates
by allowing keyring_split to enforce preserving the filenames. This is
achieved by moving each split keyring into unique sub directories where
the original input filename remains unique.
2021-11-30 22:54:11 +01:00
Levente Polyak
090d63ae20
fix(keyringctl): force overwrite packets when persisting
When we import new packet data, always allow overwrites of the final
packet files. This may happen when importing from multiple files that
provide the same packets, which is fine as they should still yield to
the same results.
2021-11-30 22:54:11 +01:00
Levente Polyak
82254e0a36
feature(keyringctl): add inspect command to pretty print certificates
This command prints a new and pretty representation of the certificate
data to visualize the keyring and its signatures.
2021-11-30 22:54:11 +01:00
Levente Polyak
0168ce1db0
feature(keyringctl): add simple command to list all certificates 2021-11-30 22:54:11 +01:00
Levente Polyak
1a8ea8397d
chore(keyringctl): throw exception instead of exit on failed system calls 2021-11-30 22:54:11 +01:00
Levente Polyak
f6e3a4e94b
feature(keyringctl): use build command to create final artifacts
This allows an easy to use cli which invokes the export function to get
the keyring and uses the ownertrust and revoke functions to write all
artifacts into a target directory.
2021-11-30 22:54:10 +01:00
Levente Polyak
77e5b36872
feature(keyringctl): add force parameter to keyring_merge 2021-11-30 22:54:10 +01:00
Levente Polyak
86747ecab7
feature(keyringctl): use the export command purely to export keyrings
This gives more control over the export command that may be useful to
export a single packager to import it into gpg. This will also give more
flexibility to chain this function to the future verify stage.

By default the command exports the whole keyring directory.
2021-11-30 22:54:10 +01:00
Levente Polyak
aa2f2ea497
feature(keyringctl): add dedicated keyring_merge function 2021-11-30 22:54:10 +01:00
Levente Polyak
52178f38d5
feature(keyringctl): improve packet_join to optionally return the result 2021-11-30 22:54:10 +01:00
Levente Polyak
deaa312b7d
feature(keyringctl): print a stack trace in case a system cmd fails 2021-11-30 22:54:10 +01:00
Levente Polyak
edbbc77086
chore(keyringctl): use python 3.9 iterable/iterator type imports 2021-11-30 22:54:10 +01:00
Levente Polyak
74f317344f
feature(keyringctl): support importing multiple paths
Lets pass in a list of path's and reduce them to one set of path
iterables. This allows us to specify multiple source files/directories
2021-11-30 22:54:10 +01:00
Levente Polyak
c214022300
fix(keyringctl): restore --target option for convert command 2021-11-30 22:54:09 +01:00
Levente Polyak
40592b3534
feature(keyringctl): print help if invoked without any subcommand 2021-11-30 22:54:09 +01:00
Levente Polyak
8bc0ae1da0
feature(keyringctl): unify import subcommand for condensed api
Both commands are basically doing the same with the same params except
the target directory differs. Lets condense this behavior by using a
single subcommand with a boolean options.
2021-11-30 22:54:09 +01:00
Levente Polyak
2f9ef0ef1d
feature(keyringctl): keep filename if keyring split yields one keyring
Instead of always returning an artificial name try to preserve the
keyring filename if the split only yields a single certificate.
2021-11-30 22:54:09 +01:00
Levente Polyak
b91e8b983c
feature(keyringctl): move main/packager folders to isolated keyring dir
This helps to structure the layout of the repository better by having
one root folder that contains the actual decomposed keyring structure.
2021-11-30 22:54:09 +01:00
Levente Polyak
48e9bb67cb
chore(keyringctl): use singular for packager directory as well
So far we have used singular for all directories, lets keep that for the
packager directory as well.
2021-11-30 22:54:09 +01:00
Levente Polyak
37d0a5f633
chore(keyringctl): apply black formatter 2021-11-30 22:54:09 +01:00
Levente Polyak
930b5896a0
feature(keyringctl): introduce Username type instead of plain str 2021-11-30 22:54:09 +01:00
Levente Polyak
e422149c8a
feature(keyringctl): add type hinting direct sigs/revocations 2021-11-30 22:54:09 +01:00
Levente Polyak
147287959f
feature(keyringctl): derive username from short key id fingerprints
Allow short key id fingerprints to be used with the username derive
function by adding a glob in front of the fingerprint component.
2021-11-30 22:54:09 +01:00
Levente Polyak
60ee3d6d94
feature(keyringctl): avoid splitting a certificate multiple times
Move the name cascade to derive the username into the
`convert_certificate` function which allows to use the
certificate_fingerprint directly instead of trying to find it by
splitting the certificate one more time before converting.
2021-11-30 22:54:09 +01:00
Levente Polyak
cf6bac5fd9
chore(keyringctl): fix typo in docstring for convert_certificate 2021-11-30 22:54:08 +01:00
Levente Polyak
2206fe07b6
feature(keyringctl): simplification by removing static data from types
The certificate fingerprint in the convert function remains always the
same as we only process a single certificate and loop outside over
multiple keyrings. Therefor remove that layer from the data structures
and implicitly simplify all the assignments and usages.
2021-11-30 22:54:08 +01:00
Levente Polyak
a43d3dfac6
chore(keyringctl): add docstring for export_keyring() pacman_integration 2021-11-30 22:54:08 +01:00
Levente Polyak
f92a5884c5
chore(keyringctl): remove used input_path from get_fingerprints 2021-11-30 22:54:08 +01:00
Levente Polyak
e001de10d6
chore(keyringctl): blake compatible formatting of binary or chain 2021-11-30 22:54:08 +01:00
Levente Polyak
0bd10b9b4f
chore(keyringctl): avoid shadowing convert function 2021-11-30 22:54:08 +01:00
Levente Polyak
77b1eab89e
feature(keyringctl): add type hinting for fingerprint and uid
This drastically improves readability and type safety when joggling with
different keys in the data structures.
2021-11-30 22:54:08 +01:00
David Runge
cd0a2005a7
isort: Configure to use single lines
pyproject.toml:
Configure isort to use single lines (one line for each import) to ease
merge conflicts.

keyringctl:
Reformat using new isort settings.
2021-11-30 22:54:08 +01:00
David Runge
49ff2df1fc
keyringctl: Implement filtering of certifications
keyringctl:
Add `get_fingerprints_from_import_source()` to derive all fingerprints
of PGP public keys found in the import source.
Add `get_fingerprints_from_decomposed_dir()` to derive all fingerprints
of PGP public keys found in a directory structure holding decomposed PGP
packet data.
Add `get_fingerprints()` to derive a set of fingerprints of PGP public
keys provided through `get_fingerprints_from_import_source()` and
`get_fingerprints_from_decomposed_dir()`.
Change `convert()` and `convert_certificate()` to accept an optional set
of strings (`fingerprint_filter`) that may be used as a filter for
valid fingerprints when considering certifications.
Change `__main__` to call `convert()` when importing keys to packager or
main dir, providing `fingerprint_filter` which will attempt to look up
fingerprints in the source as well as the target.
2021-11-30 22:54:08 +01:00
David Runge
4b70feb2fb
keyringctl: Derive username from target when importing existing key
keyringctl:
Add `derive_user_from_target()` to derive the username from an existing
public key in the target directory when importing (updates to) an
already known key.
Change `convert()` to either use a custom name override (if provided), a
username derived from target dir (if existing) or the file name of the
to be imported file as username.
2021-11-30 22:54:08 +01:00
David Runge
1cbd360d17
keyringctl: Format file
keyringctl:
Use black to format the file, isort to auto-sort all imports.
Remove commented code and (for now) ignore the high complexity in
`convert()` so that flake8 can be used.
2021-11-30 22:54:07 +01:00
David Runge
0e54261242
keyringctl: Do not persist unbound certifications
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
2021-11-30 22:54:07 +01:00
David Runge
8ec1654e0c
keyringctl: Simplify subcommands
keyringctl:
Change `convert()` to create the target directory including parents.
Change `export_keyring()` to create the output directory and its
parents before outputting data into it.
Remove `keyring_import()` as its functionality is covered by using
`convert()` directly with different subcommands.
Change `__main__` to define `import-main` and `import-packager`
subcommands instead of `import` and to add an `export-keyring`
subcommand. Remove the explicit creation of target dirs (it is now
implemented in `convert()` and `export_keyring()`.
2021-11-30 22:54:07 +01:00