* [gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/
@ 2014-12-26 5:02 Brian Dolbec
0 siblings, 0 replies; 4+ messages in thread
From: Brian Dolbec @ 2014-12-26 5:02 UTC (permalink / raw
To: gentoo-commits
commit: 275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5
Author: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 26 04:57:35 2014 +0000
Commit: Brian Dolbec <brian.dolbec <AT> gmail <DOT> com>
CommitDate: Fri Dec 26 04:57:35 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/gentoo-keys.git;a=commit;h=275d9ae9
gkeys: Update fetchseed, verify actions to work with the new category system
---
gkeys/etc/gkeys.conf | 22 ++++++++++++++++++++--
gkeys/etc/gkeys.conf.sample | 22 ++++++++++++++++++++--
gkeys/gkeys/actions.py | 30 ++++++++++++++++++------------
gkeys/gkeys/config.py | 2 ++
gkeys/gkeys/seedhandler.py | 11 ++++++-----
5 files changed, 66 insertions(+), 21 deletions(-)
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index 3c79243..d9a42c0 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -20,6 +20,11 @@ gkeysdir: /var/lib/gentoo/gkeys
keyring: %(gkeysdir)s/keyrings
+# The default keyring to use
+# for verification if not specified
+verify-keyring: gentoo
+
+
# Base directory to use as the path prefix to use
# for the signing capable keyrings, keyring settings
# eg: '/' for root if absolute paths are used for homedir, keyring
@@ -48,8 +53,12 @@ files: 0o002
[seeds]
-# *-seedfile: json txt file of name, keyid, fingerprint
-# entry per line
+# file is a json text file of: nick, name, keydir, fingerprint
+# one file per line
+# category = category or seedfile name
+# these categories/seedfile nmaes are used for the
+# -C, --category input value validations
+# eg: category: filepath
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
@@ -62,6 +71,15 @@ gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
+[verify-seeds]
+
+# mapping of the seedfile category name
+# to the category-name and gpg-key keydir to use to verify the seedfile
+# seedfile-name: category keydir
+gentoo: gentoo gkeys
+gentoo-devs: gentoo gkeys
+
+
[sign]
# GKEY nick used for verification of seeds and other gkey files
diff --git a/gkeys/etc/gkeys.conf.sample b/gkeys/etc/gkeys.conf.sample
index 3c79243..d9a42c0 100644
--- a/gkeys/etc/gkeys.conf.sample
+++ b/gkeys/etc/gkeys.conf.sample
@@ -20,6 +20,11 @@ gkeysdir: /var/lib/gentoo/gkeys
keyring: %(gkeysdir)s/keyrings
+# The default keyring to use
+# for verification if not specified
+verify-keyring: gentoo
+
+
# Base directory to use as the path prefix to use
# for the signing capable keyrings, keyring settings
# eg: '/' for root if absolute paths are used for homedir, keyring
@@ -48,8 +53,12 @@ files: 0o002
[seeds]
-# *-seedfile: json txt file of name, keyid, fingerprint
-# entry per line
+# file is a json text file of: nick, name, keydir, fingerprint
+# one file per line
+# category = category or seedfile name
+# these categories/seedfile nmaes are used for the
+# -C, --category input value validations
+# eg: category: filepath
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
@@ -62,6 +71,15 @@ gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
+[verify-seeds]
+
+# mapping of the seedfile category name
+# to the category-name and gpg-key keydir to use to verify the seedfile
+# seedfile-name: category keydir
+gentoo: gentoo gkeys
+gentoo-devs: gentoo gkeys
+
+
[sign]
# GKEY nick used for verification of seeds and other gkey files
diff --git a/gkeys/gkeys/actions.py b/gkeys/gkeys/actions.py
index de8446d..dddd48a 100644
--- a/gkeys/gkeys/actions.py
+++ b/gkeys/gkeys/actions.py
@@ -34,7 +34,7 @@ Action_Options = {
'addseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
'removeseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
'moveseed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'dest'],
- 'fetchseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
+ 'fetchseed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
'listseedfiles': [],
'listkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'gpgsearch', 'keyid'],
'installkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', '1file'],
@@ -42,7 +42,7 @@ Action_Options = {
'movekey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'dest'],
'installed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
'importkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
- 'verify': ['dest', 'nick', 'name', 'keydir', 'fingerprint', 'category', '1file', 'signature', 'keyring', 'timestamp'],
+ 'verify': ['dest', 'nick', 'name', 'keydir', 'fingerprint', 'category', '1file', 'signature', 'timestamp'],
'checkkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'keyid'],
'sign': ['nick', 'name', 'keydir', 'fingerprint', 'file', 'keyring'],
'speccheck': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'keyid'],
@@ -80,6 +80,10 @@ class Actions(object):
def fetchseed(self, args):
'''Download the selected seed file(s)'''
self.logger.debug("ACTIONS: fetchseed; args: %s" % str(args))
+ if not args.keyring:
+ verify_info = self.config.get_key('verify-seeds', args.category).split()
+ args.keyring = verify_info[0]
+ args.nick = verify_info[1]
handler = SeedHandler(self.logger, self.config)
success, messages = handler.fetch_seeds(args.category, args, self.verify)
@@ -606,13 +610,15 @@ class Actions(object):
if not args.filename:
return (False, ['Please provide a signed file.'])
if not args.category:
- args.category = 'gentoo'
- (success, data) = self.installed(args)
- keys = data[1]
+ args.category = self.config.get_key('verify_keyring')
+ self.logger.debug("ACTIONS: verify; keyring category not specified, using default: %s"
+ % args.category)
+ handler = SeedHandler(self.logger, self.config)
+ keys = handler.load_category(args.category)
if not keys:
return (False, ['No installed keys found, try installkey action.'])
- keyring = self.config.get_key('keyring')
- catdir = os.path.join(keyring, args.category)
+ keyrings = self.config.get_key('keyring')
+ catdir = os.path.join(keyrings, args.category)
self.logger.debug("ACTIONS: verify; catdir = %s" % catdir)
self.gpg = GkeysGPG(self.config, catdir)
filepath, signature = args.filename, args.signature
@@ -672,11 +678,11 @@ class Actions(object):
messages = []
self.logger.info("Verifying file...")
verified = False
- # get correct key to use
- use_gkey = self.config.get_key('seedurls', 'gkey')
- for key in keys:
- if key.nick == use_gkey:
- break
+ key = keys.nick_search(args.nick)
+ if not key:
+ messages.append("Failed to find nick: %s in %s category"
+ % (args.nick, args.category))
+ return (False, messages)
results = self.gpg.verify_file(key, sig_path, filepath)
keyid = key.keyid[0]
(valid, trust) = results.verified
diff --git a/gkeys/gkeys/config.py b/gkeys/gkeys/config.py
index 7e31909..6eba2b3 100644
--- a/gkeys/gkeys/config.py
+++ b/gkeys/gkeys/config.py
@@ -90,6 +90,8 @@ class GKeysConfig(GPGConfig):
'keyring': None,
'type': 'clearsign',
}
+ self.defaults['verify-keyring'] = ''
+ self.defaults['verify-seeds'] = {}
def read_config(self):
diff --git a/gkeys/gkeys/seedhandler.py b/gkeys/gkeys/seedhandler.py
index 0e66b69..bb233f9 100644
--- a/gkeys/gkeys/seedhandler.py
+++ b/gkeys/gkeys/seedhandler.py
@@ -130,18 +130,19 @@ class SeedHandler(object):
seedurl = self.config.get_key('seedurls', seed)
seedpath = self.config.get_key('seeds', seed)
if http_check.match(seedurl):
- urls.extend([(seedurl, seedpath)])
+ urls.extend([(seed, seedurl, seedpath)])
else:
- self.logger.info("Wrong seed file URLs... Switching to default URLs.")
- urls.extend([(self.config['seedurls'][seed], seedpath)])
+ self.logger.info("Wrong seed file URLs... Skipping: %s" % seed)
except KeyError:
pass
succeeded = []
seedsdir = self.config.get_key('seedsdir')
mode = int(self.config.get_key('permissions', 'directories'),0)
ensure_dirs(seedsdir, mode=mode)
- for (url, filepath) in urls:
- args.category = 'rel'
+ for (seed, url, filepath) in urls:
+ verify_info = self.config.get_key('verify-seeds', seed).split()
+ args.category = verify_info[0]
+ args.nick = verify_info[1]
args.filename = url
args.signature = None
args.timestamp = True
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/
@ 2015-02-11 17:37 Brian Dolbec
0 siblings, 0 replies; 4+ messages in thread
From: Brian Dolbec @ 2015-02-11 17:37 UTC (permalink / raw
To: gentoo-commits
commit: 0ffd0b9353a42251f6ca4c5292dcd1078a7b22e9
Author: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 13 05:08:24 2015 +0000
Commit: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
CommitDate: Sat Jan 31 03:43:47 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/gentoo-keys.git;a=commit;h=0ffd0b93
logger location refactor bug 536314
---
gkeys/etc/gkeys.conf | 2 +-
gkeys/gkeys/base.py | 10 ++++++++--
gkeys/gkeys/config.py | 8 +++++---
3 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index 7a774be..3f15051 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -16,7 +16,7 @@ gkeysdir: /var/lib/gentoo/gkeys
# default user home directory
-homedir: ~
+homedir:
# user gkey directory
diff --git a/gkeys/gkeys/base.py b/gkeys/gkeys/base.py
index 7e28b90..cfd3702 100644
--- a/gkeys/gkeys/base.py
+++ b/gkeys/gkeys/base.py
@@ -15,9 +15,10 @@ from __future__ import print_function
import argparse
+import os
import sys
-from gkeys import fileops
+from gkeys.fileops import ensure_dirs
from gkeys.log import log_levels, set_logger
@@ -267,12 +268,17 @@ class CliBase(object):
else:
self.config.read_config(configs)
+ # check for permissions and adjust configs accordngly
+ if not self.config['homedir']:
+ self.config['homedir'] = os.path.expanduser('~')
+ if not os.access(self.config['logdir'], os.W_OK):
+ self.config['logdir'] = ensure_dirs(
+ os.path.join(self.config['user-dir'], 'logs'))
# establish our logger and update it in the imported files
self.logger = set_logger(self.cli_config['prog'], self.config['logdir'], args.debug,
dirmode=int(self.config.get_key('permissions', 'directories'),0),
filemask=int(self.config.get_key('permissions', 'files'),0))
self.config.logger = self.logger
- fileops.logger = self.logger
if message:
self.logger.error(message)
diff --git a/gkeys/gkeys/config.py b/gkeys/gkeys/config.py
index fdc1cee..96e85e6 100644
--- a/gkeys/gkeys/config.py
+++ b/gkeys/gkeys/config.py
@@ -56,9 +56,11 @@ class GKeysConfig(GPGConfig):
def _set_default_config(self):
- self.defaults['homedir'] = os.path.join(os.path.expanduser('~'), '.gkeys')
- self.defaults['configdir'] = self.defaults['homedir']
- self.defaults['config']= os.path.join(self.defaults['homedir'], 'gkeys.conf')
+ self.defaults['homedir'] = os.path.expanduser('~')
+ self.defaults['configdir'] = os.path.join(
+ self.defaults['homedir'], '.gkeys')
+ self.defaults['config']= os.path.join(
+ self.defaults['configdir'], 'gkeys.conf')
if not os.path.exists(self.defaults['config']):
self.defaults['configdir'] = path([self.root, EPREFIX, '/etc/gkeys'])
self.defaults['config'] = '%(configdir)s/gkeys.conf'
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/
@ 2015-03-10 15:21 Brian Dolbec
0 siblings, 0 replies; 4+ messages in thread
From: Brian Dolbec @ 2015-03-10 15:21 UTC (permalink / raw
To: gentoo-commits
commit: dfe6fd48a50d5753127a3720259f10312822a39b
Author: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 10 14:14:27 2015 +0000
Commit: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
CommitDate: Tue Mar 10 14:14:27 2015 +0000
URL: https://gitweb.gentoo.org/proj/gentoo-keys.git/commit/?id=dfe6fd48
gkeys: Fix setting deafault location of homedir
Pass in the os.expanduser('~') setting to the config parser.
Comment out the gkeys.conf homedir setting so it can use the passed in default.
gkeys/etc/gkeys.conf | 4 +++-
gkeys/gkeys/config.py | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index 3f15051..e7a363f 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -16,7 +16,9 @@ gkeysdir: /var/lib/gentoo/gkeys
# default user home directory
-homedir:
+# normally set by expanding ~
+# uncomment and edit for a custom location
+#homedir:
# user gkey directory
diff --git a/gkeys/gkeys/config.py b/gkeys/gkeys/config.py
index 96e85e6..1cac0b0 100644
--- a/gkeys/gkeys/config.py
+++ b/gkeys/gkeys/config.py
@@ -99,8 +99,8 @@ class GKeysConfig(GPGConfig):
self.defaults[key] = self._sub_(self.defaults[key])
defaults = OrderedDict()
# Add only the defaults we want in the configparser
- for key in ['gkeysdir', 'keyring', 'sign-keydir', 'logdir', 'seedsdir',
- 'keyserver']:
+ for key in ['gkeysdir', 'homedir', 'keyring', 'sign-keydir', 'logdir',
+ 'seedsdir', 'keyserver']:
defaults[key] = self.defaults[key]
if filename == None:
filename = self.defaults['config']
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/
@ 2015-08-09 22:52 Brian Dolbec
0 siblings, 0 replies; 4+ messages in thread
From: Brian Dolbec @ 2015-08-09 22:52 UTC (permalink / raw
To: gentoo-commits
commit: 38d2b1fed19ac636346ab1e7a456bbac5bc69cec
Author: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 9 22:43:31 2015 +0000
Commit: Brian Dolbec <dolsen <AT> gentoo <DOT> org>
CommitDate: Sun Aug 9 22:52:05 2015 +0000
URL: https://gitweb.gentoo.org/proj/gentoo-keys.git/commit/?id=38d2b1fe
gkeys: Add settable trust-model for the keyrings
The --trust-model option is needed for git verification and many other gkeys operations.
gkeys/etc/gkeys.conf | 14 +++++++++++++-
gkeys/gkeys/actionbase.py | 10 ++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index e7a363f..e9eb820 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -67,9 +67,12 @@ files: 0o022
# file is a json text file of: nick, name, keydir, fingerprint
# one file per line
# category = category or seedfile name
-# these categories/seedfile nmaes are used for the
+# these categories/seedfile names are used for the
# -C, --category input value validations
# eg: category: filepath
+#
+# If adding additional seed files,
+# remember to set an appropriate [trust-model] for them below"
gentoo: %(seedsdir)s/gentoo.seeds
gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
@@ -92,6 +95,15 @@ gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
#sign:
+# Set the trust levels
+# one of {pgp|classic|direct|always|auto}
+# default is "auto"
+# for the gentoo and gentoo-devs keyrings set to "always"
+[trust-model]
+gentoo: always
+gentoo-devs: always
+
+
[verify-seeds]
# mapping of the seedfile category name
diff --git a/gkeys/gkeys/actionbase.py b/gkeys/gkeys/actionbase.py
index 77748c5..e8d5ba4 100644
--- a/gkeys/gkeys/actionbase.py
+++ b/gkeys/gkeys/actionbase.py
@@ -85,6 +85,16 @@ class ActionBase(object):
self.category = cat
catdir = os.path.join(keyring, cat)
self.logger.debug(_unicode("ACTIONS: _set_category; catdir = %s") % catdir)
+ self._set_trust(cat)
return catdir
+ def _set_trust(self, cat):
+ trust = self.config.get_key('trust-model', cat)
+ if trust in [None]:
+ trust = 'auto'
+ if 'trust-model' in self.config.defaults['gpg_defaults']:
+ index = self.config.defaults['gpg_defaults'].index('trust-model')
+ self.config.defaults['gpg_defaults'][index+1] = trust
+ else:
+ self.config.defaults['gpg_defaults'].extend(['--trust-model', trust])
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-08-09 22:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-26 5:02 [gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/ Brian Dolbec
-- strict thread matches above, loose matches on Subject: below --
2015-02-11 17:37 Brian Dolbec
2015-03-10 15:21 Brian Dolbec
2015-08-09 22:52 Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox