* [gentoo-keys] Gentoo Keys: Expansion and improvements -- Final report
@ 2014-08-20 11:34 Pavlos Ratis
2014-08-20 18:37 ` [gentoo-keys] Re: [gentoo-soc] " Brian Dolbec
0 siblings, 1 reply; 2+ messages in thread
From: Pavlos Ratis @ 2014-08-20 11:34 UTC (permalink / raw
To: gentoo-soc, gentoo-keys
Hello,
This year I worked on improving and expanding the features of Gentoo Keys.
Gentoo Keys is a Python based project that aims to manage the GPG
keys used for validation on users and Gentoo's infrastructure
servers. These keys will be any/all of the release keys, developer keys
and any other third party keys or keyrings available or needed.
Source code: https://github.com/gentoo/gentoo-keys
Final Report
=========
Status: Finished
Outline of features:
---------------------------
Seeds
* Seed file fetching support.
* Data format reconstruction from pickle to JSON.
* Addition/deletion/listing actions.
Keys
* Key installation support via seed files.
* Key removal/listing support.
Keyrings
* Gentoo Keys can now export a public keyring with trusted keys.
That binary keyring can be signed by a Certificate Authority(CA) and
distributed to the users.
Verification
* File verification support(locally or via URL).
Key checks
* Checks for expired or revoked keys.
* Checks for key validity.
* Key capabilities checks.
OpenPGP Key generation tool (Gkeygen)
* OpenPGP key generation based on the GLEP 63 specifications[0].
Gentoo Key LDAP tool (Gkeyldap)
* Gentoo-specific tool that is going to be used by Gentoo
infrastructure in conjunction with LDAP to update seeds and remove
keys that fail checks.
The project has resulted in a few patches to ssl-fetch[1] and pyGPG[2] as well.
Plans for the future
==============
Aside from some code refinements and minor changes, Gentoo Keys is
almost ready for its first release. We, the Gentoo Keys team, are
going to continue its development focusing on the test suites and the
file verification on images, commits and other documents. Furthermore,
our goal is to implement more features that make Gentoo keys more
dynamic and flexible for general use.
It has been a great experience working on the project. At this point,
I would like to thank my mentor, Brian (dol-sen) Dolbec for his
guidance and his suggestions throughout the past months and I would
also like to thank Kristian (K_F) Fiskerstrand for his suggestions on
the openPGP part.
[0] https://wiki.gentoo.org/wiki/GLEP:63
[1] https://github.com/dol-sen/ssl-fetch
[2] https://github.com/dol-sen/pyGPG
Best regards,
Pavlos Ratis
^ permalink raw reply [flat|nested] 2+ messages in thread
* [gentoo-keys] Re: [gentoo-soc] Gentoo Keys: Expansion and improvements -- Final report
2014-08-20 11:34 [gentoo-keys] Gentoo Keys: Expansion and improvements -- Final report Pavlos Ratis
@ 2014-08-20 18:37 ` Brian Dolbec
0 siblings, 0 replies; 2+ messages in thread
From: Brian Dolbec @ 2014-08-20 18:37 UTC (permalink / raw
To: gentoo-soc; +Cc: gentoo-keys
On Wed, 20 Aug 2014 14:34:25 +0300
Pavlos Ratis <dastergon@gentoo.org> wrote:
> Aside from some code refinements and minor changes, Gentoo Keys is
> almost ready for its first release. We, the Gentoo Keys team, are
> going to continue its development focusing on the test suites and the
> file verification on images, commits and other documents. Furthermore,
> our goal is to implement more features that make Gentoo keys more
> dynamic and flexible for general use.
>
+++
For those of you that wish to test out the code. It can run from a
checkout provided you have the deps installed or also checked out and
have your PATH and PYTHONPATH set correctly to find them.
We appreciate some feedback on usability or bugs you encounter.
The repo at git.overlays.gentoo.org [3] is caught up with the
github/gentoo/gentoo-keys repo [4] which was used for the recent
development. It did have easy online code review capabilities.
> It has been a great experience working on the project. At this point,
> I would like to thank my mentor, Brian (dol-sen) Dolbec for his
> guidance and his suggestions throughout the past months
Your very welcome. It has been a pleasure working with you on this
project. I am also proud of the work that has been accomplished. I
want to thank you in return for making my code review job relatively
easy by turning in quality code to begin with :D
You also did very well while I was indisposed in hospital for 3 weeks.
> and I would
> also like to thank Kristian (K_F) Fiskerstrand for his suggestions on
> the openPGP part.
>
YES! A big thank you to Kristian for his help throughout the project
and a special thank you for picking up the slack while I was in
hospital. The timing was good that Pavlos was working on the GLEP 63
key generating application during that time. It is certainly an area
of expertise on your part...
I also want to thank all the others that helped provide insight,
feedback and code review during the project.
Robin Johnson <robbat2>
Mathew Summers <quantumsummers>
Douglas Freed <dwfreed>
Devan Franchini <twitch153>
Trevor King <wking>
Manuel Rueger <mrueg>
...
> [0] https://wiki.gentoo.org/wiki/GLEP:63
> [1] https://github.com/dol-sen/ssl-fetch
> [2] https://github.com/dol-sen/pyGPG
>
> Best regards,
> Pavlos Ratis
>
[3] git://git.overlays.gentoo.org/proj/gentoo-keys
[4] git@github.com:gentoo/gentoo-keys.git
A final note: We will be creating an overlay in a branch of our repo
soon. It will have the various ebuilds for the different modules and
binary keyrings the project will be creating. We will announce it once
we have it operational and get it listed in layman's overlay list.
Also note it will need the newest layman version which is now capable of
branch support in several of the repo types.
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-20 18:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-20 11:34 [gentoo-keys] Gentoo Keys: Expansion and improvements -- Final report Pavlos Ratis
2014-08-20 18:37 ` [gentoo-keys] Re: [gentoo-soc] " Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox