public inbox for gentoo-keys@lists.gentoo.org
 help / color / mirror / Atom feed
From: Pavlos Ratis <dastergon@gentoo.org>
To: gentoo-soc@lists.gentoo.org, gentoo-keys@lists.gentoo.org
Subject: [gentoo-keys] Gentoo Keys: Expansion and improvements -- Final report
Date: Wed, 20 Aug 2014 14:34:25 +0300	[thread overview]
Message-ID: <CAOgmxWzbL5q5CHvR+dtD3JATJqHp6FPpd3beNfbWm0OnfCudzQ@mail.gmail.com> (raw)

Hello,

This year I worked on improving and expanding the features of Gentoo Keys.

Gentoo Keys is a Python based project that aims to manage the GPG
keys used for validation on users and Gentoo's infrastructure
servers. These keys will be any/all of the release keys, developer keys
and any other third party keys or keyrings available or needed.

Source code: https://github.com/gentoo/gentoo-keys

Final Report
=========

Status: Finished

Outline of features:
---------------------------
Seeds
  * Seed file fetching support.
  * Data format reconstruction from pickle to JSON.
  * Addition/deletion/listing actions.
Keys
  * Key installation support via seed files.
  * Key removal/listing support.
Keyrings
  * Gentoo Keys can now export a public keyring with trusted keys.
That binary keyring can be signed by a Certificate Authority(CA) and
distributed to the users.
Verification
  * File verification support(locally or via URL).
Key checks
  * Checks for expired or revoked keys.
  * Checks for key validity.
  * Key capabilities checks.
OpenPGP Key generation tool (Gkeygen)
  * OpenPGP key generation based on the GLEP 63 specifications[0].
Gentoo Key LDAP tool (Gkeyldap)
  * Gentoo-specific tool that is going to be used by Gentoo
infrastructure in conjunction with LDAP to update seeds and remove
keys that fail checks.

The project has resulted in a few patches to ssl-fetch[1] and pyGPG[2] as well.

Plans for the future
==============

Aside from some code refinements and minor changes, Gentoo Keys is
almost ready for its first release. We, the Gentoo Keys team, are
going to continue its development focusing on the test suites and the
file verification on images, commits and other documents. Furthermore,
our goal is to implement more features that make Gentoo keys more
dynamic and flexible for general use.

It has been a great experience working on the project. At this point,
I would like to thank my mentor, Brian (dol-sen) Dolbec for his
guidance and his suggestions throughout the past months and I would
also like to thank Kristian (K_F) Fiskerstrand for his suggestions on
the openPGP part.

[0] https://wiki.gentoo.org/wiki/GLEP:63
[1] https://github.com/dol-sen/ssl-fetch
[2] https://github.com/dol-sen/pyGPG

Best regards,
Pavlos Ratis


             reply	other threads:[~2014-08-20 11:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-20 11:34 Pavlos Ratis [this message]
2014-08-20 18:37 ` [gentoo-keys] Re: [gentoo-soc] Gentoo Keys: Expansion and improvements -- Final report Brian Dolbec

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOgmxWzbL5q5CHvR+dtD3JATJqHp6FPpd3beNfbWm0OnfCudzQ@mail.gmail.com \
    --to=dastergon@gentoo.org \
    --cc=gentoo-keys@lists.gentoo.org \
    --cc=gentoo-soc@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox