Levente Polyak authored 2 years ago and David Runge committed 2 years ago

This adds support orthogonal to shells that pass subshell fd as
/proc/self/fd.

libkeyringctl/{keyring,sequoia,util}.py:
As Iterable and Iterator are only used for type hints, switch to using
typing.{Iterable,Iterator} instead of
collections.abc.{Iterable,Iterator} for Python < 3.9.0, as older Python
interpreters will otherwise raise TypeError.

If a main key is revoked we do not want to use those keys to count
the required trust threshold.

De-duplicate not needed certifications by cleaning the keyring after
import to remove old files when processing revocations. This basically
adds the functionality compared to import-clean.

Declare the whole keyring data as well as the code as input dependency
for the build target. This way we can properly depend on the build
target for installation without forcing rebuilding on every invocation.

A rebuild will be triggered if either the keyring or the source code
creating the build output changes.

The directories are added to the source dependencies on purpose to
guarantee that changes like deleted files will result in a rebuild.

The mtime of the build directory is force updated on every run to allow
make to track the output artifacts mtime compared against the
dependencies.

Add a postfix hash of the raw uid data to the filenames to avoid
collisions with the simplified uid.

David Runge authored 3 years ago and Levente Polyak committed 3 years ago

libkeyringctl/keyring.py:
Simplify `convert_certificate()` by splitting out the conversion of
signature packets to `convert_signature_packet()` and the persistence of
packet material to `persist_key_material()`.
Add `convert_pubkey_signature_packet()`,
`convert_uid_signature_packet()` and
`convert_subkey_signature_packet()` to deal with the conversion of
public key signatures, UID signatures and subkey signatures
(respectively).

tests/test_keyring.py:
Add tests for `convert_certificate()`, `convert_signature_packet()`,
`convert_{pubkey,uid,subkey}_signature_packet()` and
`persist_subkey_revocations()`.

David Runge authored 3 years ago and Levente Polyak committed 3 years ago

libkeyringctl/keyring.py:
Change `get_packets_from_path()` to use full conditional statements
which is easier to cover in tests.

tests/test_keyring.py:
Add simple tests for `get_packets_from_path()`,
`get_packets_from_listing()`, `export()` and `build()`.

This effectively requires en_US.UTF-8 to be an available lang, which is
a relative fair requirement and mandatory to set for hokey.

This moves all verify code to an own module and adds support to check
all packet files in the structure for integrity. This is done by parsing
assumptions like packet kind, type, issuer and location etc.

This avoids collision between same issuer using key-id and full
fingerprint in different versions of a packet, like signature.

CalledProcessError returns bytes for our invocations, the fix that
decoded bytes of stdout was purely to make the mocked test happy while
breaking the actual usage. Restore the behavior and fix the wrong mocked
data.

David Runge authored 3 years ago and Levente Polyak committed 3 years ago

libkeyringctl/util.py:
Change `system()` to write bytes to stderr.buffer, as before
CalledProcessError.stdout had been used, which returns a string.

Rework the whole trust handling by acquiring the trust status from
actual assumptions related to the amount of ownertrust signatures and
revocations.

This feature allows to import from a piped fd like:
> ./keyringctl import --name foobar <(gpg --export foo@bar)

We achieve this even with hidepid by taking the naive approach of
copying the processes fd source to a tempfile and pass around latter.

Otherwise the PGP trust and revocation status file will not match our
expectations. A single applied revocation to this directory structure
should be checked either way.

We can later create TODO's to have at least two revocations for the keys
that would otherwise be still trusted and then change this value.

Currently only newly added certificates will be checked against the
expectations as existing keys are not all fully compatible with those
assumptions.  New certificates are determined by using
$CI_MERGE_REQUEST_DIFF_BASE_SHA as the base,

This command checks certain expectations using sq and hokey, prints the
results to stdout and potentially exists non successfully.

Handle missing or wrong certificate paths in a way that does not lead to
a blocking command by reading from stdin. Instead throw either file not
found errors or expect optional outputs.