summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-11-30 13:55:36 -0600
committerDan McGee <dan@archlinux.org>2011-11-30 13:55:36 -0600
commit6b8ef446bcd6a1cbc794d0846968e806034d3aad (patch)
treeb9e6fcba31717369953fa330f179cd48fc4fbea1
parentda61fed4be6a28c870580f448c7c486f46d7b088 (diff)
Add master key overview page
And a bunch of text that may suck, but is better than nothing. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--main/models.py12
-rw-r--r--main/templatetags/pgp.py13
-rw-r--r--public/views.py18
-rw-r--r--templates/public/keys.html57
-rw-r--r--urls.py1
5 files changed, 95 insertions, 6 deletions
diff --git a/main/models.py b/main/models.py
index 990cc8ca..9156fb51 100644
--- a/main/models.py
+++ b/main/models.py
@@ -53,6 +53,18 @@ class UserProfile(models.Model):
verbose_name = 'Additional Profile Data'
verbose_name_plural = 'Additional Profile Data'
+ def get_absolute_url(self):
+ # TODO: this is disgusting. find a way to consolidate this logic with
+ # public.views.userlist among other places, and make some constants or
+ # something so we aren't using copies of string names everywhere.
+ group_names = self.user.groups.values_list('name', flat=True)
+ if "Developers" in group_names:
+ prefix = "developers"
+ elif "Trusted Users" in group_names:
+ prefix = "trustedusers"
+ else:
+ prefix = "fellows"
+ return '/%s/#%s' % (prefix, self.user.username)
class TodolistManager(models.Manager):
def incomplete(self):
diff --git a/main/templatetags/pgp.py b/main/templatetags/pgp.py
index 67f5e08d..d69e2918 100644
--- a/main/templatetags/pgp.py
+++ b/main/templatetags/pgp.py
@@ -1,5 +1,7 @@
from django import template
from django.conf import settings
+from django.utils.html import conditional_escape
+from django.utils.safestring import mark_safe
register = template.Library()
@@ -26,4 +28,15 @@ def pgp_key_link(key_id):
values = (url, format_key(key_id), key_id[-8:])
return '<a href="%s" title="PGP key search for %s">0x%s</a>' % values
+@register.filter
+def pgp_fingerprint(key_id, autoescape=True):
+ if not key_id:
+ return u''
+ if autoescape:
+ esc = conditional_escape
+ else:
+ esc = lambda x: x
+ return mark_safe(format_key(esc(key_id)))
+pgp_fingerprint.needs_autoescape = True
+
# vim: set ts=4 sw=4 et:
diff --git a/public/views.py b/public/views.py
index c28fd303..95b590fc 100644
--- a/public/views.py
+++ b/public/views.py
@@ -1,17 +1,17 @@
-from main.models import Arch, Repo, Donor
-from mirrors.models import MirrorUrl
-from news.models import News
-from . import utils
-
from django.conf import settings
from django.contrib.auth.models import User
from django.http import Http404
from django.views.generic import list_detail
from django.views.generic.simple import direct_to_template
+from devel.models import MasterKey
+from main.models import Arch, Repo, Donor
+from mirrors.models import MirrorUrl
+from news.models import News
+from utils import get_recent_updates
def index(request):
- pkgs = utils.get_recent_updates()
+ pkgs = get_recent_updates()
context = {
'news_updates': News.objects.order_by('-postdate', '-id')[:15],
'pkg_updates': pkgs,
@@ -77,4 +77,10 @@ def feeds(request):
}
return direct_to_template(request, 'public/feeds.html', context)
+def keys(request):
+ context = {
+ 'keys': MasterKey.objects.select_related('owner', 'revoker').all(),
+ }
+ return direct_to_template(request, 'public/keys.html', context)
+
# vim: set ts=4 sw=4 et:
diff --git a/templates/public/keys.html b/templates/public/keys.html
new file mode 100644
index 00000000..2e7fcebe
--- /dev/null
+++ b/templates/public/keys.html
@@ -0,0 +1,57 @@
+{% extends "base.html" %}
+{% load pgp %}
+
+{% block title %}Arch Linux - Master Signing Keys{% endblock %}
+
+{% block content %}
+<div id="signing-keys" class="box">
+ <h2>Master Signing Keys</h2>
+
+ <p>This page lists the Arch Linux Master Keys. This is a distributed set of
+ keys that are seen as "official" signing keys of the distribution. Each key
+ is held by a different developer, and a revocation certificate for the key
+ is held by a different developer. Thus, no one developer has absolute hold
+ on any sort of absolute, root trust.</p>
+ <p>The {{ keys|length }} key{{ keys|pluralize }} listed below should be
+ regarded as the current set of master keys. They are available on public
+ keyservers and should be signed by the owner of the key.</p>
+ <p>All official Arch Linux developers and trusted users should have their
+ key signed by at least three of these master keys. This is in accordance
+ with the PGP <em>web of trust</em> concept. If a user is willing to
+ marginally trust all of the master keys, three signatures from different
+ master keys will consider a given developer's key as valid. For more
+ information on trust, please consult the
+ <a href="http://www.gnupg.org/gph/en/manual.html">GNU Privacy Handbook</a>
+ and <a href="http://www.gnupg.org/gph/en/manual.html#AEN385">Using trust to
+ validate keys</a>.</p>
+
+ <table class="pretty2">
+ <thead>
+ <tr>
+ <th>Master Key</th>
+ <th>Full Fingerprint</th>
+ <th>Owner</th>
+ <th>Owner's Signing Key</th>
+ <th>Revoker</th>
+ <th>Revoker's Signing Key</th>
+ </tr>
+ </thead>
+ <tbody>
+ {% for key in keys %}
+ <tr>
+ <td>{% pgp_key_link key.pgp_key %}</td>
+ <td>{{ key.pgp_key|pgp_fingerprint }}</td>
+ {% with key.owner.userprofile as owner_profile %}
+ <td><a href="{{ owner_profile.get_absolute_url }}">{{ key.owner.get_full_name }}</a></td>
+ <td>{% pgp_key_link owner_profile.pgp_key %}</td>
+ {% endwith %}
+ {% with key.revoker.userprofile as revoker_profile %}
+ <td><a href="{{ revoker_profile.get_absolute_url }}">{{ key.revoker.get_full_name }}</a></td>
+ <td>{% pgp_key_link revoker_profile.pgp_key %}</td>
+ {% endwith %}
+ </tr>
+ {% endfor %}
+ </tbody>
+ </table>
+</div>
+{% endblock %}
diff --git a/urls.py b/urls.py
index 1d06f0f2..b01d2ee3 100644
--- a/urls.py
+++ b/urls.py
@@ -67,6 +67,7 @@ urlpatterns += patterns('public.views',
(r'^fellows/$', 'userlist', { 'user_type':'fellows' }, 'page-fellows'),
(r'^donate/$', 'donate', {}, 'page-donate'),
(r'^download/$', 'download', {}, 'page-download'),
+ (r'^master-keys/$', 'keys', {}, 'page-keys'),
)
# Includes and other remaining stuff