From 6b8ef446bcd6a1cbc794d0846968e806034d3aad Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 30 Nov 2011 13:55:36 -0600 Subject: Add master key overview page And a bunch of text that may suck, but is better than nothing. Signed-off-by: Dan McGee --- main/models.py | 12 ++++++++++ main/templatetags/pgp.py | 13 +++++++++++ public/views.py | 18 ++++++++++----- templates/public/keys.html | 57 ++++++++++++++++++++++++++++++++++++++++++++++ urls.py | 1 + 5 files changed, 95 insertions(+), 6 deletions(-) create mode 100644 templates/public/keys.html diff --git a/main/models.py b/main/models.py index 990cc8ca..9156fb51 100644 --- a/main/models.py +++ b/main/models.py @@ -53,6 +53,18 @@ class UserProfile(models.Model): verbose_name = 'Additional Profile Data' verbose_name_plural = 'Additional Profile Data' + def get_absolute_url(self): + # TODO: this is disgusting. find a way to consolidate this logic with + # public.views.userlist among other places, and make some constants or + # something so we aren't using copies of string names everywhere. + group_names = self.user.groups.values_list('name', flat=True) + if "Developers" in group_names: + prefix = "developers" + elif "Trusted Users" in group_names: + prefix = "trustedusers" + else: + prefix = "fellows" + return '/%s/#%s' % (prefix, self.user.username) class TodolistManager(models.Manager): def incomplete(self): diff --git a/main/templatetags/pgp.py b/main/templatetags/pgp.py index 67f5e08d..d69e2918 100644 --- a/main/templatetags/pgp.py +++ b/main/templatetags/pgp.py @@ -1,5 +1,7 @@ from django import template from django.conf import settings +from django.utils.html import conditional_escape +from django.utils.safestring import mark_safe register = template.Library() @@ -26,4 +28,15 @@ def pgp_key_link(key_id): values = (url, format_key(key_id), key_id[-8:]) return '0x%s' % values +@register.filter +def pgp_fingerprint(key_id, autoescape=True): + if not key_id: + return u'' + if autoescape: + esc = conditional_escape + else: + esc = lambda x: x + return mark_safe(format_key(esc(key_id))) +pgp_fingerprint.needs_autoescape = True + # vim: set ts=4 sw=4 et: diff --git a/public/views.py b/public/views.py index c28fd303..95b590fc 100644 --- a/public/views.py +++ b/public/views.py @@ -1,17 +1,17 @@ -from main.models import Arch, Repo, Donor -from mirrors.models import MirrorUrl -from news.models import News -from . import utils - from django.conf import settings from django.contrib.auth.models import User from django.http import Http404 from django.views.generic import list_detail from django.views.generic.simple import direct_to_template +from devel.models import MasterKey +from main.models import Arch, Repo, Donor +from mirrors.models import MirrorUrl +from news.models import News +from utils import get_recent_updates def index(request): - pkgs = utils.get_recent_updates() + pkgs = get_recent_updates() context = { 'news_updates': News.objects.order_by('-postdate', '-id')[:15], 'pkg_updates': pkgs, @@ -77,4 +77,10 @@ def feeds(request): } return direct_to_template(request, 'public/feeds.html', context) +def keys(request): + context = { + 'keys': MasterKey.objects.select_related('owner', 'revoker').all(), + } + return direct_to_template(request, 'public/keys.html', context) + # vim: set ts=4 sw=4 et: diff --git a/templates/public/keys.html b/templates/public/keys.html new file mode 100644 index 00000000..2e7fcebe --- /dev/null +++ b/templates/public/keys.html @@ -0,0 +1,57 @@ +{% extends "base.html" %} +{% load pgp %} + +{% block title %}Arch Linux - Master Signing Keys{% endblock %} + +{% block content %} +
+

Master Signing Keys

+ +

This page lists the Arch Linux Master Keys. This is a distributed set of + keys that are seen as "official" signing keys of the distribution. Each key + is held by a different developer, and a revocation certificate for the key + is held by a different developer. Thus, no one developer has absolute hold + on any sort of absolute, root trust.

+

The {{ keys|length }} key{{ keys|pluralize }} listed below should be + regarded as the current set of master keys. They are available on public + keyservers and should be signed by the owner of the key.

+

All official Arch Linux developers and trusted users should have their + key signed by at least three of these master keys. This is in accordance + with the PGP web of trust concept. If a user is willing to + marginally trust all of the master keys, three signatures from different + master keys will consider a given developer's key as valid. For more + information on trust, please consult the + GNU Privacy Handbook + and Using trust to + validate keys.

+ + + + + + + + + + + + + + {% for key in keys %} + + + + {% with key.owner.userprofile as owner_profile %} + + + {% endwith %} + {% with key.revoker.userprofile as revoker_profile %} + + + {% endwith %} + + {% endfor %} + +
Master KeyFull FingerprintOwnerOwner's Signing KeyRevokerRevoker's Signing Key
{% pgp_key_link key.pgp_key %}{{ key.pgp_key|pgp_fingerprint }}{{ key.owner.get_full_name }}{% pgp_key_link owner_profile.pgp_key %}{{ key.revoker.get_full_name }}{% pgp_key_link revoker_profile.pgp_key %}
+
+{% endblock %} diff --git a/urls.py b/urls.py index 1d06f0f2..b01d2ee3 100644 --- a/urls.py +++ b/urls.py @@ -67,6 +67,7 @@ urlpatterns += patterns('public.views', (r'^fellows/$', 'userlist', { 'user_type':'fellows' }, 'page-fellows'), (r'^donate/$', 'donate', {}, 'page-donate'), (r'^download/$', 'download', {}, 'page-download'), + (r'^master-keys/$', 'keys', {}, 'page-keys'), ) # Includes and other remaining stuff -- cgit v1.2.3-2-g168b