From 2d5777b11d229d115a31a6c82236570002c2dd57 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Fri, 21 Oct 2011 18:49:00 -0500 Subject: Add a generate_keyring command This grabs all the PGP keys from the developer profiles and adds them to the keyrings. Obviously we may want to do more in the future such as filter by groups, active status, etc. but this is just a first iteration. Signed-off-by: Dan McGee --- devel/management/commands/generate_keyring.py | 59 +++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 devel/management/commands/generate_keyring.py (limited to 'devel/management/commands/generate_keyring.py') diff --git a/devel/management/commands/generate_keyring.py b/devel/management/commands/generate_keyring.py new file mode 100644 index 00000000..b95d5a8e --- /dev/null +++ b/devel/management/commands/generate_keyring.py @@ -0,0 +1,59 @@ +# -*- coding: utf-8 -*- +""" +generate_keyring command + +Assemble a GPG keyring with all known developer keys. + +Usage: ./manage.py generate_keyring +""" + +from django.core.management.base import BaseCommand, CommandError +from django.db.models import Q + +import logging +import subprocess +import sys + +from main.models import UserProfile + +logging.basicConfig( + level=logging.INFO, + format='%(asctime)s -> %(levelname)s: %(message)s', + datefmt='%Y-%m-%d %H:%M:%S', + stream=sys.stderr) +logger = logging.getLogger() + +class Command(BaseCommand): + args = " " + help = "Assemble a GPG keyring with all known developer keys." + + def handle(self, *args, **options): + v = int(options.get('verbosity', None)) + if v == 0: + logger.level = logging.ERROR + elif v == 1: + logger.level = logging.INFO + elif v == 2: + logger.level = logging.DEBUG + + if len(args) != 2: + raise CommandError("keyserver and keyring_path must be provided") + + return generate_keyring(args[0], args[1]) + +def generate_keyring(keyserver, keyring): + logger.info("getting all known key IDs") + + exclude = Q(pgp_key__isnull=True) & Q(pgp_key__exact="") + key_ids = UserProfile.objects.exclude( + exclude).values_list("pgp_key", flat=True) + logger.info("%d keys fetched from user profiles", len(key_ids)) + + gpg_cmd = ["gpg", "--no-default-keyring", "--keyring", keyring, + "--keyserver", keyserver, "--recv-keys"] + logger.info("running command: %r", gpg_cmd) + gpg_cmd.extend(key_ids) + subprocess.check_call(gpg_cmd) + logger.info("keyring at %s successfully updated", keyring) + +# vim: set ts=4 sw=4 et: -- cgit v1.2.3-2-g168b From ade2c08899abf77f6d836432c9988ad3f9652a95 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Tue, 1 Nov 2011 16:47:37 -0500 Subject: Really ensure we don't catch any NULL or blank values Fuck you too, Django. Signed-off-by: Dan McGee --- devel/management/commands/generate_keyring.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'devel/management/commands/generate_keyring.py') diff --git a/devel/management/commands/generate_keyring.py b/devel/management/commands/generate_keyring.py index b95d5a8e..35ab8874 100644 --- a/devel/management/commands/generate_keyring.py +++ b/devel/management/commands/generate_keyring.py @@ -8,7 +8,6 @@ Usage: ./manage.py generate_keyring """ from django.core.management.base import BaseCommand, CommandError -from django.db.models import Q import logging import subprocess @@ -44,9 +43,10 @@ class Command(BaseCommand): def generate_keyring(keyserver, keyring): logger.info("getting all known key IDs") - exclude = Q(pgp_key__isnull=True) & Q(pgp_key__exact="") - key_ids = UserProfile.objects.exclude( - exclude).values_list("pgp_key", flat=True) + # Screw you Django, for not letting one natively do value != + key_ids = UserProfile.objects.filter(user__is_active=True, + pgp_key__isnull=False).extra(where=["pgp_key != ''"]).values_list( + "pgp_key", flat=True) logger.info("%d keys fetched from user profiles", len(key_ids)) gpg_cmd = ["gpg", "--no-default-keyring", "--keyring", keyring, -- cgit v1.2.3-2-g168b From 4590196d79273c49172e2da74e7a7b31e59d7a27 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 30 Nov 2011 14:07:35 -0600 Subject: Integrate master key into rest of site Signed-off-by: Dan McGee --- devel/management/commands/generate_keyring.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'devel/management/commands/generate_keyring.py') diff --git a/devel/management/commands/generate_keyring.py b/devel/management/commands/generate_keyring.py index 35ab8874..a3a764b4 100644 --- a/devel/management/commands/generate_keyring.py +++ b/devel/management/commands/generate_keyring.py @@ -13,6 +13,7 @@ import logging import subprocess import sys +from devel.models import MasterKey from main.models import UserProfile logging.basicConfig( @@ -48,11 +49,14 @@ def generate_keyring(keyserver, keyring): pgp_key__isnull=False).extra(where=["pgp_key != ''"]).values_list( "pgp_key", flat=True) logger.info("%d keys fetched from user profiles", len(key_ids)) + master_key_ids = MasterKey.objects.values_list("pgp_key", flat=True) + logger.info("%d keys fetched from master keys", len(master_key_ids)) gpg_cmd = ["gpg", "--no-default-keyring", "--keyring", keyring, "--keyserver", keyserver, "--recv-keys"] logger.info("running command: %r", gpg_cmd) gpg_cmd.extend(key_ids) + gpg_cmd.extend(master_key_ids) subprocess.check_call(gpg_cmd) logger.info("keyring at %s successfully updated", keyring) -- cgit v1.2.3-2-g168b From 7c84bea7dabdfbc307d373620b00214777d91a97 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 30 Nov 2011 14:25:51 -0600 Subject: Allow generation of an ownertrust file Signed-off-by: Dan McGee --- devel/management/commands/generate_keyring.py | 29 ++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'devel/management/commands/generate_keyring.py') diff --git a/devel/management/commands/generate_keyring.py b/devel/management/commands/generate_keyring.py index a3a764b4..062c738b 100644 --- a/devel/management/commands/generate_keyring.py +++ b/devel/management/commands/generate_keyring.py @@ -24,7 +24,7 @@ logging.basicConfig( logger = logging.getLogger() class Command(BaseCommand): - args = " " + args = " [ownertrust_path]" help = "Assemble a GPG keyring with all known developer keys." def handle(self, *args, **options): @@ -36,10 +36,14 @@ class Command(BaseCommand): elif v == 2: logger.level = logging.DEBUG - if len(args) != 2: + if len(args) < 2: raise CommandError("keyserver and keyring_path must be provided") - return generate_keyring(args[0], args[1]) + generate_keyring(args[0], args[1]) + + if len(args) > 2: + generate_ownertrust(args[2]) + def generate_keyring(keyserver, keyring): logger.info("getting all known key IDs") @@ -60,4 +64,23 @@ def generate_keyring(keyserver, keyring): subprocess.check_call(gpg_cmd) logger.info("keyring at %s successfully updated", keyring) + +TRUST_LEVELS = { + 'unknown': 0, + 'expired': 1, + 'undefined': 2, + 'never': 3, + 'marginal': 4, + 'fully': 5, + 'ultimate': 6, +} + + +def generate_ownertrust(trust_path): + master_key_ids = MasterKey.objects.values_list("pgp_key", flat=True) + with open(trust_path, "w") as trustfile: + for key_id in master_key_ids: + trustfile.write("%s:%d:\n" % (key_id, TRUST_LEVELS['marginal'])) + logger.info("trust file at %s created or overwritten", trust_path) + # vim: set ts=4 sw=4 et: -- cgit v1.2.3-2-g168b