gkeys: Update fetchseed, verify actions to work with the new category system

author: Brian Dolbec <dolsen@gentoo.org> 2014-12-25 20:57:35 -0800
committer: Brian Dolbec <dolsen@gentoo.org> 2014-12-25 20:57:35 -0800
commit: 275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5 (patch)
tree: e4a7abd062a1cd9fe85e0156a9e916bd1a794d60
parent: gkeys/base.py: Fix >=py3.3 argparse regression handling subparsers (diff)
download: gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.tar.gz
gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.tar.bz2
gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.zip
5 files changed, 66 insertions, 21 deletions
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index 3c79243..d9a42c0 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -20,6 +20,11 @@ gkeysdir: /var/lib/gentoo/gkeys
 keyring: %(gkeysdir)s/keyrings
 
 
+# The default keyring to use
+# for verification if not specified
+verify-keyring: gentoo
+
+
 # Base directory to use as the path prefix to use
 # for the signing capable keyrings, keyring settings
 # eg: '/' for root if absolute paths are used for homedir, keyring
@@ -48,8 +53,12 @@ files: 0o002
 
 [seeds]
 
-# *-seedfile: json txt file of name, keyid, fingerprint
-# entry per line
+# file is a json text file of: nick, name, keydir, fingerprint
+# one file per line
+# category = category or seedfile name
+# these categories/seedfile nmaes are used for the
+# -C, --category input value validations
+# eg: category: filepath
 gentoo: %(seedsdir)s/gentoo.seeds
 gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
 
@@ -62,6 +71,15 @@ gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
 gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
 
 
+[verify-seeds]
+
+# mapping of the seedfile category name
+# to the category-name and gpg-key keydir to use to verify the seedfile
+# seedfile-name: category keydir
+gentoo: gentoo gkeys
+gentoo-devs: gentoo gkeys
+
+
 [sign]
 
 # GKEY nick used for verification of seeds and other gkey files
diff --git a/gkeys/etc/gkeys.conf.sample b/gkeys/etc/gkeys.conf.sample
index 3c79243..d9a42c0 100644
--- a/gkeys/etc/gkeys.conf.sample
+++ b/gkeys/etc/gkeys.conf.sample
@@ -20,6 +20,11 @@ gkeysdir: /var/lib/gentoo/gkeys
 keyring: %(gkeysdir)s/keyrings
 
 
+# The default keyring to use
+# for verification if not specified
+verify-keyring: gentoo
+
+
 # Base directory to use as the path prefix to use
 # for the signing capable keyrings, keyring settings
 # eg: '/' for root if absolute paths are used for homedir, keyring
@@ -48,8 +53,12 @@ files: 0o002
 
 [seeds]
 
-# *-seedfile: json txt file of name, keyid, fingerprint
-# entry per line
+# file is a json text file of: nick, name, keydir, fingerprint
+# one file per line
+# category = category or seedfile name
+# these categories/seedfile nmaes are used for the
+# -C, --category input value validations
+# eg: category: filepath
 gentoo: %(seedsdir)s/gentoo.seeds
 gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
 
@@ -62,6 +71,15 @@ gentoo: https://api.gentoo.org/gentoo-keys/seeds/gentoo.seeds
 gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
 
 
+[verify-seeds]
+
+# mapping of the seedfile category name
+# to the category-name and gpg-key keydir to use to verify the seedfile
+# seedfile-name: category keydir
+gentoo: gentoo gkeys
+gentoo-devs: gentoo gkeys
+
+
 [sign]
 
 # GKEY nick used for verification of seeds and other gkey files
diff --git a/gkeys/gkeys/actions.py b/gkeys/gkeys/actions.py
index de8446d..dddd48a 100644
--- a/gkeys/gkeys/actions.py
+++ b/gkeys/gkeys/actions.py
@@ -34,7 +34,7 @@ Action_Options = {
     'addseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
     'removeseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
     'moveseed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'dest'],
-    'fetchseed': ['nick', 'name', 'keydir', 'fingerprint', 'category'],
+    'fetchseed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
     'listseedfiles': [],
     'listkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'gpgsearch', 'keyid'],
     'installkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', '1file'],
@@ -42,7 +42,7 @@ Action_Options = {
     'movekey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'dest'],
     'installed': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
     'importkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring'],
-    'verify': ['dest', 'nick', 'name', 'keydir', 'fingerprint', 'category', '1file', 'signature', 'keyring', 'timestamp'],
+    'verify': ['dest', 'nick', 'name', 'keydir', 'fingerprint', 'category', '1file', 'signature', 'timestamp'],
     'checkkey': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'keyid'],
     'sign': ['nick', 'name', 'keydir', 'fingerprint', 'file', 'keyring'],
     'speccheck': ['nick', 'name', 'keydir', 'fingerprint', 'category', 'keyring', 'keyid'],
@@ -80,6 +80,10 @@ class Actions(object):
     def fetchseed(self, args):
         '''Download the selected seed file(s)'''
         self.logger.debug("ACTIONS: fetchseed; args: %s" % str(args))
+        if not args.keyring:
+            verify_info = self.config.get_key('verify-seeds', args.category).split()
+            args.keyring = verify_info[0]
+            args.nick = verify_info[1]
         handler = SeedHandler(self.logger, self.config)
         success, messages = handler.fetch_seeds(args.category, args, self.verify)
 
@@ -606,13 +610,15 @@ class Actions(object):
         if not args.filename:
             return (False, ['Please provide a signed file.'])
         if not args.category:
-            args.category = 'gentoo'
-        (success, data) = self.installed(args)
-        keys = data[1]
+            args.category = self.config.get_key('verify_keyring')
+            self.logger.debug("ACTIONS: verify; keyring category not specified, using default: %s"
+                % args.category)
+        handler = SeedHandler(self.logger, self.config)
+        keys = handler.load_category(args.category)
         if not keys:
             return (False, ['No installed keys found, try installkey action.'])
-        keyring = self.config.get_key('keyring')
-        catdir = os.path.join(keyring, args.category)
+        keyrings = self.config.get_key('keyring')
+        catdir = os.path.join(keyrings, args.category)
         self.logger.debug("ACTIONS: verify; catdir = %s" % catdir)
         self.gpg = GkeysGPG(self.config, catdir)
         filepath, signature  = args.filename, args.signature
@@ -672,11 +678,11 @@ class Actions(object):
             messages = []
             self.logger.info("Verifying file...")
             verified = False
-            # get correct key to use
-            use_gkey = self.config.get_key('seedurls', 'gkey')
-            for key in keys:
-                if key.nick == use_gkey:
-                    break
+            key = keys.nick_search(args.nick)
+            if not key:
+                messages.append("Failed to find nick: %s in %s category"
+                    % (args.nick, args.category))
+                return (False, messages)
             results = self.gpg.verify_file(key, sig_path, filepath)
             keyid = key.keyid[0]
             (valid, trust) = results.verified
diff --git a/gkeys/gkeys/config.py b/gkeys/gkeys/config.py
index 7e31909..6eba2b3 100644
--- a/gkeys/gkeys/config.py
+++ b/gkeys/gkeys/config.py
@@ -90,6 +90,8 @@ class GKeysConfig(GPGConfig):
             'keyring': None,
             'type': 'clearsign',
         }
+        self.defaults['verify-keyring'] = ''
+        self.defaults['verify-seeds'] = {}
 
 
     def read_config(self):
diff --git a/gkeys/gkeys/seedhandler.py b/gkeys/gkeys/seedhandler.py
index 0e66b69..bb233f9 100644
--- a/gkeys/gkeys/seedhandler.py
+++ b/gkeys/gkeys/seedhandler.py
@@ -130,18 +130,19 @@ class SeedHandler(object):
                 seedurl = self.config.get_key('seedurls', seed)
                 seedpath = self.config.get_key('seeds', seed)
                 if http_check.match(seedurl):
-                    urls.extend([(seedurl, seedpath)])
+                    urls.extend([(seed, seedurl, seedpath)])
                 else:
-                    self.logger.info("Wrong seed file URLs... Switching to default URLs.")
-                    urls.extend([(self.config['seedurls'][seed], seedpath)])
+                    self.logger.info("Wrong seed file URLs... Skipping: %s" % seed)
         except KeyError:
             pass
         succeeded = []
         seedsdir = self.config.get_key('seedsdir')
         mode = int(self.config.get_key('permissions', 'directories'),0)
         ensure_dirs(seedsdir, mode=mode)
-        for (url, filepath) in urls:
-            args.category = 'rel'
+        for (seed, url, filepath) in urls:
+            verify_info = self.config.get_key('verify-seeds', seed).split()
+            args.category = verify_info[0]
+            args.nick = verify_info[1]
             args.filename = url
             args.signature = None
             args.timestamp = True
author	Brian Dolbec <dolsen@gentoo.org>	2014-12-25 20:57:35 -0800
committer	Brian Dolbec <dolsen@gentoo.org>	2014-12-25 20:57:35 -0800
commit	275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5 (patch)
tree	e4a7abd062a1cd9fe85e0156a9e916bd1a794d60
parent	gkeys/base.py: Fix >=py3.3 argparse regression handling subparsers (diff)
download	gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.tar.gz gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.tar.bz2 gentoo-keys-275d9ae9a8265df5c3b9d1d1a76902267aa4a9d5.zip