# OpenPGP Web Key Directory implementation # https://www.ietf.org/id/draft-koch-openpgp-webkey-service-06.txt require 'base32' require 'digest' module Gentoo class WKDGenerator < Jekyll::Generator DEV_KEYRING = '_data/active-devs.gpg' SERVICE_KEYRING = '_data/service-keys.gpg' WKD_DIR = '.well-known/openpgpkey/' def generate(site) return if site.data['userinfo'].nil? # WKD uses z-Base32; replace the alphabet since the standard # Base32 module supports that and the zBase32 modules are hard to get Base32.table = 'ybndrfg8ejkmcpqxot1uwisza345h769' [['current', DEV_KEYRING], ['system', SERVICE_KEYRING]].each do |group, keyring| site.data['userinfo'][group].each do |nick, details| begin fps = details['gpgfp'].map { |fp| fp.gsub(/\s+/, '') } if not fps.empty? IO.popen(['gpg', '--no-default-keyring', '--keyring', keyring, '--export', *fps], mode='rb') { |p| keydata = p.read if not keydata.empty? site.pages << WKDFile.new(site, nick, keydata) end } end rescue # fail them silently end end end # policy file is required site.pages << WKDPolicyFile.new(site) end end class WKDFile < Jekyll::Page def initialize(site, nick, keydata) @site = site @base = @site.source @dir = WKDGenerator::WKD_DIR + 'hu/' @name = Base32.encode(Digest::SHA1.digest(nick.downcase)) process(@name) read_yaml(File.join(@base, '_layouts'), "passthrough.html") @content = keydata end def render_with_liquid? return false end end class WKDPolicyFile < Jekyll::Page def initialize(site) @site = site @base = @site.source @dir = WKDGenerator::WKD_DIR @name = 'policy' process(@name) read_yaml(File.join(@base, '_layouts'), "passthrough.html") @content = '' end end end