1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
|
#
#-*- coding:utf-8 -*-
"""
Gentoo-keys - action_map.py
Primary api interface module data
@copyright: 2015 by Brian Dolbec <dol-sen@gentoo.org>
@license: GNU GPL2, see COPYING for details.
"""
from collections import OrderedDict
Seed_Actions = ['----seeds----', 'add-seed', 'fetch-seed',
'list-seed', 'list-seedfiles', 'remove-seed']
Key_Actions = ['----keys-----', 'check-key', 'installed',
'install-key', 'list-key', 'refresh-key',
'search-key', 'spec-check']
General_Actions = ['---general---', 'list-cats', 'sign','verify']
Available_Actions = General_Actions + Key_Actions + Seed_Actions
Action_Map = OrderedDict([
('---general---', {
'func': 'GENERAL_COMMANDS',
'options': [],
'desc': '''-----< general actions >------''',
'long_desc': '''''',
'example': '''''',
}),
('list-cats', {
'func': 'listcats',
'options': [],
'desc': '''List seed file definitions (category names) found in the config''',
'long_desc': '''List seed file definitions (category names) found in the config.
These category names are used throughout the seed and key action operations.''',
'example': '''$ gkeys list-cats
Gkey task results:
Categories defined: gentoo-devs, gentoo, sign
''',
}),
('sign', {
'func': 'sign',
'options': ['nick', 'name', 'fingerprint', 'file', ],
'desc': '''Sign a file''',
'long_desc': '''Sign a file or files with the designated gpg key.
The default sign settings can be set in gpg.conf. These settings can be
overridden on the command line using the 'nick', 'name', 'fingerprint' options''',
'example': '''''',
}),
('verify', {
'func': 'verify',
'options': ['category', 'nick', 'name', 'fingerprint', 'keydir', 'keys',
'1file', 'signature', 'timestamp', 'dest', 'uid'],
'desc': '''File automatic download and/or verification action.''',
'long_desc': '''File automatic download and/or verification action.
Note: If the specified key/keyring to verify against does not contain
the key used to sign the file. It will Auto-search for the correct key
in the installed keys db. And verify against the matching key.
It will report the success/failure along with the key information used for
the verification''',
'example': '''$ gkeys verify -F /home/brian/gpg-test/seeds/gentoo-devs.seeds
Gkey task results:
Using config defaults..: gentoo gkeys
Verification succeeded.: /home/brian/gpg-test/seeds/gentoo-devs.seeds
Key info...............: Gentoo-Linux Gentoo-keys Project Signing Key <gkeys>, 0xA41DBBD9151C3FC7
category, nick.....: gentoo gkeys
''',
}),
('----keys-----', {
'func': 'KEY_COMMANDS',
'options': [],
'desc': '''-------< key actions >--------''',
'long_desc': '',
'example': '',
}),
('check-key', {
'func': 'checkkey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keyid', 'keys',
'keydir', 'keyring'],
'desc': '''Check key validity''',
'long_desc': '''Check keys actions
Performs basic validity checks on the key(s), checks expiry,
and presence of a signing sub-key''',
'example': '''$ gkeys check-key -C gentoo -n gkey
Checking keys...
gkeys, Gentoo-Linux Gentoo-keys Project Signing Key: 0xA41DBBD9151C3FC7, 0x825533CBF6CD6C97
==============================================
Gkey task results:
Found:
-------
Expired: 0
Revoked: 0
Invalid: 0
No signing capable subkeys: 0
''',
}),
('import-key', {
'func': 'importkey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', 'keyring'],
'desc': '''Add a specified key to a specified keyring''',
'long_desc': '''Add a specified key to a specified keyring''',
'example': '''''',
}),
('install-key', {
'func': 'installkey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', 'keyring', '1file'],
'desc': '''Install a key from the seed(s)''',
'long_desc': '''Install a key from the seed(s). The key will be
installed to the pre-configured seed's keydir value within the category's directory.''',
'example': '''''',
}),
('installed', {
'func': 'installed',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', 'keyring'],
'desc': '''Lists the installed key directories''',
'long_desc': '''Lists the installed key directories''',
'example': '''$ gkeys installed -C gentoo
Gkey task results:
Found Key(s):
----------
Name.........: Gentoo Tree Snapshot (Automated) Signing Key
Nick.........: snapshot
Keydir.......: release
UID..........: Gentoo Portage Snapshot Signing Key (Automated Signing Key)
Keyid........: 0xEC590EEAC9189250
Fingerprint: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
Keyid........: 0xDB6B8C1F96D8BF6D
Fingerprint: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
----------
Name.........: Gentoo-Linux Gentoo-keys Project Signing Key
Nick.........: gkeys
Keydir.......: release
<snip> ...
''',
}),
('list-key', {
'func': 'listkey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keyid', 'keys',
'keydir', 'keyring', 'gpgsearch'],
'desc': '''Pretty-print the selected gpg key''',
'long_desc': '''Pretty-print the selected gpg key''',
'example': '''gkeys list-key -C gentoo -n gkeys
Nick.....: gkeys
Name.....: Gentoo-Linux Gentoo-keys Project Signing Key
Keydir...: release
Gpg info.: pub 4096R/825533CBF6CD6C97 2014-10-03 [expires: 2017-09-17]
Key fingerprint = D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ unknown] Gentoo-keys Team <gkeys@gentoo.org>
sub 4096R/A41DBBD9151C3FC7 2014-10-03 [expires: 2017-09-17]
Key fingerprint = C287 1675 69B3 C1F9 E9CE D677 A41D BBD9 151C 3FC7
Gkey task results:
Done.''',
}),
('move-key', {
'func': 'movekey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', 'keyring', 'dest'],
'desc': '''Rename an installed keydir''',
'long_desc': '''Rename an installed keydir''',
'example': '''''',
}),
('refresh-key', {
'func': 'refreshkey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keyid', 'keys',
'keydir', 'keyring'],
'desc': '''Calls gpg with the --refresh-keys option
for in place updates of the installed keys''',
'long_desc': '''Calls gpg with the --refresh-keys option
for in place updates of the installed keys. To refresh all installed keys
in the category, specify the category only.''',
'example': '''$ gkeys refresh-key -C gentoo -n gkey
Refreshig keys...
Gentoo-Linux Gentoo-keys Project Signing Key: 0xA41DBBD9151C3FC7, 0x825533CBF6CD6C97
Gkey task results:
Completed
''',
}),
('remove-key', {
'func': 'removekey',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', 'keyring'],
'desc': '''Remove (uninstall) an installed key''',
'long_desc': '''Remove (uninstall) an installed key or keys''',
'example': '''$ gkeys remove-key -C gentoo-devs -n dolsen
Found GKEY seed:
----------
Name.........: Brian Dolbec
Nick.........: dolsen
Keydir.......: dolsen
UID..........: Brian Dolbec (Gentoo Developer) <dolsen@gentoo.org>
UID..........: Brian Dolbec (Yes it's really me. Although which one of me is another question.) <brian.dolbec@gmail.com>
UID..........: Brian Dolbec <brian.dolbec@gmail.com>
UID..........: Brian Dolbec <dolsen@gentoo.org>
Keyid........: 0x65E309F2189DB0B8
Fingerprint: 76B63D6CCEC2FD160B0F5AC165E309F2189DB0B8
Keyid........: 0xFBBD087275820ED8
Fingerprint: A5D7C74E081CC70DB4A4AAF5FBBD087275820ED8
Keyid........: 0xD80F5F1E1245142E
Fingerprint: 262A829DFEAF9092A42C1C3ED80F5F1E1245142E
Keyid........: 0x018682231B926E4F
Fingerprint: 69FDA24269C8B5A7E9E231E9018682231B926E4F
Keyid........: 0xD245831F292B1FFB
Fingerprint: 93799ADE2C956B6553A23D8FD245831F292B1FFB
Keyid........: 0x2214D90A014F17CB
Fingerprint: 8688FD1CC71C1C04EAEA42372214D90A014F17CB
Do you really want to remove dolsen?[y/n]: y
Gkey task results:
Done removing dolsen key.
''',
}),
('search-key', {
'func': 'key_search',
'options': ['category', 'nick', '1name', 'fingerprint', 'keyid', 'uid',
'keys', 'keydir', 'exact', 'all'],
'desc': '''Search for a key's seed in the installed keys db''',
'long_desc': '''Search for a key's seed in the installed keys db''',
'example': '''$ gkeys search-key -n gkeys
Gkey task results:
Category.....: gentoo
----------
Name.........: Gentoo-Linux Gentoo-keys Project Signing Key
Nick.........: gkeys
Keydir.......: release
UID..........: Gentoo-keys Team <gkeys@gentoo.org>
Keyid........: 0xA41DBBD9151C3FC7
Fingerprint: C287167569B3C1F9E9CED677A41DBBD9151C3FC7
Keyid........: 0x825533CBF6CD6C97
Fingerprint: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97
Category.....: sign
----------
Name.........: Gentoo-keys Team
Nick.........: gkeys
Keydir.......: gkeys
UID..........: Gentoo-keys Team <gkeys@gentoo.org>
Keyid........: 0x825533CBF6CD6C97
Fingerprint: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97
Keyid........: 0xA41DBBD9151C3FC7
Fingerprint: C287167569B3C1F9E9CED677A41DBBD9151C3FC7
''',
}),
('spec-check', {
'func': 'speccheck',
'options': ['category', 'nick', 'name', 'fingerprint', 'keyid', 'keys',
'keydir', 'keyring'],
'desc': '''Check if keys meet specifications requirements''',
'long_desc': '''Check if keys meet specifications requirements''',
'example': '''$ gkeys spec-check -C gentoo -n gkeys
Checking keys...
gkeys, Gentoo-Linux Gentoo-keys Project Signing Key: 0x825533CBF6CD6C97
==============================================
----------
Fingerprint......: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97
Key type ........: PUB Capabilities.: cSC
Algorithm........: Pass Bit Length...: Pass
Create Date......: Pass Expire Date..: Pass
Key Version......: Pass Validity.....: -, Unknown
Days till expiry.: 987
Capability.......: Pass
Qualified ID.....: Pass
This primary key.: Pass
----------
Fingerprint......: C287167569B3C1F9E9CED677A41DBBD9151C3FC7
Key type ........: SUB Capabilities.: s sign
Algorithm........: Pass Bit Length...: Pass
Create Date......: Pass Expire Date..: Pass
Key Version......: Pass Validity.....: -, Unknown
Days till expiry.: 987
Capability.......: Pass
Qualified ID.....: Pass
This subkey......: Pass
Key summary
primary..........: Pass signing subkey: Pass
encryption subkey: No authentication subkey: No
SPEC requirements: Pass
No Encryption capable subkey (Notice only):
Gentoo-Linux Gentoo-keys Project Signing Key <gkeys>: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97
SPEC Approved:
Gentoo-Linux Gentoo-keys Project Signing Key <gkeys>: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97
Gkey task results:
Found Failures:
-------
Revoked................: 0
Invalid................: 0
No Signing subkey......: 0
No Encryption subkey...: 1
Algorithm..............: 0
Bit length.............: 0
Expiry.................: 0
Expiry Warnings........: 0
SPEC requirements......: 0
=============================
SPEC Approved..........: 1
''',
}),
('----seeds----', {
'func': 'SEED_COMMANDS',
'options': [],
'desc': '''------< seed actions >-------''',
'long_desc': '',
'example': '',
}),
('add-seed', {
'func': 'addseed',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys', 'keydir',
'uid'],
'desc': '''Add or replace a key in the selected seed file''',
'long_desc': '''Add or replace a key in the selected seed file''',
'example': '''$ gkeys add-seed -C mykeys -n foo -N "Foo Bar" -r foobar -K C287167569B3C1F9E9CED677A41DBBD9151C3FC7
Gkey task results:
Successfully added new seed.
''',
}),
('fetch-seed', {
'func': 'fetchseed',
'options': ['category', 'nick', '1file', 'dest', 'signature',
'timestamp'],
'desc': '''Download the selected seed file(s)''',
'long_desc': '''Download the selected seed file(s)''',
'example': '''$ gkeys fetch-seed -C gentoo-devs
Gkey task results:
Verification succeeded.: /home/brian/gpg-test/seeds/gentoo-devs.seeds
Key info...............: Gentoo-Linux Gentoo-keys Project Signing Key <gkeys>, 0xA41DBBD9151C3FC7
category, nick.....: gentoo gkeys
Fetch operation completed
''',
}),
('list-seed', {
'func': 'listseed',
'options': ['category', 'nick', 'name', 'fingerprint', 'keys',
'keydir', '1file'],
'desc': '''Pretty-print the selected seed file''',
'long_desc': '''Pretty-print the selected seed file''',
'example': '''$ gkeys list-seed -C gentoo -n gkeys
Gkey task results:
----------
Name.........: Gentoo-Linux Gentoo-keys Project Signing Key
Nick.........: gkeys
Keydir.......: release
UID..........: Gentoo-keys Team <gkeys@gentoo.org>
Keyid........: 0xA41DBBD9151C3FC7
Fingerprint: C287167569B3C1F9E9CED677A41DBBD9151C3FC7
Keyid........: 0x825533CBF6CD6C97
Fingerprint: D2DE1DBBA0F43EBA341B97D8825533CBF6CD6C97''',
}),
('list-seedfiles', {
'func': 'listseedfiles',
'options': [],
'desc': '''List seed files found in the configured seed directory''',
'long_desc': '''List seed files found in the configured seed directory''',
'example': '''$ gkeys list-seedfiles
Gkey task results:
Seed files found at path: /home/brian/gpg-test/seeds
gentoo-devs.seeds
gentoo.seeds
''',
}),
('move-seed', {
'func': 'moveseed',
'options': ['category', 'nick', 'name', 'keydir', 'keys',
'fingerprint', 'dest'],
'desc': '''Move keys between seed files''',
'long_desc': '''Move keys between seed files''',
'example': '''''',
}),
('remove-seed', {
'func': 'removeseed',
'options': ['category', 'nick', 'name', 'keys', 'fingerprint', 'keydir'],
'desc': '''Remove a seed from the selected seed file''',
'long_desc': '''Remove a seed from the selected seed file''',
'example': '''$ gkeys remove-seed -C mykeys -n foo
Gkey task results:
Successfully removed seed: True
----------
Name.........: Foo Bar
Nick.........: foo
Keydir.......: foobar
Keyid........: 0xA41DBBD9151C3FC7
Fingerprint: C287167569B3C1F9E9CED677A41DBBD9151C3FC7
''',
}),
])
|