summaryrefslogtreecommitdiff
path: root/devel/management/commands/generate_keyring.py
diff options
context:
space:
mode:
Diffstat (limited to 'devel/management/commands/generate_keyring.py')
-rw-r--r--devel/management/commands/generate_keyring.py33
1 files changed, 30 insertions, 3 deletions
diff --git a/devel/management/commands/generate_keyring.py b/devel/management/commands/generate_keyring.py
index 35ab8874..062c738b 100644
--- a/devel/management/commands/generate_keyring.py
+++ b/devel/management/commands/generate_keyring.py
@@ -13,6 +13,7 @@ import logging
import subprocess
import sys
+from devel.models import MasterKey
from main.models import UserProfile
logging.basicConfig(
@@ -23,7 +24,7 @@ logging.basicConfig(
logger = logging.getLogger()
class Command(BaseCommand):
- args = "<keyserver> <keyring_path>"
+ args = "<keyserver> <keyring_path> [ownertrust_path]"
help = "Assemble a GPG keyring with all known developer keys."
def handle(self, *args, **options):
@@ -35,10 +36,14 @@ class Command(BaseCommand):
elif v == 2:
logger.level = logging.DEBUG
- if len(args) != 2:
+ if len(args) < 2:
raise CommandError("keyserver and keyring_path must be provided")
- return generate_keyring(args[0], args[1])
+ generate_keyring(args[0], args[1])
+
+ if len(args) > 2:
+ generate_ownertrust(args[2])
+
def generate_keyring(keyserver, keyring):
logger.info("getting all known key IDs")
@@ -48,12 +53,34 @@ def generate_keyring(keyserver, keyring):
pgp_key__isnull=False).extra(where=["pgp_key != ''"]).values_list(
"pgp_key", flat=True)
logger.info("%d keys fetched from user profiles", len(key_ids))
+ master_key_ids = MasterKey.objects.values_list("pgp_key", flat=True)
+ logger.info("%d keys fetched from master keys", len(master_key_ids))
gpg_cmd = ["gpg", "--no-default-keyring", "--keyring", keyring,
"--keyserver", keyserver, "--recv-keys"]
logger.info("running command: %r", gpg_cmd)
gpg_cmd.extend(key_ids)
+ gpg_cmd.extend(master_key_ids)
subprocess.check_call(gpg_cmd)
logger.info("keyring at %s successfully updated", keyring)
+
+TRUST_LEVELS = {
+ 'unknown': 0,
+ 'expired': 1,
+ 'undefined': 2,
+ 'never': 3,
+ 'marginal': 4,
+ 'fully': 5,
+ 'ultimate': 6,
+}
+
+
+def generate_ownertrust(trust_path):
+ master_key_ids = MasterKey.objects.values_list("pgp_key", flat=True)
+ with open(trust_path, "w") as trustfile:
+ for key_id in master_key_ids:
+ trustfile.write("%s:%d:\n" % (key_id, TRUST_LEVELS['marginal']))
+ logger.info("trust file at %s created or overwritten", trust_path)
+
# vim: set ts=4 sw=4 et:
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 10:45:40 +0000