source-git / gpgme

Clone
Source Code
GIT

Blame lang/python/examples/howto/local-sign-group.py

c8 c8s master
  1.   30b792887db4655d916439b9b06ad287367ed52c
  2.   lang
  3.   python
  4.   examples
  5.   howto
  6.   local-sign-group.py
Blob History Raw
Packit Service 30b792 
#!/usr/bin/env python3
Packit Service 30b792 
# -*- coding: utf-8 -*-
Packit Service 30b792
Packit Service 30b792 
from __future__ import absolute_import, division, unicode_literals
Packit Service 30b792
Packit Service 30b792 
import gpg
Packit Service 30b792 
import os.path
Packit Service 30b792 
import subprocess
Packit Service 30b792 
import sys
Packit Service 30b792
Packit Service 30b792 
from groups import group_lists
Packit Service 30b792
Packit Service 30b792 
# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
Packit Service 30b792 
#
Packit Service 30b792 
# This program is free software; you can redistribute it and/or modify it under
Packit Service 30b792 
# the terms of the GNU General Public License as published by the Free Software
Packit Service 30b792 
# Foundation; either version 2 of the License, or (at your option) any later
Packit Service 30b792 
# version.
Packit Service 30b792 
#
Packit Service 30b792 
# This program is free software; you can redistribute it and/or modify it under
Packit Service 30b792 
# the terms of the GNU Lesser General Public License as published by the Free
Packit Service 30b792 
# Software Foundation; either version 2.1 of the License, or (at your option)
Packit Service 30b792 
# any later version.
Packit Service 30b792 
#
Packit Service 30b792 
# This program is distributed in the hope that it will be useful, but WITHOUT
Packit Service 30b792 
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
Packit Service 30b792 
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License and the GNU
Packit Service 30b792 
# Lesser General Public License for more details.
Packit Service 30b792 
#
Packit Service 30b792 
# You should have received a copy of the GNU General Public License and the GNU
Packit Service 30b792 
# Lesser General Public along with this program; if not, see
Packit Service 30b792 
# <https://www.gnu.org/licenses/>.
Packit Service 30b792
Packit Service 30b792 
print("""
Packit Service 30b792 
This script applies a local signature or certification to every key in a group.
Packit Service 30b792
Packit Service 30b792 
Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
Packit Service 30b792 
""")
Packit Service 30b792
Packit Service 30b792 
c = gpg.Context(armor=True)
Packit Service 30b792 
mkfpr = None
Packit Service 30b792 
defkey_fpr = None
Packit Service 30b792 
enckey_fpr = None
Packit Service 30b792 
to_certify = []
Packit Service 30b792
Packit Service 30b792 
if len(sys.argv) >= 4:
Packit Service 30b792 
    clique = sys.argv[1]
Packit Service 30b792 
    sigkey = sys.argv[2]
Packit Service 30b792 
    homedir = sys.argv[3]
Packit Service 30b792 
elif len(sys.argv) == 3:
Packit Service 30b792 
    clique = sys.argv[1]
Packit Service 30b792 
    sigkey = sys.argv[2]
Packit Service 30b792 
    homedir = input("Enter the GPG configuration directory path (optional): ")
Packit Service 30b792 
elif len(sys.argv) == 2:
Packit Service 30b792 
    clique = sys.argv[1]
Packit Service 30b792 
    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
Packit Service 30b792 
    homedir = input("Enter the GPG configuration directory path (optional): ")
Packit Service 30b792 
else:
Packit Service 30b792 
    clique = input("Enter the group matching the key(s) to locally sign: ")
Packit Service 30b792 
    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
Packit Service 30b792 
    homedir = input("Enter the GPG configuration directory path (optional): ")
Packit Service 30b792
Packit Service 30b792 
if len(homedir) == 0:
Packit Service 30b792 
    homedir = None
Packit Service 30b792 
elif homedir.startswith("~"):
Packit Service 30b792 
    userdir = os.path.expanduser(homedir)
Packit Service 30b792 
    if os.path.exists(userdir) is True:
Packit Service 30b792 
        homedir = os.path.realpath(userdir)
Packit Service 30b792 
    else:
Packit Service 30b792 
        homedir = None
Packit Service 30b792 
else:
Packit Service 30b792 
    homedir = os.path.realpath(homedir)
Packit Service 30b792
Packit Service 30b792 
if homedir is not None and os.path.exists(homedir) is False:
Packit Service 30b792 
    homedir = None
Packit Service 30b792 
elif homedir is not None and os.path.exists(homedir) is True:
Packit Service 30b792 
    if os.path.isdir(homedir) is False:
Packit Service 30b792 
        homedir = None
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792
Packit Service 30b792 
if homedir is not None:
Packit Service 30b792 
    c.home_dir = homedir
Packit Service 30b792 
else:
Packit Service 30b792 
    pass
Packit Service 30b792
Packit Service 30b792 
if len(sigkey) == 0:
Packit Service 30b792 
    sigkey = None
Packit Service 30b792 
else:
Packit Service 30b792 
    pass
Packit Service 30b792
Packit Service 30b792 
if sys.platform == "win32":
Packit Service 30b792 
    gpgconfcmd = "gpgconf.exe --list-options gpg"
Packit Service 30b792 
else:
Packit Service 30b792 
    gpgconfcmd = "gpgconf --list-options gpg"
Packit Service 30b792
Packit Service 30b792 
try:
Packit Service 30b792 
    lines = subprocess.getoutput(gpgconfcmd).splitlines()
Packit Service 30b792 
except:
Packit Service 30b792 
    process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
Packit Service 30b792 
    procom = process.communicate()
Packit Service 30b792 
    if sys.version_info[0] == 2:
Packit Service 30b792 
        lines = procom[0].splitlines()
Packit Service 30b792 
    else:
Packit Service 30b792 
        lines = procom[0].decode().splitlines()
Packit Service 30b792
Packit Service 30b792 
for i in range(len(lines)):
Packit Service 30b792 
    if lines[i].startswith("default-key") is True:
Packit Service 30b792 
        dline = lines[i]
Packit Service 30b792 
    elif lines[i].startswith("encrypt-to") is True:
Packit Service 30b792 
        eline = lines[i]
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792
Packit Service 30b792 
defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
Packit Service 30b792 
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
Packit Service 30b792
Packit Service 30b792 
try:
Packit Service 30b792 
    dkey = c.keylist(pattern=defkey_fpr, secret=True)
Packit Service 30b792 
    dk = list(dkey)
Packit Service 30b792 
except Exception as de:
Packit Service 30b792 
    print(de)
Packit Service 30b792 
    dk = None
Packit Service 30b792 
    print("No valid default key.")
Packit Service 30b792
Packit Service 30b792 
try:
Packit Service 30b792 
    ekey = c.keylist(pattern=defkey_fpr, secret=True)
Packit Service 30b792 
    ek = list(ekey)
Packit Service 30b792 
except Exception as ee:
Packit Service 30b792 
    print(ee)
Packit Service 30b792 
    ek = None
Packit Service 30b792 
    print("No valid always encrypt to key.")
Packit Service 30b792
Packit Service 30b792 
if sigkey is not None:
Packit Service 30b792 
    mykey = c.keylist(pattern=sigkey, secret=True)
Packit Service 30b792 
    mk = list(mykey)
Packit Service 30b792 
    mkfpr = mk[0].fpr.upper()
Packit Service 30b792 
    c.signers = mk
Packit Service 30b792 
else:
Packit Service 30b792 
    if dk is None and ek is not None:
Packit Service 30b792 
        c.signers = ek
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792
Packit Service 30b792 
for group in group_lists:
Packit Service 30b792 
    if group[0] == clique:
Packit Service 30b792 
        for logrus in group[1]:
Packit Service 30b792 
            khole = c.keylist(pattern=logrus)
Packit Service 30b792 
            k = list(khole)
Packit Service 30b792 
            to_certify.append(k[0].fpr.upper())
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792
Packit Service 30b792 
if mkfpr is not None:
Packit Service 30b792 
    if to_certify.count(mkfpr) > 0:
Packit Service 30b792 
        for n in range(to_certify.count(mkfpr)):
Packit Service 30b792 
            to_certify.remove(mkfpr)
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792 
else:
Packit Service 30b792 
    pass
Packit Service 30b792
Packit Service 30b792 
if defkey_fpr is not None:
Packit Service 30b792 
    if to_certify.count(defkey_fpr) > 0:
Packit Service 30b792 
        for n in range(to_certify.count(defkey_fpr)):
Packit Service 30b792 
            to_certify.remove(defkey_fpr)
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792 
else:
Packit Service 30b792 
    pass
Packit Service 30b792
Packit Service 30b792 
if enckey_fpr is not None:
Packit Service 30b792 
    if to_certify.count(enckey_fpr) > 0:
Packit Service 30b792 
        for n in range(to_certify.count(enckey_fpr)):
Packit Service 30b792 
            to_certify.remove(enckey_fpr)
Packit Service 30b792 
    else:
Packit Service 30b792 
        pass
Packit Service 30b792 
else:
Packit Service 30b792 
    pass
Packit Service 30b792
Packit Service 30b792 
for fpr in to_certify:
Packit Service 30b792 
    key = c.get_key(fpr)
Packit Service 30b792 
    c.key_sign(key, uids=None, expires_in=False, local=True)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation