|
Packit Service |
30b792 |
#!/usr/bin/env python3
|
|
Packit Service |
30b792 |
# -*- coding: utf-8 -*-
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
from __future__ import absolute_import, division, unicode_literals
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
import gpg
|
|
Packit Service |
30b792 |
import os.path
|
|
Packit Service |
30b792 |
import subprocess
|
|
Packit Service |
30b792 |
import sys
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
from groups import group_lists
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
|
|
Packit Service |
30b792 |
#
|
|
Packit Service |
30b792 |
# This program is free software; you can redistribute it and/or modify it under
|
|
Packit Service |
30b792 |
# the terms of the GNU General Public License as published by the Free Software
|
|
Packit Service |
30b792 |
# Foundation; either version 2 of the License, or (at your option) any later
|
|
Packit Service |
30b792 |
# version.
|
|
Packit Service |
30b792 |
#
|
|
Packit Service |
30b792 |
# This program is free software; you can redistribute it and/or modify it under
|
|
Packit Service |
30b792 |
# the terms of the GNU Lesser General Public License as published by the Free
|
|
Packit Service |
30b792 |
# Software Foundation; either version 2.1 of the License, or (at your option)
|
|
Packit Service |
30b792 |
# any later version.
|
|
Packit Service |
30b792 |
#
|
|
Packit Service |
30b792 |
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit Service |
30b792 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
Packit Service |
30b792 |
# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU
|
|
Packit Service |
30b792 |
# Lesser General Public License for more details.
|
|
Packit Service |
30b792 |
#
|
|
Packit Service |
30b792 |
# You should have received a copy of the GNU General Public License and the GNU
|
|
Packit Service |
30b792 |
# Lesser General Public along with this program; if not, see
|
|
Packit Service |
30b792 |
# <https://www.gnu.org/licenses/>.
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
print("""
|
|
Packit Service |
30b792 |
This script applies a local signature or certification to every key in a group.
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
|
|
Packit Service |
30b792 |
""")
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
c = gpg.Context(armor=True)
|
|
Packit Service |
30b792 |
mkfpr = None
|
|
Packit Service |
30b792 |
defkey_fpr = None
|
|
Packit Service |
30b792 |
enckey_fpr = None
|
|
Packit Service |
30b792 |
to_certify = []
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if len(sys.argv) >= 4:
|
|
Packit Service |
30b792 |
clique = sys.argv[1]
|
|
Packit Service |
30b792 |
sigkey = sys.argv[2]
|
|
Packit Service |
30b792 |
homedir = sys.argv[3]
|
|
Packit Service |
30b792 |
elif len(sys.argv) == 3:
|
|
Packit Service |
30b792 |
clique = sys.argv[1]
|
|
Packit Service |
30b792 |
sigkey = sys.argv[2]
|
|
Packit Service |
30b792 |
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
Packit Service |
30b792 |
elif len(sys.argv) == 2:
|
|
Packit Service |
30b792 |
clique = sys.argv[1]
|
|
Packit Service |
30b792 |
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
|
|
Packit Service |
30b792 |
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
clique = input("Enter the group matching the key(s) to locally sign: ")
|
|
Packit Service |
30b792 |
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
|
|
Packit Service |
30b792 |
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if len(homedir) == 0:
|
|
Packit Service |
30b792 |
homedir = None
|
|
Packit Service |
30b792 |
elif homedir.startswith("~"):
|
|
Packit Service |
30b792 |
userdir = os.path.expanduser(homedir)
|
|
Packit Service |
30b792 |
if os.path.exists(userdir) is True:
|
|
Packit Service |
30b792 |
homedir = os.path.realpath(userdir)
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
homedir = None
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
homedir = os.path.realpath(homedir)
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if homedir is not None and os.path.exists(homedir) is False:
|
|
Packit Service |
30b792 |
homedir = None
|
|
Packit Service |
30b792 |
elif homedir is not None and os.path.exists(homedir) is True:
|
|
Packit Service |
30b792 |
if os.path.isdir(homedir) is False:
|
|
Packit Service |
30b792 |
homedir = None
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if homedir is not None:
|
|
Packit Service |
30b792 |
c.home_dir = homedir
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if len(sigkey) == 0:
|
|
Packit Service |
30b792 |
sigkey = None
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if sys.platform == "win32":
|
|
Packit Service |
30b792 |
gpgconfcmd = "gpgconf.exe --list-options gpg"
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
gpgconfcmd = "gpgconf --list-options gpg"
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
try:
|
|
Packit Service |
30b792 |
lines = subprocess.getoutput(gpgconfcmd).splitlines()
|
|
Packit Service |
30b792 |
except:
|
|
Packit Service |
30b792 |
process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
|
|
Packit Service |
30b792 |
procom = process.communicate()
|
|
Packit Service |
30b792 |
if sys.version_info[0] == 2:
|
|
Packit Service |
30b792 |
lines = procom[0].splitlines()
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
lines = procom[0].decode().splitlines()
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
for i in range(len(lines)):
|
|
Packit Service |
30b792 |
if lines[i].startswith("default-key") is True:
|
|
Packit Service |
30b792 |
dline = lines[i]
|
|
Packit Service |
30b792 |
elif lines[i].startswith("encrypt-to") is True:
|
|
Packit Service |
30b792 |
eline = lines[i]
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
|
|
Packit Service |
30b792 |
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
try:
|
|
Packit Service |
30b792 |
dkey = c.keylist(pattern=defkey_fpr, secret=True)
|
|
Packit Service |
30b792 |
dk = list(dkey)
|
|
Packit Service |
30b792 |
except Exception as de:
|
|
Packit Service |
30b792 |
print(de)
|
|
Packit Service |
30b792 |
dk = None
|
|
Packit Service |
30b792 |
print("No valid default key.")
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
try:
|
|
Packit Service |
30b792 |
ekey = c.keylist(pattern=defkey_fpr, secret=True)
|
|
Packit Service |
30b792 |
ek = list(ekey)
|
|
Packit Service |
30b792 |
except Exception as ee:
|
|
Packit Service |
30b792 |
print(ee)
|
|
Packit Service |
30b792 |
ek = None
|
|
Packit Service |
30b792 |
print("No valid always encrypt to key.")
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if sigkey is not None:
|
|
Packit Service |
30b792 |
mykey = c.keylist(pattern=sigkey, secret=True)
|
|
Packit Service |
30b792 |
mk = list(mykey)
|
|
Packit Service |
30b792 |
mkfpr = mk[0].fpr.upper()
|
|
Packit Service |
30b792 |
c.signers = mk
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
if dk is None and ek is not None:
|
|
Packit Service |
30b792 |
c.signers = ek
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
for group in group_lists:
|
|
Packit Service |
30b792 |
if group[0] == clique:
|
|
Packit Service |
30b792 |
for logrus in group[1]:
|
|
Packit Service |
30b792 |
khole = c.keylist(pattern=logrus)
|
|
Packit Service |
30b792 |
k = list(khole)
|
|
Packit Service |
30b792 |
to_certify.append(k[0].fpr.upper())
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if mkfpr is not None:
|
|
Packit Service |
30b792 |
if to_certify.count(mkfpr) > 0:
|
|
Packit Service |
30b792 |
for n in range(to_certify.count(mkfpr)):
|
|
Packit Service |
30b792 |
to_certify.remove(mkfpr)
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if defkey_fpr is not None:
|
|
Packit Service |
30b792 |
if to_certify.count(defkey_fpr) > 0:
|
|
Packit Service |
30b792 |
for n in range(to_certify.count(defkey_fpr)):
|
|
Packit Service |
30b792 |
to_certify.remove(defkey_fpr)
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
if enckey_fpr is not None:
|
|
Packit Service |
30b792 |
if to_certify.count(enckey_fpr) > 0:
|
|
Packit Service |
30b792 |
for n in range(to_certify.count(enckey_fpr)):
|
|
Packit Service |
30b792 |
to_certify.remove(enckey_fpr)
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
else:
|
|
Packit Service |
30b792 |
pass
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
for fpr in to_certify:
|
|
Packit Service |
30b792 |
key = c.get_key(fpr)
|
|
Packit Service |
30b792 |
c.key_sign(key, uids=None, expires_in=False, local=True)
|