pgpius-commit Mailing List for PGP Individual UID Signer
Brought to you by:
jaymzh
Menu
▾
▴
pgpius-commit — Commit messages
You can subscribe to this list here.
| 2009 |
Jan
|
Feb
(12) |
Mar
(4) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2010 |
Jan
|
Feb
(5) |
Mar
(8) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(10) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(3) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Phil D. <ja...@us...> - 2013-03-09 10:22:07
|
Update of /cvsroot/pgpius/pius In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv29818 Modified Files: pius Log Message: - change default port to submission - change TLS to default to on Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.43 retrieving revision 1.44 diff -u -d -r1.43 -r1.44 --- pius 8 Mar 2013 21:09:27 -0000 1.43 +++ pius 9 Mar 2013 10:22:05 -0000 1.44 @@ -48,7 +48,7 @@ DEFAULT_TMP_DIR = '/tmp/pius_tmp' DEFAULT_OUT_DIR = '/tmp/pius_out' DEFAULT_MAIL_HOST = 'localhost' -DEFAULT_MAIL_PORT = 25 +DEFAULT_MAIL_PORT = 587 # Note the line with the email address on it below is intentionally # shorter than the rest to give it space to grow and still be < 80. @@ -1193,7 +1193,8 @@ keyring=DEFAULT_KEYRING, sort_keyring=True, mail_host=DEFAULT_MAIL_HOST, - mail_port=DEFAULT_MAIL_PORT) + mail_port=DEFAULT_MAIL_PORT, + mail_tls=True) parser.add_option('-a', '--use-agent', action='store_const', const=MODE_AGENT, dest='mode', help='Use pgp-agent instead of letting gpg prompt the' @@ -1261,8 +1262,9 @@ parser.add_option('-s', '--signer', dest='signer', nargs=1, type='keyid', help='The keyid to sign with (required).') - parser.add_option('-S', '--mail-tls', action='store_true', dest='mail_tls', - help='Use STARTTLS when talking to the SMTP server.') + parser.add_option('-S', '--no-mail-tls', action='store_false', + dest='mail_tls', + help='Do not use STARTTLS when talking to the SMTP server.') parser.add_option('-t', '--tmp-dir', dest='tmp_dir', nargs=1, type='not_another_opt', help='Directory to put temporary stuff in. [default:' @@ -1319,7 +1321,7 @@ check_email(parser, '-m', ans) options.mail = ans print - + signer = uids_signer(options.signer, options.mode, options.keyring, options.gpg_path, options.tmp_dir, options.out_dir, options.encrypt_outfiles, options.mail, options.verbose, |
|
From: Phil D. <ja...@us...> - 2013-03-08 21:09:29
|
Update of /cvsroot/pgpius/pius In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv20892 Modified Files: pius Log Message: skip expried uids Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.42 retrieving revision 1.43 diff -u -d -r1.42 -r1.43 --- pius 31 Jan 2012 07:45:20 -0000 1.42 +++ pius 8 Mar 2013 21:09:27 -0000 1.43 @@ -770,6 +770,9 @@ if uids[index]['status'] == 'r': print ' Skipping revoked uid %s' % index continue + elif uids[index]['status'] == 'e': + print ' Skipping expired uid %s' % index + continue sys.stdout.write(' UID %s (%s): ' % (index, uids[index]['id'])) # Make sure we have a clean keyring, and then import the key we care |
|
From: Phil D. <ja...@us...> - 2012-01-31 07:45:23
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-3.sog:/tmp/cvs-serv14029
Modified Files:
pius
Log Message:
This is a patch from <do...@do...> with minor adjustments from <ph...@ip...>
Doug pointed out that his version of gpg2 won't auto-create a keyring that doesn't exist and shortly there after someone with 1.4.10 reported the same issue. I cannot reproduce this on either 1.4.11 or 2.0.18, but touching the file will increase compatibility.
Doug's patch added the line of the code, all I did was rename the function to be more clear about it's new functionality and add a comment.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- pius 13 Apr 2011 18:58:04 -0000 1.41
+++ pius 31 Jan 2012 07:45:20 -0000 1.42
@@ -473,10 +473,13 @@
return uids
- def nuke_working_keyring(self):
+ def clean_working_keyring(self):
'''Delete our temporariy working keyring.'''
if os.path.exists(self.tmp_keyring):
os.unlink(self.tmp_keyring)
+ # Some versions of gpg won't create the keyring automatically
+ # thought most seem to... anyway, we touch the file just in case
+ open(self.tmp_keyring, 'w').close()
def encrypt_signed_uid(self, key, filename):
'''Encrypt the file we exported the signed UID to.'''
@@ -630,7 +633,7 @@
def sign_uid(self, key, index, level):
'''Sign a single UID of a key.
-
+
This can use either cached passpharse or gpg-agent.'''
agent = ''
if self.mode == MODE_AGENT:
@@ -771,7 +774,7 @@
# Make sure we have a clean keyring, and then import the key we care
# about
- self.nuke_working_keyring()
+ self.clean_working_keyring()
self.import_clean_key(key)
# Sign the key...
|
|
From: Phil D. <ja...@us...> - 2012-01-26 07:54:00
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-3.sog:/tmp/cvs-serv4063
Modified Files:
pius-keyring-mgr
Log Message:
pius-keyring-mgr
- prune should print keys in sorted order
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius-keyring-mgr
===================================================================
RCS file: /cvsroot/pgpius/pius/pius-keyring-mgr,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- pius-keyring-mgr 19 Jan 2012 06:15:45 -0000 1.2
+++ pius-keyring-mgr 26 Jan 2012 07:53:57 -0000 1.3
@@ -356,24 +356,43 @@
def _backup_keyring(self):
return shutil.copy(self.keyring, '%s-pius-backup' % self.keyring)
- def prune(self):
- self._backup_keyring()
- extra_opts = '%s %s' % (self.QUIET_OPTS, self.AUTO_OPTS)
- cmd = '%s %s --fingerprint' % (self.basecmd, extra_opts)
+ # stolen from pius
+ def get_all_keyids(self):
+ '''Given a keyring, get all the KeyIDs from it.'''
+ debug('extracting all keyids from keyring')
+ extra_opts = '%s %s --fixed-list-mode' % (self.QUIET_OPTS, self.AUTO_OPTS)
+ cmd = '%s %s --fingerprint 2>&1' % (self.basecmd, extra_opts)
debug(cmd)
- gpg = subprocess.Popen(cmd, shell=True, stdin=None, close_fds=True,
- stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ gpg = os.popen(cmd, 'r')
+ # We use 'pub' instead of 'fpr' to support old crufty keys too...
+ pub_re = re.compile('^pub:')
+ uid_re = re.compile('^uid:')
+ key_tuples = []
+ name = keyid = None
+ for line in gpg.readlines():
+ if pub_re.match(line):
+ lineparts = line.split(':')
+ keyid = lineparts[4][8:16]
+ elif keyid and uid_re.match(line):
+ lineparts = line.split(':')
+ name = lineparts[9]
+ debug('Got id %s for %s' % (keyid, name))
+ key_tuples.append((name, keyid))
+ name = keyid = None
+ gpg.close()
- fps = []
- for line in gpg.stdout:
- if line.startswith('fpr'):
- parts = line.split(':')
- fps.append(parts[9])
- gpg.wait()
+ # sort the list
+ keyids = [ i[1] for i in sorted(key_tuples) ]
+ return keyids
+
+ def prune(self):
+ self._backup_keyring()
+ keyids = self.get_all_keyids()
+ extra_opts = '%s %s' % (self.QUIET_OPTS, self.AUTO_OPTS)
basecmd = '%s --fingerprint' % self.basecmd
- basedelcmd = '%s %s --delete-key' % (self.basecmd, extra_opts)
- for fp in fps:
+ basedelcmd = '%s %s --yes --delete-key' % (self.basecmd, extra_opts)
+ for fp in keyids:
cmd = '%s %s' % (basecmd, fp)
gpg = os.popen(cmd, 'r')
for line in gpg:
@@ -384,7 +403,7 @@
if ans in ('q', 'Q'):
print 'Dying at user request'
sys.exit(1)
- if ans == 'yes':
+ if ans in ('yes', 'y'):
print "Deleting key ..."
cmd = '%s %s' % (basedelcmd, fp)
debug(cmd)
|
|
From: Phil D. <ja...@us...> - 2012-01-19 06:15:48
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-3.sog:/tmp/cvs-serv17922
Modified Files:
pius-keyring-mgr
Log Message:
- fix typo in outgoing email
- fix leading spaces
- add ability to ignore certain emails/fps
- remove unused variable
- check for a key on the keyring before fetching it from the server
- ignore old-style keys now that keyservers don't support them anymore
- fix missing interpolated variable in debug message
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius-keyring-mgr
===================================================================
RCS file: /cvsroot/pgpius/pius/pius-keyring-mgr,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- pius-keyring-mgr 13 Mar 2011 02:22:59 -0000 1.1
+++ pius-keyring-mgr 19 Jan 2012 06:15:45 -0000 1.2
@@ -23,8 +23,9 @@
DEBUG_ON = False
BADKEYS_RE = re.compile('00000000|12345678|no pgp key')
+LIST_SEP_RE = re.compile('\s*,\s*')
DEFAULT_KEYSERVERS = ['pool.sks-keyservers.net', 'pgp.mit.edu', 'keys.gnupg.net']
-VERSION = '2.0.9'
+VERSION = '2.0.9+CVS'
HOME = os.environ.get('HOME')
GNUPGHOME = os.environ.get('GNUPGHOME', os.path.join(HOME, '.gnupg'))
@@ -44,14 +45,14 @@
keyservers:
%(keyservers)s
-Please upload your key to one of the the aforemention keyservers. You can do
+Please upload your key to one of the aforementioned keyservers. You can do
this simply with:
gpg --keyserver %(keyserver)s --send-key KEYID
-
+
Where 'KEYID' is the keyid of your PGP key. For more information see this site:
http://www.phildev.net/pgp/
-
+
Your key will be searched for again in 24-48 hours and if your key is not there,
you will receive another email.
@@ -81,18 +82,30 @@
'''Given a fingerprint without whitespace, returns keyid.'''
return fp[32:40]
-def parse_csv(filename, sep, name_field, email_field, fp_field):
+def parse_csv(filename, sep, name_field, email_field, fp_field, ignore_emails,
+ ignore_fps):
'''Parse a CSV for name, email, fingerprint, and generate keyid.'''
fp_field = fp_field - 1
name_field = name_field - 1
email_field = email_field - 1
+
+ ignore_email_list = LIST_SEP_RE.split(ignore_emails)
+ ignore_fp_list = LIST_SEP_RE.split(ignore_fps)
report = open(filename, 'r')
keys = []
for line in report:
+ line = line.strip()
+ # skip empty lines
+ if not line:
+ continue
parts = line.split(sep)
if BADKEYS_RE.search(parts[fp_field]):
continue
fp = parts[fp_field].replace(' ', '')
+ if (parts[fp_field] in ignore_fp_list
+ or parts[email_field] in ignore_email_list):
+ debug('Ignoring "%s" at user request' % line);
+ continue
keyid = keyid_from_fp(fp)
keys.append({'name': parts[name_field],
'email': parts[email_field],
@@ -102,7 +115,7 @@
def parse_mbox(filename):
'''Parse an mbox for name, email, fingerprints and keys.
-
+
Note that in the even of a fingerprint, keyid is generated, otherwise
just the ASCII-armored key is stored.'''
box = mailbox.mbox(filename)
@@ -204,7 +217,6 @@
parts = line.strip().split(' ')
if parts[1] == 'IMPORTED':
print 'Importing %s (%s)' % (parts[2][8:16], ' '.join(parts[3:]))
- takekey = False
gpg.wait()
retval = gpg.returncode
@@ -247,7 +259,7 @@
else:
body = DEFAULT_EMAIL_TEXT % interp
return hdrs + '\n\n' + body
-
+
def _send_email(self, override_email, keyinfo):
body = self._get_email_body(keyinfo)
@@ -265,11 +277,25 @@
#
# BEGIN PUBLIC FUNCTIONS
#
- def get_key(self, key):
- '''Try to get key from any keyservers we know about.'''
+ def have_key(self, key):
basecmd = '%s %s --no-default-keyring --keyring %s' % (self.gpg,
self.QUIET_OPTS,
self.keyring)
+ cmd = '%s --fingerprint %s' % (basecmd, key)
+ gpg = subprocess.Popen(cmd, shell=True, stdin=None, close_fds=True,
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ gpg.wait()
+ retval = gpg.returncode
+ if retval == 0:
+ print 'Already have %s' % key
+ return True
+ return False
+
+ def get_key(self, key):
+ '''Try to get key from any keyservers we know about.'''
+ basecmd = ('%s %s --no-default-keyring --keyring %s --keyserver-options'
+ ' timeout=2' % (self.gpg, self.QUIET_OPTS, self.keyring))
+
found = False
for ks in self.keyservers:
cmd = '%s --keyserver %s --recv-key %s' % (basecmd, ks, key)
@@ -284,7 +310,7 @@
break
if not found:
print 'NOT Found %s' % key
-
+
return found
def get_all_keys(self, keys):
@@ -292,10 +318,18 @@
attempted_keyids = []
for key in keys:
if 'keyid' in key:
+ if key['keyid'] == '':
+ print '%s has an old-style key (%s)' % (key['email'],
+ key['fingerprint'])
+ continue
if key['keyid'] in attempted_keyids:
- debug('Skipping %s, already processed')
+ debug('Skipping %s, already processed' % key['keyid'])
continue
attempted_keyids.append(key['keyid'])
+ # So as not to beat up the keyservers, check if we
+ # already have a key
+ if self.have_key(key['keyid']):
+ continue
if self.get_key(key['keyid']):
self.found.append(key)
else:
@@ -416,6 +450,8 @@
fp_field=DEFAULT_CSV_FP_FIELD,
gpg_path=DEFAULT_GPG_PATH,
party='',
+ ignore_emails='',
+ ignore_fps='',
tmp_dir=DEFAULT_TMP_DIR)
common = optparse.OptionGroup(parser, 'Options common to all modes')
@@ -473,7 +509,7 @@
build.add_option('-p', '--party', dest='party', metavar='NAME', nargs=1,
help='The name of the party. This will be printed in the'
' emails sent out. Only useful with -m.')
- build.add_option('-s', '--keyservers', dest='keyservers', metavar='KEYRING',
+ build.add_option('-s', '--keyservers', dest='keyservers', metavar='KEYSERVER',
action='append', help='Keyservers to try. Specify this option'
' once for each server (-s foo -s bar). [default: %s]' %
', '.join(DEFAULT_KEYSERVERS))
@@ -482,6 +518,11 @@
' %default]')
build.add_option('-T', '--print-default-email', dest='print_default_email',
action='store_true', help='Print the default email.')
+ build.add_option('--ignore-emails', dest='ignore_emails',
+ help='Comma-separated list of emails to ignore.')
+ build.add_option('--ignore-fingerprints', dest='ignore_fps',
+ help='Comma-separated list of fingerprints to ignore - no'
+ ' spaces.')
parser.add_option_group(build)
prune_intro = '''
@@ -526,7 +567,9 @@
if options.csv_file:
keys.extend(parse_csv(options.csv_file, options.delimiter,
- options.name_field, options.email_field, options.fp_field))
+ options.name_field, options.email_field,
+ options.fp_field, options.ignore_emails,
+ options.ignore_fps))
if not keys:
print "No keys IDs extract from CSV"
|
|
From: Phil D. <ja...@us...> - 2011-04-13 18:58:06
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv1376
Modified Files:
pius
Log Message:
[regression] 2.0.9 stopped recognizing old-style keys
PIUS once again recognizes old-style keys.
Closes #3286119
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- pius 13 Mar 2011 02:00:16 -0000 1.40
+++ pius 13 Apr 2011 18:58:04 -0000 1.41
@@ -229,14 +229,15 @@
' --fingerprint --fixed-list-mode 2>&1' % (self.gpg, self.keyring))
debug(cmd)
gpg = os.popen(cmd, 'r')
- fpr_re = re.compile('^fpr:')
+ # We use 'pub' instead of 'fpr' to support old crufty keys too...
+ pub_re = re.compile('^pub:')
uid_re = re.compile('^uid:')
key_tuples = []
name = keyid = None
for line in gpg.readlines():
- if fpr_re.match(line):
+ if pub_re.match(line):
lineparts = line.split(':')
- keyid = lineparts[9][32:40]
+ keyid = lineparts[4][8:16]
elif keyid and uid_re.match(line):
lineparts = line.split(':')
name = lineparts[9]
|
|
From: Phil D. <ja...@us...> - 2011-03-13 02:59:11
|
Update of /cvsroot/pgpius/pius In directory vz-cvs-2.sog:/tmp/cvs-serv25836 Modified Files: Changelog Log Message: Fix incorrectly attributed patch in Changelog. Signed-off-by: Phil Dibowitz <ph...@ip...> Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- Changelog 13 Mar 2011 02:32:17 -0000 1.19 +++ Changelog 13 Mar 2011 02:59:09 -0000 1.20 @@ -8,9 +8,10 @@ for party organizers - Added pius-party-worksheet. Previously this was offered on the site, but not as part of this package. Generates party worksheets. -to...@ge... +sz...@us...: - Fix passphrase checking for users who have 'armor' in their gpg configs. Fixes #3073359. +to...@ge... - Fix reading of keyring with GPG >= 2.0.10. Fixes #3073359. - Help and README updates. Fixes #3182019 and #3182028) |
|
From: Phil D. <ja...@us...> - 2011-03-13 02:32:19
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv19493
Modified Files:
Changelog pius.spec
Log Message:
Verseion bump to 2.0.9, Changelog updates.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius.spec
===================================================================
RCS file: /cvsroot/pgpius/pius/pius.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- pius.spec 19 Sep 2010 13:47:51 -0000 1.10
+++ pius.spec 13 Mar 2011 02:32:17 -0000 1.11
@@ -2,7 +2,7 @@
# $Id$
%define name pius
-%define version 2.0.8
+%define version 2.0.9
%define release 1
Name: %{name}
@@ -26,7 +26,7 @@
%setup
%install
-make install PREFIX=$RPM_BUILD_ROOT/usr
+install PREFIX=$RPM_BUILD_ROOT/usr
%clean
rm -rf $RPM_BUILD_ROOT
@@ -34,5 +34,7 @@
%files
%defattr(755, root, bin, 755)
/usr/bin/%{name}
-%doc README COPYING
+/usr/bin/%{name}-keyring-mgr
+/usr/bin/%{name}-party-worksheet
+%doc README README.keyring-mgr COPYING
Index: Changelog
===================================================================
RCS file: /cvsroot/pgpius/pius/Changelog,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- Changelog 19 Sep 2010 13:47:51 -0000 1.18
+++ Changelog 13 Mar 2011 02:32:17 -0000 1.19
@@ -1,3 +1,19 @@
+2.0.9
+Released: 03/12/11
+ph...@ip...
+- Provide better error handling for bad mailserver data from users. Thanks to
+ kc...@kc... for the reports and debugging.
+- Provide option to not sort the keyring. Fixes #3182115.
+- Added pius-keyring-mgr, a new utility for managing keyrings, mostly useful
+ for party organizers
+- Added pius-party-worksheet. Previously this was offered on the site, but not as
+ part of this package. Generates party worksheets.
+to...@ge...
+- Fix passphrase checking for users who have 'armor' in their gpg configs. Fixes
+ #3073359.
+- Fix reading of keyring with GPG >= 2.0.10. Fixes #3073359.
+- Help and README updates. Fixes #3182019 and #3182028)
+
2.0.8
Released: 09/19/10
ph...@ip...
|
|
From: Phil D. <ja...@us...> - 2011-03-13 02:23:33
|
Update of /cvsroot/pgpius/pius In directory vz-cvs-2.sog:/tmp/cvs-serv16145 Added Files: README.keyring-mgr Log Message: README for pius-keyring-mgr Signed-off-by: Phil Dibowitz <ph...@ip...> --- NEW FILE: README.keyring-mgr --- A new addition to the PIUS suite is the pius-keyring-mgr. If you host large PGP Keysigning Parties, manually building the keyring can be a huge pain. This utility can be pointed at an mbox or CSV file and will find keys or fingerprints, attempt to find keys on keyservers, and email users whose keys cannot be found. It is the primary tool I use for managing the SCALE PGP Keysigning party as of 2011. It's not as feature-rich as the PIUS signer, but it's saved me loads of time. Eventually, I'd like to pull some of the similar functionality into a python library. Phil Dibowitz ph...@ip... # vim:shiftwidth=2:tabstop=2:expandtab:textwidth=80:softtabstop=2:ai: |
|
From: Phil D. <ja...@us...> - 2011-03-13 02:23:01
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv15957
Added Files:
pius-keyring-mgr pius-party-worksheet
Log Message:
Add two new utilities!
pius-keyring-mgr
A utility for building and managing party keyrings.
pius-party-worksheet
A utility to generate party worksheets.
Signed-off-by: Phil Dibowitz <ph...@ip...>
--- NEW FILE: pius-keyring-mgr ---
#!/usr/bin/python
'''A utility to create and manage party keyrings.'''
# vim:tw=80:ai:tabstop=2:expandtab:shiftwidth=2
#
# Copyright (c) 2011 - present Phil Dibowitz (ph...@ip...)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2.
#
import email
import mailbox
import optparse
import os
import re
import shutil
import smtplib
import subprocess
import sys
DEBUG_ON = False
BADKEYS_RE = re.compile('00000000|12345678|no pgp key')
DEFAULT_KEYSERVERS = ['pool.sks-keyservers.net', 'pgp.mit.edu', 'keys.gnupg.net']
VERSION = '2.0.9'
HOME = os.environ.get('HOME')
GNUPGHOME = os.environ.get('GNUPGHOME', os.path.join(HOME, '.gnupg'))
DEFAULT_GPG_PATH = '/usr/bin/gpg'
DEFAULT_CSV_DELIMITER=','
DEFAULT_CSV_NAME_FIELD=2
DEFAULT_CSV_EMAIL_FIELD=3
DEFAULT_CSV_FP_FIELD=4
DEFAULT_TMP_DIR='/tmp/pius_keyring_mgr_tmp'
DEFAULT_EMAIL_TEXT = '''Dear %(name)s,
You signed up for the %(party)sPGP Keysigning Party with the following key:
%(fp)s
However, I have not been able to find your key. I have tried the following
keyservers:
%(keyservers)s
Please upload your key to one of the the aforemention keyservers. You can do
this simply with:
gpg --keyserver %(keyserver)s --send-key KEYID
Where 'KEYID' is the keyid of your PGP key. For more information see this site:
http://www.phildev.net/pgp/
Your key will be searched for again in 24-48 hours and if your key is not there,
you will receive another email.
You do not need to contact me if you upload your key. If you have questions you
may email %(from)s.
Generated by PIUS Keyring Manager (http://www.phildev.net/pius/).
'''
def debug(line):
'''Print a debug message if debugging is on.'''
if DEBUG_ON:
print 'DEBUG:', line
def print_default_email():
'''Print the default email that is sent out.'''
interpolation_dict = {'name': '<name>', 'email': '<email>',
'from': '<your_email>',
'party': '<party_name> ',
'keyserver': '<example_keyserver>',
'keyservers': '<keyserver_list>',
'fp': '<fingerprint>'}
print 'DEFAULT EMAIL TEXT:\n'
print DEFAULT_EMAIL_TEXT % interpolation_dict
def keyid_from_fp(fp):
'''Given a fingerprint without whitespace, returns keyid.'''
return fp[32:40]
def parse_csv(filename, sep, name_field, email_field, fp_field):
'''Parse a CSV for name, email, fingerprint, and generate keyid.'''
fp_field = fp_field - 1
name_field = name_field - 1
email_field = email_field - 1
report = open(filename, 'r')
keys = []
for line in report:
parts = line.split(sep)
if BADKEYS_RE.search(parts[fp_field]):
continue
fp = parts[fp_field].replace(' ', '')
keyid = keyid_from_fp(fp)
keys.append({'name': parts[name_field],
'email': parts[email_field],
'keyid': keyid,
'fingerprint': fp})
return keys
def parse_mbox(filename):
'''Parse an mbox for name, email, fingerprints and keys.
Note that in the even of a fingerprint, keyid is generated, otherwise
just the ASCII-armored key is stored.'''
box = mailbox.mbox(filename)
key_re = re.compile(r'(-----BEGIN PGP PUBLIC KEY BLOCK-----\n.*-----END PGP'
' PUBLIC KEY BLOCK-----)', re.DOTALL);
fp_re = re.compile(r'((?:[\dA-Fa-f]{4}[ \t\n]*){10})')
uid_re = re.compile(r'(.*) <(.*)>$')
fixname1_re = re.compile(r'^[\'"]')
fixname2_re = re.compile(r'[\'"]$')
# make sure the re here is the same used for space in fp_re above
fixrp_re = re.compile(r'[ \t\n]+')
keys = []
num_fps = num_keys = 0
for msg in box:
m = email.parser.Parser()
p = m.parsestr(msg.as_string())
uid = p.get('From')
name = None
mail = None
match = uid_re.search(uid)
if match:
name = match.group(1)
mail = match.group(2)
name = fixname1_re.sub('', name)
name = fixname2_re.sub('', name)
for part in msg.walk():
# if decoded returns None, we're in multipart messages, or other
# non-convertable-to-text data, so we can move on. If it's multipart
# then we'll get to the sub-parts on further iterations of walk()
decoded = part.get_payload(None, True)
if not decoded:
debug('Skipping non-decodable part')
continue
data = {'name': name, 'email': mail}
matches = key_re.findall(decoded)
if matches:
for match in matches:
num_keys = num_keys + 1
tmp = data.copy()
tmp['key'] = match
keys.append(tmp)
continue
matches = fp_re.findall(decoded)
if matches:
for match in matches:
num_fps = num_fps + 1
fp = fixrp_re.sub('', match)
keyid = keyid_from_fp(fp)
tmp = data.copy()
tmp.update({'fingerprint': fp, 'keyid': keyid})
keys.append(tmp)
fp = 'wonk'
print ("Found %s keys in mbox: %s fingerprints and %s full keys" %
(len(keys), num_fps, num_keys))
return keys
class KeyringBuilder(object):
'''A class for building and managing keyrings.'''
QUIET_OPTS = '-q --no-tty --no-auto-check-trustdb --batch'
AUTO_OPTS = '--command-fd 0 --status-fd 1 --no-options --with-colons'
def __init__(self, gpg_path, keyring, keyservers, tmp_dir):
self.gpg = gpg_path
self.keyring = keyring
self.found = []
self.notfound = []
self.keyservers = keyservers
self.tmp_dir = tmp_dir
self.basecmd = '%s --no-default-keyring --keyring %s' % (self.gpg,
self.keyring)
#
# BEGIN INTERNAL FUNCTIONS
#
def _tmpfile_path(self, tfile):
'''Internal function to take a filename and put it in self.tmp_dir.'''
return '%s/%s' % (self.tmp_dir, tfile)
def _remove_file(self, tfile):
if os.path.exists(tfile):
os.unlink(tfile)
def _printable_fingerprint(self, fp):
'''Given a whitespace-collapsed FP, print it in friendly format.'''
return ('%s %s %s %s %s %s %s %s %s %s' %
(fp[0:4], fp[4:8], fp[8:12], fp[12:16], fp[16:20], fp[20:24],
fp[24:28], fp[28:32], fp[32:36], fp[36:40]))
def _import_key_file(self, kfile):
'''Given a keyfile, import it into our keyring.'''
extra_opts = '%s %s' % (self.QUIET_OPTS, self.AUTO_OPTS)
cmd = '%s %s --import %s' % (self.basecmd, extra_opts, kfile)
debug(cmd)
gpg = subprocess.Popen(cmd, shell=True, stdin=None, close_fds=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
for line in gpg.stdout:
parts = line.strip().split(' ')
if parts[1] == 'IMPORTED':
print 'Importing %s (%s)' % (parts[2][8:16], ' '.join(parts[3:]))
takekey = False
gpg.wait()
retval = gpg.returncode
if retval != 0:
return False
return True
def _write_and_import_key(self, key):
'''Write out key to a file and call _import_key_file() on it.'''
# FIXME
filename = self._tmpfile_path('pius_keyring_mgr.tmp.txt')
fh = open(filename, 'w')
fh.write(key['key'])
fh.close()
self._import_key_file(filename)
self._remove_file(filename)
def _print_list(self, keylist):
'''Helper function for print_report.'''
for key in keylist:
print (' %s <%s>\n %s' %
(key['name'], key['email'],
self._printable_fingerprint(key['fingerprint'])))
def _get_email_body(self, keyinfo):
kstext = ' ' + '\n '.join(self.keyservers)
interp = {'name': keyinfo['name'],
'email': keyinfo['email'],
'from': self.fromaddr,
'fp': self._printable_fingerprint(keyinfo['fingerprint']),
'party': self.party,
'keyservers': kstext,
'keyserver': self.keyservers[0]}
hdrs = '''To: %(name)s <%(email)s>
From: %(from)s
Subject: %(party)sPGP Keysignign Party: Can't find your key!''' % interp
body = ''
if self.mail_text:
body = open(self.mail_text, 'r').read() % interp
else:
body = DEFAULT_EMAIL_TEXT % interp
return hdrs + '\n\n' + body
def _send_email(self, override_email, keyinfo):
body = self._get_email_body(keyinfo)
efrom = self.fromaddr
eto = [keyinfo['email'], self.fromaddr]
if override_email:
eto = override_email
print "Sending mail to %s" % eto
smtp = smtplib.SMTP('localhost', '587')
smtp.ehlo()
smtp.sendmail(efrom, eto, body)
smtp.quit
#
# BEGIN PUBLIC FUNCTIONS
#
def get_key(self, key):
'''Try to get key from any keyservers we know about.'''
basecmd = '%s %s --no-default-keyring --keyring %s' % (self.gpg,
self.QUIET_OPTS,
self.keyring)
found = False
for ks in self.keyservers:
cmd = '%s --keyserver %s --recv-key %s' % (basecmd, ks, key)
debug(cmd)
gpg = subprocess.Popen(cmd, shell=True, stdin=None, close_fds=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
gpg.wait()
retval = gpg.returncode
if retval == 0:
found = True
print 'Found %s (%s)' % (key, ks)
break
if not found:
print 'NOT Found %s' % key
return found
def get_all_keys(self, keys):
'''Wrapper to call get_key() on all keys.'''
attempted_keyids = []
for key in keys:
if 'keyid' in key:
if key['keyid'] in attempted_keyids:
debug('Skipping %s, already processed')
continue
attempted_keyids.append(key['keyid'])
if self.get_key(key['keyid']):
self.found.append(key)
else:
self.notfound.append(key)
elif 'key' in key:
self._write_and_import_key(key)
def print_report(self):
'''Print small report about what was and was not found.'''
print 'KEYS FOUND:'
self._print_list(self.found)
print 'KEYS NOT FOUND:'
self._print_list(self.notfound)
def send_emails(self, fromaddr, override_email, party, mail_text):
self.mail_text = mail_text
self.fromaddr = fromaddr
self.party = ''
if party:
self.party = '%s ' % party
for k in self.notfound:
self._send_email(override_email, k)
def _backup_keyring(self):
return shutil.copy(self.keyring, '%s-pius-backup' % self.keyring)
def prune(self):
self._backup_keyring()
extra_opts = '%s %s' % (self.QUIET_OPTS, self.AUTO_OPTS)
cmd = '%s %s --fingerprint' % (self.basecmd, extra_opts)
debug(cmd)
gpg = subprocess.Popen(cmd, shell=True, stdin=None, close_fds=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
fps = []
for line in gpg.stdout:
if line.startswith('fpr'):
parts = line.split(':')
fps.append(parts[9])
gpg.wait()
basecmd = '%s --fingerprint' % self.basecmd
basedelcmd = '%s %s --delete-key' % (self.basecmd, extra_opts)
for fp in fps:
cmd = '%s %s' % (basecmd, fp)
gpg = os.popen(cmd, 'r')
for line in gpg:
print line.strip()
gpg.close()
ans = raw_input('Delete this key? (\'yes\' to delete, \'q\' to quit'
' anything to skip) ')
if ans in ('q', 'Q'):
print 'Dying at user request'
sys.exit(1)
if ans == 'yes':
print "Deleting key ..."
cmd = '%s %s' % (basedelcmd, fp)
debug(cmd)
gpg = os.popen(cmd, 'r')
gpg.close()
print
backup = '%s-pius-backup' % self.keyring
print 'A backup file is in %s' % backup
# END class KeyringBuilder
def check_options(parser, mode, options):
'''Check options for user error.'''
global DEBUG_ON
if mode == 'help':
parser.print_help()
sys.exit(0)
if not mode or mode not in ('build', 'prune'):
parser.error('Invalid or missing mode.')
if options.debug:
DEBUG_ON = True
if not options.keyring:
parser.error('Must specify a keyring')
if mode == 'build':
if not options.csv_file and not options.mbox_file:
parser.error('Build mode needs one of --csv-file or --mbox-file')
if os.path.exists(options.tmp_dir) and not os.path.isdir(options.tmp_dir):
parser.error('%s exists but isn\'t a directory. It must not exist or be\n'
'a directory.' % options.tmp_dir)
if not os.path.exists(options.tmp_dir):
try:
os.mkdir(options.tmp_dir, 0700)
except OSError, msg:
parser.error('%s was doesn\'t exist, and was unable to be created: %s'
% (options.tmp_dir, msg))
def main():
usage = '%prog <mode> [options]'
intro = '''
%prog has several modes to help you manage keyrings. It is primarily designed
to help manage keysigning party rings, but can be used to manage any PGP
keyring. A mode must be the first argument. The options below are grouped by
their mode, and an explanation of modes is at the bottom.
'''
outro = '''
Example: %s build --csv-file /tmp/report --mbox-file /tmp/mbox --mail
yo...@co...
''' % sys.argv[0]
parser = optparse.OptionParser(usage=usage, description=intro, epilog=outro,
version='%%prog %s' % VERSION)
parser.set_defaults(delimiter=DEFAULT_CSV_DELIMITER,
name_field=DEFAULT_CSV_NAME_FIELD,
email_field=DEFAULT_CSV_EMAIL_FIELD,
fp_field=DEFAULT_CSV_FP_FIELD,
gpg_path=DEFAULT_GPG_PATH,
party='',
tmp_dir=DEFAULT_TMP_DIR)
common = optparse.OptionGroup(parser, 'Options common to all modes')
common.add_option('-d', '--debug', dest='debug', action='store_true',
help='Debug output')
common.add_option('-g', '--gpg-path', dest='gpg_path', metavar='PATH',
help='Path to gpg binary. [default; %default]')
common.add_option('-r', '--keyring', dest='keyring', metavar='KEYRING', nargs=1,
help='Keyring file.')
common.add_option('-v', '--verbose', dest='verbose', action='store_true',
help='Print summaries')
parser.add_option_group(common)
build_intro = '''
The "build" mode is the most common mode. It's primary functionality is parsing
a CSV file, attempting to find all the keys, and then emailing anyone whose key
could not be found. For completness sake, it can also import keys from a file.
Options for 'build' mode'''
build = optparse.OptionGroup(parser, build_intro)
build.add_option('-b', '--mbox-file', dest='mbox_file', metavar='FILE',
help='Parse mbox FILE, examining each message for'
' fingerprints or ascii-armored keys. Tries to be as'
' intelligent as possible here, including decoding'
' messages as necessary.')
build.add_option('-c', '--csv-file', dest='csv_file', metavar='FILE',
help='Parse FILE as a CSV and import keys. You will almost'
' want -D, -E, -F, and -N to control CSV parsing.')
build.add_option('-D', '--delimiter', dest='delimiter', metavar='DELIMITER',
help='Only meaningful with -c. Field delimiter to use when'
' parsing the CSV. [default: %default]')
build.add_option('-E', '--email-field', dest='email_field', metavar='FIELD',
type='int',
help='Only meaningful with -c. The field number of the CSV'
' where the email is. [default: %default]')
build.add_option('-F', '--fp-field', dest='fp_field', metavar='FIELD',
type='int',
help='Only meaningful with -c. The field number of the CSV'
' where the fingerprint is. [default: %default]')
build.add_option('-m', '--mail', dest='mail', metavar='EMAIL',
help='Email people whos keys were not found, using EMAIL')
build.add_option('-M', '--mail-text', dest='mail_text', metavar='FILE',
help='Use the text in FILE as the body of email when'
' sending out emails instead of the default text.'
' To see the default text use'
' --print-default-email. Requires -m.')
build.add_option('-N', '--name-field', dest='name_field', metavar='FIELD',
type='int',
help='Only meaningful with -c. The field number of the CSV'
' where the name is. [default: %default]')
build.add_option('-n', '--override-email', dest='mail_override',
metavar='EMAIL', nargs=1,
help='Rather than send to the user, send to this address.'
' Mostly useful for debugging.')
build.add_option('-p', '--party', dest='party', metavar='NAME', nargs=1,
help='The name of the party. This will be printed in the'
' emails sent out. Only useful with -m.')
build.add_option('-s', '--keyservers', dest='keyservers', metavar='KEYRING',
action='append', help='Keyservers to try. Specify this option'
' once for each server (-s foo -s bar). [default: %s]' %
', '.join(DEFAULT_KEYSERVERS))
build.add_option('-t', '--tmp-dir', dest='tmp_dir',
help='Directory to put temporary stuff in. [default:'
' %default]')
build.add_option('-T', '--print-default-email', dest='print_default_email',
action='store_true', help='Print the default email.')
parser.add_option_group(build)
prune_intro = '''
The "prune" mode asks about each key on a keyring and removes one you specify.
This is useful for trimming a keyring of people who didn't show after a party
before distributing they keyring.
There are no options'''
prune = optparse.OptionGroup(parser, prune_intro)
parser.add_option_group(prune)
(options, args) = parser.parse_args()
mode = None
if args:
mode = args.pop()
if options.print_default_email:
print_default_email()
sys.exit(0)
check_options(parser, mode, options)
# We can't set this as a default above because 'append' will not allow
# users to completely override the list
if not options.keyservers:
options.keyservers = DEFAULT_KEYSERVERS
kb = KeyringBuilder(options.gpg_path, options.keyring, options.keyservers,
options.tmp_dir)
if mode == 'prune':
kb.prune()
sys.exit(0)
# all that's left is mode == 'build'
if not mode == 'build':
print 'Unrecognized mode %s' % mode
sys.exit(1)
keys = []
if options.mbox_file:
keys = parse_mbox(options.mbox_file)
if options.csv_file:
keys.extend(parse_csv(options.csv_file, options.delimiter,
options.name_field, options.email_field, options.fp_field))
if not keys:
print "No keys IDs extract from CSV"
sys.exit(0)
if keys:
kb.get_all_keys(keys)
if options.verbose:
kb.print_report()
if options.mail:
kb.send_emails(options.mail, options.mail_override, options.party,
options.mail_text)
if __name__ == '__main__':
main()
--- NEW FILE: pius-party-worksheet ---
#!/usr/bin/perl
# vim:expandtab:ai:tabstop=2:textwidth=78:softtabstop=2:shiftwidth=2
use strict;
use warnings;
use Getopt::Long;
#
# Copyright (c) 2008 - present Phil Dibowitz (ph...@ip...)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, version 2.
#
# Given a PGP Keyring, generate a worksheet for a keysigning party.
#
# This is largely based on party-table.pl by
# V. Alex Brennen <va...@cr...> and Gerfried Fuchs <al...@is...>
# You can find the original at http://www.cryptnet.net/people/vab/
#
use constant VERSION => '2.0.9';
sub print_html_header
{
my $extra_fields = shift;
print "<html>\n<head><title>PGP Keysigning Party Keys</title></head>\n";
print "<body>\n<table border=1>\n";
print "<tr>\n"
. " <th>Key ID</th>\n <th>Owner</th>\n <th>Fingerprint</th>\n"
. " <th>Size</th>\n <th>Type</th>\n <th>Key Info Matches?</th>\n"
. " <th>Owner ID Matches?</th>\n";
foreach my $field (@$extra_fields) {
print " <th>$field</th>\n";
}
print "</tr>\n";
}
sub get_fingerprints
{
my $keyring = shift;
my $cmd = 'gpg --fingerprint --no-default-keyring --no-options'
. " --with-colons --keyring $keyring | egrep "
. '\'^(pub|fpr):\'';
my @fps = `$cmd`;
return \@fps;
}
sub parse_fingerprints
{
my $fps = shift;
my $key_metadata = {};
while (my $line = shift(@{$fps})) {
if ($line =~ /^pub/) {
my ($pub, $comptrust, $size, $type, $longid, $date, undef,
undef, $settrust, $owner, undef, undef, $flags, undef)
= split(/:/, $line);
my $id = substr($longid, 8);
my ($fpr, undef, undef, undef, undef, undef, undef, undef, undef,
$fingerprint) = split(/:/, shift(@{$fps}));
if ($type eq '17') {
$type = 'DSA';
} elsif ($type eq '20') {
$type = 'El Gamal';
} elsif ($type eq '1') {
$type = 'RSA';
}
if (length($fingerprint) == 40) {
for my $i qw(36 32 28 24 20 16 12 8 4) {
if ($i != 20) {
substr($fingerprint, $i, 0, ' ');
}
if ($i == 20) {
substr($fingerprint, $i, 0, "\n");
}
}
} elsif (length($fingerprint) == 32) {
for my $i qw(30 28 26 24 22 20 18 16 14 12 10 8 6 4 2) {
if ($i != 16) {
substr($fingerprint, $i, 0, ' ');
}
if ($i == 16) {
substr($fingerprint, $i, 0, "\n");
}
}
}
$owner =~ s/&/&/;
$owner =~ s/</<\;/;
$owner =~ s/>/>\;/;
push (@{$key_metadata->{$owner}},
{'id' => $id,
'owner' => $owner,
'fingerprint' => $fingerprint,
'size' => $size,
'type' => $type});
}
}
return $key_metadata;
}
sub print_table_body
{
my ($metadata, $num_fields) = @_;
# Loop to create extra-fields HTML only once
my $extra_fields_html = '';
for (my $i = 0; $i < $num_fields; $i++) {
$extra_fields_html .= " <td> </td>\n";
}
foreach my $user (sort(keys(%{$metadata}))) {
foreach my $key (@{$metadata->{$user}}) {
print "<tr>\n"
. " <td><pre>$key->{'id'}</pre></td>\n"
. " <td>$key->{'owner'}</td>\n"
. " <td><pre>$key->{'fingerprint'}</pre></td>\n"
. " <td>$key->{'size'}</td>\n"
. " <td>$key->{'type'}</td>\n"
. " <td> </td>\n"
. " <td> </td>\n"
. $extra_fields_html
. "</tr>\n";
}
}
}
sub print_html_footer
{
print "</table>\n</body>\n</html>";
}
sub help
{
my $err = shift || 0;
# If we're printing this due to incorrect usage, the user is probably
# re-directing output to a file, so we need to print to stderr.
my $fh = *STDOUT;
if ($err) {
$fh = *STDERR;
}
print $fh 'PIUS PGP Keysigning Party Worksheet Generator ' . VERSION . "\n\n";
print $fh <<EOF;
Usage: $0 <options> <keyring> > out-file.html
<keyring> should be the gpg keyring file with the public keys for all party
participants.
Options:
-e, --extra-fields <fields>
A comma-separated list of extra colums to have. This is useful if a subset
of the participants want to do something extra such as S/MIME for CA Cert
verification.
-h, --help
Print this help message and exit.
-v, --version
Print the version and exit.
EOF
}
my $opts = {};
GetOptions($opts,
'extra-fields|e=s',
'help|h',
'version|v',
) || die('Bad options');
if (exists($opts->{'help'})) {
help();
exit(0);
}
if (exists($opts->{'version'})) {
print "$0 " . VERSION . "\n";
exit(0);
}
my $extra_fields = [];
if (exists($opts->{'extra-fields'})) {
@$extra_fields = split(',', $opts->{'extra-fields'});
}
my $keyring = shift;
unless($keyring) {
help(1);
exit(1);
}
my $fps = get_fingerprints($keyring);
my $metadata = parse_fingerprints($fps);
print_html_header($extra_fields);
print_table_body($metadata, scalar(@$extra_fields));
print_html_footer();
|
|
From: Phil D. <ja...@us...> - 2011-03-13 02:00:18
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv7953
Modified Files:
pius
Log Message:
Provide an option not to sort the keyring. Some people are using the old
party-table and thus are not looking at a sorted list.
This work is based on a patch submitted by Tom Knight <to...@ge...> in
feature request #3182115.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -d -r1.39 -r1.40
--- pius 13 Mar 2011 01:47:22 -0000 1.39
+++ pius 13 Mar 2011 02:00:16 -0000 1.40
@@ -180,10 +180,11 @@
def __init__(self, signer, mode, keyring, gpg_path, tmpdir, outdir,
encrypt_outfiles, mail, verbose, mail_text,
mail_override, mail_host, mail_port, mail_no_pgp_mime, mail_user,
- mail_tls):
+ mail_tls, sort_keyring):
self.mode = mode
self.signer = signer
self.keyring = keyring
+ self.sort_keyring = sort_keyring
self.gpg = gpg_path
self.tmpdir = tmpdir
self.outdir = outdir
@@ -245,7 +246,10 @@
gpg.close()
# sort the list
- keyids = [ i[1] for i in sorted(key_tuples) ]
+ if self.sort_keyring:
+ keyids = [ i[1] for i in sorted(key_tuples) ]
+ else:
+ keyids = [ i[1] for i in key_tuples ]
return keyids
def check_fingerprint(self, key):
@@ -1180,6 +1184,7 @@
out_dir=DEFAULT_OUT_DIR,
tmp_dir=DEFAULT_TMP_DIR,
keyring=DEFAULT_KEYRING,
+ sort_keyring=True,
mail_host=DEFAULT_MAIL_HOST,
mail_port=DEFAULT_MAIL_PORT)
parser.add_option('-a', '--use-agent', action='store_const', const=MODE_AGENT,
@@ -1220,6 +1225,9 @@
' sending out emails instead of the default text.'
' To see the default text use'
' --print-default-email. Requires -m.')
+ parser.add_option('-N', '--no-sort-keyring', dest='sort_keyring',
+ action='store_false',
+ help='Do not sort the keyring by name.')
parser.add_option('-n', '--override-email', dest='mail_override',
metavar='EMAIL', nargs=1, type='email',
help='Rather than send to the user, send to this address.'
@@ -1311,7 +1319,7 @@
options.mail_text, options.mail_override,
options.mail_host, options.mail_port,
options.mail_no_pgp_mime, options.mail_user,
- options.mail_tls)
+ options.mail_tls, options.sort_keyring)
if options.all_keys:
key_list = signer.get_all_keyids()
|
|
From: Phil D. <ja...@us...> - 2011-03-13 01:47:24
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv5820
Modified Files:
pius
Log Message:
Fix order of a function, bump version and copyright.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- pius 13 Mar 2011 01:44:27 -0000 1.38
+++ pius 13 Mar 2011 01:47:22 -0000 1.39
@@ -5,7 +5,7 @@
# vim:shiftwidth=2:tabstop=2:expandtab:textwidth=80:softtabstop=2:ai:
#
-# Copyright (c) 2008 - 2010 Phil Dibowitz (ph...@ip...)
+# Copyright (c) 2008 - present Phil Dibowitz (ph...@ip...)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -34,7 +34,7 @@
import subprocess
import sys
-VERSION = '2.0.8'
+VERSION = '2.0.9'
DEBUG_ON = False
MODE_INTERACTIVE = 0
@@ -211,16 +211,16 @@
'''Internal function to take a filename and put it in self.tmpdir.'''
return '%s/%s' % (self.tmpdir, tfile)
- def cleanup(self):
- '''Cleanup all our temp files.'''
- self._clean_files([self.tmp_keyring, ('%s~' % self.tmp_keyring)])
-
def _clean_files(self, flist):
'''Delete a list of files.'''
for cfile in flist:
if os.path.exists(cfile):
os.unlink(cfile)
+ def cleanup(self):
+ '''Cleanup all our temp files.'''
+ self._clean_files([self.tmp_keyring, ('%s~' % self.tmp_keyring)])
+
def get_all_keyids(self):
'''Given a keyring, get all the KeyIDs from it.'''
debug('extracting all keyids from keyring')
|
|
From: Phil D. <ja...@us...> - 2011-03-13 01:44:29
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv5315
Modified Files:
pius
Log Message:
Cleanup of parsing code in get_all_keyids()
Inspired be the previous commit, a patch from Tom Knight.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- pius 13 Mar 2011 01:39:15 -0000 1.37
+++ pius 13 Mar 2011 01:44:27 -0000 1.38
@@ -228,22 +228,20 @@
' --fingerprint --fixed-list-mode 2>&1' % (self.gpg, self.keyring))
debug(cmd)
gpg = os.popen(cmd, 'r')
- pub_re = re.compile('^pub:')
+ fpr_re = re.compile('^fpr:')
uid_re = re.compile('^uid:')
key_tuples = []
- name = uid = None
+ name = keyid = None
for line in gpg.readlines():
- if uid and uid_re.match(line):
+ if fpr_re.match(line):
lineparts = line.split(':')
- name = lineparts[9]
- debug('Got id %s for %s' % (uid, name))
- key_tuples.append((name, uid))
- name = uid = None
- elif pub_re.match(line):
+ keyid = lineparts[9][32:40]
+ elif keyid and uid_re.match(line):
lineparts = line.split(':')
- uid = lineparts[4]
- # get the short version
- uid = uid[8:16]
+ name = lineparts[9]
+ debug('Got id %s for %s' % (keyid, name))
+ key_tuples.append((name, keyid))
+ name = keyid = None
gpg.close()
# sort the list
|
|
From: Phil D. <ja...@us...> - 2011-03-13 01:39:18
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv3535
Modified Files:
pius
Log Message:
From: Tom Knight <to...@ge...>
The problem is that in GPG >= 2.0.10 --fixed-list-mode is always enabled
when using --with-colon so you don't get the name/e-mail included in the
pub: line. This patch grabs the info from the first uid: line instead.
Signed-off-by: Tom Knight <to...@ge...>
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -d -r1.36 -r1.37
--- pius 6 Mar 2011 20:38:14 -0000 1.36
+++ pius 13 Mar 2011 01:39:15 -0000 1.37
@@ -225,21 +225,25 @@
'''Given a keyring, get all the KeyIDs from it.'''
debug('extracting all keyids from keyring')
cmd = ('%s --no-default-keyring --keyring %s --no-options --with-colons'
- ' --fingerprint 2>&1' % (self.gpg, self.keyring))
+ ' --fingerprint --fixed-list-mode 2>&1' % (self.gpg, self.keyring))
debug(cmd)
gpg = os.popen(cmd, 'r')
pub_re = re.compile('^pub:')
+ uid_re = re.compile('^uid:')
key_tuples = []
+ name = uid = None
for line in gpg.readlines():
- if not pub_re.search(line):
- continue
- lineparts = line.split(':')
- name = lineparts[9]
- uid = lineparts[4]
- # get the shirt version
- uid = uid[8:16]
- debug('Got id %s for %s' % (uid, name))
- key_tuples.append((name, uid))
+ if uid and uid_re.match(line):
+ lineparts = line.split(':')
+ name = lineparts[9]
+ debug('Got id %s for %s' % (uid, name))
+ key_tuples.append((name, uid))
+ name = uid = None
+ elif pub_re.match(line):
+ lineparts = line.split(':')
+ uid = lineparts[4]
+ # get the short version
+ uid = uid[8:16]
gpg.close()
# sort the list
|
|
From: Phil D. <ja...@us...> - 2011-03-06 20:38:16
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv32153
Modified Files:
pius
Log Message:
Properly report errors for bad hostname/port specified (or not) for the mail
server.
This commit is a further fix ontop of the last commit.
Original problem reported by KC Braunschweig <kcb...@gm...>
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- pius 3 Mar 2011 23:33:53 -0000 1.35
+++ pius 6 Mar 2011 20:38:14 -0000 1.36
@@ -286,7 +286,11 @@
def verify_mail_pass(self):
'''Verify the password we got works for SMTPAUTH.'''
- smtp = None
+ try:
+ smtp = smtplib.SMTP(self.mail_host, self.mail_port)
+ except socket.error, msg:
+ raise MailSendError, msg
+
# NOTE WELL: SECURITY IMPORTANT NOTE!
# In python 2.6 if you attempt to starttls() and the server doesn't
# understand an exception is raised. However before that, it just carried on
@@ -295,7 +299,6 @@
# So, in order be secure on older pythons we ehlo() and then check the
# response before attempting startls.
try:
- smtp = smtplib.SMTP(self.mail_host, self.mail_port)
smtp.ehlo()
if not smtp.has_extn('STARTTLS'):
# Emulate 2.6 behavior
|
|
From: Phil D. <ja...@us...> - 2011-03-03 23:33:56
|
Update of /cvsroot/pgpius/pius
In directory vz-cvs-2.sog:/tmp/cvs-serv27968
Modified Files:
pius
Log Message:
Enable better error reporting. Catch exceptions from bad mailserver hostname/ports
and report it to the user nicely.
Reported by KC Braunschweig.
Signed-off-by: Phil Dibowitz <ph...@ip...>
Index: pius
===================================================================
RCS file: /cvsroot/pgpius/pius/pius,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- pius 20 Feb 2011 01:40:45 -0000 1.34
+++ pius 3 Mar 2011 23:33:53 -0000 1.35
@@ -286,7 +286,7 @@
def verify_mail_pass(self):
'''Verify the password we got works for SMTPAUTH.'''
- smtp = smtplib.SMTP(self.mail_host, self.mail_port)
+ smtp = None
# NOTE WELL: SECURITY IMPORTANT NOTE!
# In python 2.6 if you attempt to starttls() and the server doesn't
# understand an exception is raised. However before that, it just carried on
@@ -295,6 +295,7 @@
# So, in order be secure on older pythons we ehlo() and then check the
# response before attempting startls.
try:
+ smtp = smtplib.SMTP(self.mail_host, self.mail_port)
smtp.ehlo()
if not smtp.has_extn('STARTTLS'):
# Emulate 2.6 behavior
@@ -305,7 +306,7 @@
smtp.login(self.mail_user, self.mail_pass)
except smtplib.SMTPAuthenticationError:
return False
- except smtplib.SMTPException, msg:
+ except (smtplib.SMTPException, socket.error), msg:
raise MailSendError, msg
finally:
smtp.quit()
|
|
From: Phil D. <ja...@us...> - 2010-09-19 13:47:59
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv18076 Modified Files: Changelog pius pius.spec Log Message: 2.0.8. pius pius.spec - version bump Changelog - fill in changelog for 2.0.8 Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius.spec =================================================================== RCS file: /cvsroot/pgpius/pius/pius.spec,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- pius.spec 4 Mar 2010 14:43:59 -0000 1.9 +++ pius.spec 19 Sep 2010 13:47:51 -0000 1.10 @@ -2,7 +2,7 @@ # $Id$ %define name pius -%define version 2.0.7 +%define version 2.0.8 %define release 1 Name: %{name} Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.31 retrieving revision 1.32 diff -u -d -r1.31 -r1.32 --- pius 15 Sep 2010 21:59:40 -0000 1.31 +++ pius 19 Sep 2010 13:47:51 -0000 1.32 @@ -34,7 +34,7 @@ import subprocess import sys -VERSION = '2.0.7' +VERSION = '2.0.8' DEBUG_ON = False MODE_INTERACTIVE = 0 Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- Changelog 4 Mar 2010 14:43:59 -0000 1.17 +++ Changelog 19 Sep 2010 13:47:51 -0000 1.18 @@ -1,3 +1,12 @@ +2.0.8 +Released: 09/19/10 +ph...@ip... +- Don't lose keyids just because the UID string happens to be the same. Fixes + #3067127. +- We need to remove the signed files while we still have the right state to do + so. Additionally, don't remove keys if we haven't done anything with them. + Fixes #3067157. + 2.0.7 Released: 03/04/10 ph...@ip... |
|
From: Phil D. <ja...@us...> - 2010-09-15 21:59:49
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv15201 Modified Files: pius Log Message: We need to remove the signed files while we still have the right state to do so. Also, we shouldn't remove them if we haven't done anything with them. This fixes bug 3067157. Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.30 retrieving revision 1.31 diff -u -d -r1.30 -r1.31 --- pius 15 Sep 2010 21:23:33 -0000 1.30 +++ pius 15 Sep 2010 21:59:40 -0000 1.31 @@ -820,10 +820,13 @@ # add a newline to all the sys.stdout.write()s print '' - # remote the signed file, if it exists (it might not, if it's - # expired, the user chose not to sign it, etc.) - if os.path.exists(self._outfile_path(uids[index]['file'])): - os.unlink(self._outfile_path(uids[index]['file'])) + # remove the signed file, if it exists (it might not, if it's + # expired, the user chose not to sign it, etc.) + # But don't do this if the ONLY action we're performing is creating those + # files - then the desired result is these files. + if self.encrypt_outfiles or self.mail: + if os.path.exists(self._outfile_path(uids[index]['file'])): + os.unlink(self._outfile_path(uids[index]['file'])) if self.verbose: self.print_filenames(uids) |
|
From: Phil D. <ja...@us...> - 2010-09-15 21:23:41
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv8896 Modified Files: pius Log Message: Don't lose keyids just because the UID string happens to be the same. This fixes bug 3067127. Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.29 retrieving revision 1.30 diff -u -d -r1.29 -r1.30 --- pius 4 Mar 2010 14:43:59 -0000 1.29 +++ pius 15 Sep 2010 21:23:33 -0000 1.30 @@ -229,7 +229,7 @@ debug(cmd) gpg = os.popen(cmd, 'r') pub_re = re.compile('^pub:') - key_map = {} + key_tuples = [] for line in gpg.readlines(): if not pub_re.search(line): continue @@ -238,12 +238,12 @@ uid = lineparts[4] # get the shirt version uid = uid[8:16] - debug('Got id %s' % uid) - key_map[name] = uid + debug('Got id %s for %s' % (uid, name)) + key_tuples.append((name, uid)) gpg.close() # sort the list - keyids = [ i[1] for i in sorted(key_map.items())] + keyids = [ i[1] for i in sorted(key_tuples) ] return keyids def check_fingerprint(self, key): |
|
From: Phil D. <ja...@us...> - 2010-03-04 14:44:07
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv12868 Modified Files: Changelog pius pius.spec Log Message: Version bump. Index: pius.spec =================================================================== RCS file: /cvsroot/pgpius/pius/pius.spec,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- pius.spec 1 Mar 2010 20:29:04 -0000 1.8 +++ pius.spec 4 Mar 2010 14:43:59 -0000 1.9 @@ -2,7 +2,7 @@ # $Id$ %define name pius -%define version 2.0.6 +%define version 2.0.7 %define release 1 Name: %{name} Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- pius 3 Mar 2010 19:56:41 -0000 1.28 +++ pius 4 Mar 2010 14:43:59 -0000 1.29 @@ -34,7 +34,7 @@ import subprocess import sys -VERSION = '2.0.6+CVS' +VERSION = '2.0.7' DEBUG_ON = False MODE_INTERACTIVE = 0 Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- Changelog 1 Mar 2010 20:59:35 -0000 1.16 +++ Changelog 4 Mar 2010 14:43:59 -0000 1.17 @@ -1,3 +1,9 @@ +2.0.7 +Released: 03/04/10 +ph...@ip... +- Don't attempt to delete things we didn't create. Fixes #2962342. +- Provide a useful error when we can't find the gpg binary. Fixes #2962341. + 2.0.6 Released: 03/01/10 ph...@ip... |
|
From: Phil D. <ja...@us...> - 2010-03-03 19:56:50
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv9872 Modified Files: pius Log Message: Test for existence of GPG binary and throw an error if it doesn't exist. Fixes bug #2962341 Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.27 retrieving revision 1.28 diff -u -d -r1.27 -r1.28 --- pius 3 Mar 2010 15:03:54 -0000 1.27 +++ pius 3 Mar 2010 19:56:41 -0000 1.28 @@ -34,7 +34,7 @@ import subprocess import sys -VERSION = '2.0.6' +VERSION = '2.0.6+CVS' DEBUG_ON = False MODE_INTERACTIVE = 0 @@ -1117,6 +1117,9 @@ print 'Setting debug' DEBUG_ON = True + if not os.path.exists(options.gpg_path): + parser.error('GnuPG binary not found at %s.' % options.gpg_path) + if not options.signer: parser.error('You must specify a keyid to sign with.') |
|
From: Phil D. <ja...@us...> - 2010-03-03 15:04:03
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv14480 Modified Files: pius Log Message: - don't try to delete files that don't exist. Fixes bug #2962342 Signed-off-by: Phil Dibowitz <ph...@ip...> Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- pius 1 Mar 2010 20:29:04 -0000 1.26 +++ pius 3 Mar 2010 15:03:54 -0000 1.27 @@ -820,7 +820,10 @@ # add a newline to all the sys.stdout.write()s print '' - os.unlink(self._outfile_path(uids[index]['file'])) + # remote the signed file, if it exists (it might not, if it's + # expired, the user chose not to sign it, etc.) + if os.path.exists(self._outfile_path(uids[index]['file'])): + os.unlink(self._outfile_path(uids[index]['file'])) if self.verbose: self.print_filenames(uids) |
|
From: Phil D. <ja...@us...> - 2010-03-01 20:59:43
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv12632 Modified Files: Changelog Log Message: credit. Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.15 retrieving revision 1.16 diff -u -d -r1.15 -r1.16 --- Changelog 1 Mar 2010 20:36:20 -0000 1.15 +++ Changelog 1 Mar 2010 20:59:35 -0000 1.16 @@ -11,7 +11,9 @@ - QP-encode the body... especially since we claim it's QP - Remove the signed, but unencrypted files (potential security hole fixed here) - Add a note to the emails that PIUS generated them, for clarity. -- Use application/pgp-keys for the signed key +- Use application/pgp-keys for the signed key (more RFC complaint and provides + Evolution compatibility). Thanks to da...@gi... for + point this out. 2.0.5 Released: 02/27/10 |
|
From: Phil D. <ja...@us...> - 2010-03-01 20:36:28
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv7971 Modified Files: Changelog Log Message: missing CL entry. Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- Changelog 1 Mar 2010 20:29:04 -0000 1.14 +++ Changelog 1 Mar 2010 20:36:20 -0000 1.15 @@ -11,6 +11,7 @@ - QP-encode the body... especially since we claim it's QP - Remove the signed, but unencrypted files (potential security hole fixed here) - Add a note to the emails that PIUS generated them, for clarity. +- Use application/pgp-keys for the signed key 2.0.5 Released: 02/27/10 |
|
From: Phil D. <ja...@us...> - 2010-03-01 20:29:13
|
Update of /cvsroot/pgpius/pius In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv5785 Modified Files: Changelog pius pius.spec Log Message: version bump Index: pius.spec =================================================================== RCS file: /cvsroot/pgpius/pius/pius.spec,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- pius.spec 27 Feb 2010 11:17:09 -0000 1.7 +++ pius.spec 1 Mar 2010 20:29:04 -0000 1.8 @@ -2,7 +2,7 @@ # $Id$ %define name pius -%define version 2.0.5 +%define version 2.0.6 %define release 1 Name: %{name} Index: pius =================================================================== RCS file: /cvsroot/pgpius/pius/pius,v retrieving revision 1.25 retrieving revision 1.26 diff -u -d -r1.25 -r1.26 --- pius 1 Mar 2010 20:28:20 -0000 1.25 +++ pius 1 Mar 2010 20:29:04 -0000 1.26 @@ -34,7 +34,7 @@ import subprocess import sys -VERSION = '2.0.5+CVS' +VERSION = '2.0.6' DEBUG_ON = False MODE_INTERACTIVE = 0 Index: Changelog =================================================================== RCS file: /cvsroot/pgpius/pius/Changelog,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- Changelog 1 Mar 2010 20:28:20 -0000 1.13 +++ Changelog 1 Mar 2010 20:29:04 -0000 1.14 @@ -1,5 +1,5 @@ -2.0.5+CVS -Released: +2.0.6 +Released: 03/01/10 ph...@ip... - When signing all keys on a keyring, sort them first. - Stop QP-encoding the key, as it prevents people from manually doing |
