forked from jan/debianmemberportfolio
improve keyring analyzer
- define separate gnupg homedir as gnupghome - update file comments in ddportfolioservice/model/ddportfolio.ini and ddportfolioservice/model/keyringanalyzer.py to reflect current copyright years and project name - keyringanalyzer.py: - refactor to reduce function complexity - fix PEP8 violations - use gnupghome setting - switch to SafeConfigParser
This commit is contained in:
parent
a74c778258
commit
275885cb41
2 changed files with 81 additions and 59 deletions
|
@ -1,24 +1,25 @@
|
||||||
#
|
#
|
||||||
# Configuration for DDPortfolio service
|
# Configuration for Debian Member Portfolio service
|
||||||
# Copyright © 2009, 2010, 2011, 2012, 2013 Jan Dittberner <jan@dittberner.info>
|
|
||||||
#
|
#
|
||||||
# This file is part of DDPortfolio service.
|
# Copyright © 2009-2014 Jan Dittberner <jan@dittberner.info>
|
||||||
#
|
#
|
||||||
# DDPortfolio service is free software: you can redistribute it and/or
|
# This file is part of the Debian Member Portfolio service.
|
||||||
# modify it under the terms of the GNU Affero General Public License
|
|
||||||
# as published by the Free Software Foundation, either version 3 of
|
|
||||||
# the License, or (at your option) any later version.
|
|
||||||
#
|
#
|
||||||
# DDPortfolio service is distributed in the hope that it will be
|
# Debian Member Portfolio service is free software: you can redistribute it
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
|
# and/or modify it under the terms of the GNU Affero General Public License as
|
||||||
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
# published by the Free Software Foundation, either version 3 of the License,
|
||||||
# Affero General Public License for more details.
|
# or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# Debian Member Portfolio service is distributed in the hope that it will be# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
|
||||||
|
# General Public License for more details.
|
||||||
#
|
#
|
||||||
# You should have received a copy of the GNU Affero General Public
|
# You should have received a copy of the GNU Affero General Public
|
||||||
# License along with this program. If not, see
|
# License along with this program. If not, see
|
||||||
# <http://www.gnu.org/licenses/>.
|
# <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
gnupghome=~/debian/gnupghome
|
||||||
keyring.dir=~/debian/keyring.debian.org/keyrings
|
keyring.dir=~/debian/keyring.debian.org/keyrings
|
||||||
urlbuilder.sections=overview,bugs,build,qa,lists,files,membership,
|
urlbuilder.sections=overview,bugs,build,qa,lists,files,membership,
|
||||||
miscellaneous,ssh,ubuntu
|
miscellaneous,ssh,ubuntu
|
||||||
|
|
|
@ -1,20 +1,21 @@
|
||||||
# -*- python -*-
|
# -*- python -*-
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
# DDPortfolio service application key ring analyzer tool
|
# Debian Member Portfolio service application key ring analyzer tool
|
||||||
# Copyright © 2009, 2010, 2011, 2012 Jan Dittberner <jan@dittberner.info>
|
|
||||||
#
|
#
|
||||||
# This file is part of DDPortfolio service.
|
# Copyright © 2009-2014 Jan Dittberner <jan@dittberner.info>
|
||||||
#
|
#
|
||||||
# DDPortfolio service is free software: you can redistribute it and/or
|
# This file is part of the Debian Member Portfolio service.
|
||||||
# modify it under the terms of the GNU Affero General Public License
|
#
|
||||||
# as published by the Free Software Foundation, either version 3 of
|
# Debian Member Portfolio service is free software: you can redistribute it
|
||||||
|
# and/or modify it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of
|
||||||
# the License, or (at your option) any later version.
|
# the License, or (at your option) any later version.
|
||||||
#
|
#
|
||||||
# DDPortfolio service is distributed in the hope that it will be
|
# Debian Member Portfolio service is distributed in the hope that it will be
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
|
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
|
||||||
# Affero General Public License for more details.
|
# General Public License for more details.
|
||||||
#
|
#
|
||||||
# You should have received a copy of the GNU Affero General Public
|
# You should have received a copy of the GNU Affero General Public
|
||||||
# License along with this program. If not, see
|
# License along with this program. If not, see
|
||||||
|
@ -38,27 +39,28 @@ import sys
|
||||||
import email.utils
|
import email.utils
|
||||||
|
|
||||||
|
|
||||||
|
CONFIG = ConfigParser.SafeConfigParser()
|
||||||
|
|
||||||
|
|
||||||
def _get_keyrings():
|
def _get_keyrings():
|
||||||
"""
|
"""
|
||||||
Gets the available keyring files from the keyring directory
|
Gets the available keyring files from the keyring directory
|
||||||
configured in ddportfolio.ini.
|
configured in ddportfolio.ini.
|
||||||
"""
|
"""
|
||||||
my_config = ConfigParser.ConfigParser()
|
keyringdir = os.path.expanduser(CONFIG.get('DEFAULT', 'keyring.dir'))
|
||||||
my_config.readfp(pkg_resources.resource_stream(
|
|
||||||
__name__, 'ddportfolio.ini'))
|
|
||||||
keyringdir = os.path.expanduser(my_config.get('DEFAULT', 'keyring.dir'))
|
|
||||||
logging.debug("keyring dir is %s", keyringdir)
|
logging.debug("keyring dir is %s", keyringdir)
|
||||||
keyrings = glob.glob(os.path.join(keyringdir, '*.gpg'))
|
keyrings = glob.glob(os.path.join(keyringdir, '*.gpg'))
|
||||||
keyrings.extend(glob.glob(os.path.join(keyringdir, '*.pgp')))
|
keyrings.extend(glob.glob(os.path.join(keyringdir, '*.pgp')))
|
||||||
keyrings.sort()
|
keyrings.sort()
|
||||||
return keyrings
|
return keyrings
|
||||||
|
|
||||||
|
|
||||||
def _parse_uid(uid):
|
def _parse_uid(uid):
|
||||||
"""
|
"""
|
||||||
Parse a uid of the form 'Real Name <email@example.com>' into email
|
Parse a uid of the form 'Real Name <email@example.com>' into email
|
||||||
and realname parts.
|
and realname parts.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# First try with the Python library, but it doesn't always catch everything
|
# First try with the Python library, but it doesn't always catch everything
|
||||||
(name, mail) = email.utils.parseaddr(uid)
|
(name, mail) = email.utils.parseaddr(uid)
|
||||||
if (not name) and (not mail):
|
if (not name) and (not mail):
|
||||||
|
@ -103,49 +105,63 @@ def _add_to_result(key, newvalue):
|
||||||
resultdict[thekey].append(newvalue)
|
resultdict[thekey].append(newvalue)
|
||||||
|
|
||||||
|
|
||||||
|
def _handle_mail(mail, fpr):
|
||||||
|
if mail.endswith('@debian.org'):
|
||||||
|
login = mail[0:-len('@debian.org')]
|
||||||
|
_add_to_result('login:email:%s' % mail, login)
|
||||||
|
_add_to_result('login:fpr:%s' % fpr, login)
|
||||||
|
_add_to_result('fpr:login:%s' % login, fpr)
|
||||||
|
_add_to_result('fpr:email:%s' % mail, fpr)
|
||||||
|
_add_to_result('email:fpr:%s' % fpr, mail)
|
||||||
|
|
||||||
|
|
||||||
|
def _handle_uid(uid, fpr):
|
||||||
|
# Do stuff with 'uid'
|
||||||
|
if uid:
|
||||||
|
(uid, mail) = _parse_uid(uid)
|
||||||
|
if mail:
|
||||||
|
_handle_mail(mail, fpr)
|
||||||
|
if uid:
|
||||||
|
_add_to_result('name:fpr:%s' % fpr, uid)
|
||||||
|
if mail:
|
||||||
|
_add_to_result('name:email:%s' % mail, uid)
|
||||||
|
return fpr
|
||||||
|
|
||||||
|
|
||||||
|
def process_gpg_list_keys_line(line, fpr):
|
||||||
|
"""
|
||||||
|
Process a line of gpg --list-keys --with-colon output.
|
||||||
|
"""
|
||||||
|
items = line.split(':')
|
||||||
|
if items[0] == 'pub':
|
||||||
|
return None
|
||||||
|
if items[0] == 'fpr':
|
||||||
|
return items[9].strip()
|
||||||
|
if items[0] == 'uid':
|
||||||
|
if items[1] == 'r':
|
||||||
|
return fpr
|
||||||
|
return _handle_uid(items[9].strip(), fpr)
|
||||||
|
else:
|
||||||
|
return fpr
|
||||||
|
|
||||||
|
|
||||||
def process_keyrings():
|
def process_keyrings():
|
||||||
"""Process the keyrings and store the extracted data in an anydbm
|
"""Process the keyrings and store the extracted data in an anydbm
|
||||||
file."""
|
file."""
|
||||||
for keyring in _get_keyrings():
|
for keyring in _get_keyrings():
|
||||||
logging.debug("get data from %s", keyring)
|
logging.debug("get data from %s", keyring)
|
||||||
proc = subprocess.Popen(["gpg", "--no-options", "--no-default-keyring",
|
proc = subprocess.Popen([
|
||||||
|
"gpg", "--no-options", "--no-default-keyring",
|
||||||
|
"--homedir", os.path.expanduser(
|
||||||
|
CONFIG.get('DEFAULT', 'gnupghome')),
|
||||||
"--no-expensive-trust-checks",
|
"--no-expensive-trust-checks",
|
||||||
"--keyring", keyring, "--list-keys",
|
"--keyring", keyring, "--list-keys",
|
||||||
"--with-colons", "--fixed-list-mode", "--with-fingerprint", "--with-fingerprint"],
|
"--with-colons", "--fixed-list-mode", "--with-fingerprint",
|
||||||
|
"--with-fingerprint"],
|
||||||
stdout=subprocess.PIPE)
|
stdout=subprocess.PIPE)
|
||||||
fpr = None
|
fpr = None
|
||||||
entry = None
|
|
||||||
lastpub = None
|
|
||||||
for line in proc.stdout.readlines():
|
for line in proc.stdout.readlines():
|
||||||
items = line.split(':')
|
fpr = process_gpg_list_keys_line(line, fpr)
|
||||||
uid = None
|
|
||||||
if items[0] == 'pub':
|
|
||||||
fpr = entry = None
|
|
||||||
lastpub = items[4].strip()
|
|
||||||
continue
|
|
||||||
elif items[0] == 'fpr':
|
|
||||||
fpr = items[9].strip()
|
|
||||||
elif items[0] == 'uid':
|
|
||||||
if items[1] == 'r':
|
|
||||||
continue
|
|
||||||
uid = items[9].strip()
|
|
||||||
else:
|
|
||||||
continue
|
|
||||||
# Do stuff with 'uid'
|
|
||||||
if uid:
|
|
||||||
(uid, mail) = _parse_uid(uid)
|
|
||||||
if mail:
|
|
||||||
if mail.endswith('@debian.org'):
|
|
||||||
login = mail[0:-len('@debian.org')]
|
|
||||||
_add_to_result('login:email:%s' % mail, login)
|
|
||||||
_add_to_result('login:fpr:%s' % fpr, login)
|
|
||||||
_add_to_result('fpr:login:%s' % login, fpr)
|
|
||||||
_add_to_result('fpr:email:%s' % mail, fpr)
|
|
||||||
_add_to_result('email:fpr:%s' % fpr, mail)
|
|
||||||
if uid:
|
|
||||||
_add_to_result('name:fpr:%s' % fpr, uid)
|
|
||||||
if mail:
|
|
||||||
_add_to_result('name:email:%s' % mail, uid)
|
|
||||||
retcode = proc.wait()
|
retcode = proc.wait()
|
||||||
if retcode != 0:
|
if retcode != 0:
|
||||||
logging.error("subprocess ended with return code %d", retcode)
|
logging.error("subprocess ended with return code %d", retcode)
|
||||||
|
@ -158,4 +174,9 @@ def process_keyrings():
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
logging.basicConfig(stream=sys.stderr, level=logging.WARNING)
|
logging.basicConfig(stream=sys.stderr, level=logging.WARNING)
|
||||||
|
CONFIG.readfp(pkg_resources.resource_stream(
|
||||||
|
__name__, 'ddportfolio.ini'))
|
||||||
|
gpghome = os.path.expanduser(CONFIG.get('DEFAULT', 'gnupghome'))
|
||||||
|
if not os.path.isdir(gpghome):
|
||||||
|
os.makedirs(gpghome, 0700)
|
||||||
process_keyrings()
|
process_keyrings()
|
||||||
|
|
Loading…
Reference in a new issue