improve keyring analyzer

- define separate gnupg homedir as gnupghome
- update file comments in ddportfolioservice/model/ddportfolio.ini and
  ddportfolioservice/model/keyringanalyzer.py to reflect current
  copyright years and project name
- keyringanalyzer.py:
  - refactor to reduce function complexity
  - fix PEP8 violations
  - use gnupghome setting
  - switch to SafeConfigParser
This commit is contained in:
Jan Dittberner 2014-01-11 00:03:09 +00:00
parent a74c778258
commit 275885cb41
2 changed files with 81 additions and 59 deletions

View file

@ -1,24 +1,25 @@
# #
# Configuration for DDPortfolio service # Configuration for Debian Member Portfolio service
# Copyright © 2009, 2010, 2011, 2012, 2013 Jan Dittberner <jan@dittberner.info>
# #
# This file is part of DDPortfolio service. # Copyright © 2009-2014 Jan Dittberner <jan@dittberner.info>
# #
# DDPortfolio service is free software: you can redistribute it and/or # This file is part of the Debian Member Portfolio service.
# modify it under the terms of the GNU Affero General Public License
# as published by the Free Software Foundation, either version 3 of
# the License, or (at your option) any later version.
# #
# DDPortfolio service is distributed in the hope that it will be # Debian Member Portfolio service is free software: you can redistribute it
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty # and/or modify it under the terms of the GNU Affero General Public License as
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # published by the Free Software Foundation, either version 3 of the License,
# Affero General Public License for more details. # or (at your option) any later version.
#
# Debian Member Portfolio service is distributed in the hope that it will be# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
# General Public License for more details.
# #
# You should have received a copy of the GNU Affero General Public # You should have received a copy of the GNU Affero General Public
# License along with this program. If not, see # License along with this program. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
[DEFAULT] [DEFAULT]
gnupghome=~/debian/gnupghome
keyring.dir=~/debian/keyring.debian.org/keyrings keyring.dir=~/debian/keyring.debian.org/keyrings
urlbuilder.sections=overview,bugs,build,qa,lists,files,membership, urlbuilder.sections=overview,bugs,build,qa,lists,files,membership,
miscellaneous,ssh,ubuntu miscellaneous,ssh,ubuntu

View file

@ -1,20 +1,21 @@
# -*- python -*- # -*- python -*-
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# DDPortfolio service application key ring analyzer tool # Debian Member Portfolio service application key ring analyzer tool
# Copyright © 2009, 2010, 2011, 2012 Jan Dittberner <jan@dittberner.info>
# #
# This file is part of DDPortfolio service. # Copyright © 2009-2014 Jan Dittberner <jan@dittberner.info>
# #
# DDPortfolio service is free software: you can redistribute it and/or # This file is part of the Debian Member Portfolio service.
# modify it under the terms of the GNU Affero General Public License #
# as published by the Free Software Foundation, either version 3 of # Debian Member Portfolio service is free software: you can redistribute it
# and/or modify it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of
# the License, or (at your option) any later version. # the License, or (at your option) any later version.
# #
# DDPortfolio service is distributed in the hope that it will be # Debian Member Portfolio service is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
# Affero General Public License for more details. # General Public License for more details.
# #
# You should have received a copy of the GNU Affero General Public # You should have received a copy of the GNU Affero General Public
# License along with this program. If not, see # License along with this program. If not, see
@ -38,27 +39,28 @@ import sys
import email.utils import email.utils
CONFIG = ConfigParser.SafeConfigParser()
def _get_keyrings(): def _get_keyrings():
""" """
Gets the available keyring files from the keyring directory Gets the available keyring files from the keyring directory
configured in ddportfolio.ini. configured in ddportfolio.ini.
""" """
my_config = ConfigParser.ConfigParser() keyringdir = os.path.expanduser(CONFIG.get('DEFAULT', 'keyring.dir'))
my_config.readfp(pkg_resources.resource_stream(
__name__, 'ddportfolio.ini'))
keyringdir = os.path.expanduser(my_config.get('DEFAULT', 'keyring.dir'))
logging.debug("keyring dir is %s", keyringdir) logging.debug("keyring dir is %s", keyringdir)
keyrings = glob.glob(os.path.join(keyringdir, '*.gpg')) keyrings = glob.glob(os.path.join(keyringdir, '*.gpg'))
keyrings.extend(glob.glob(os.path.join(keyringdir, '*.pgp'))) keyrings.extend(glob.glob(os.path.join(keyringdir, '*.pgp')))
keyrings.sort() keyrings.sort()
return keyrings return keyrings
def _parse_uid(uid): def _parse_uid(uid):
""" """
Parse a uid of the form 'Real Name <email@example.com>' into email Parse a uid of the form 'Real Name <email@example.com>' into email
and realname parts. and realname parts.
""" """
# First try with the Python library, but it doesn't always catch everything # First try with the Python library, but it doesn't always catch everything
(name, mail) = email.utils.parseaddr(uid) (name, mail) = email.utils.parseaddr(uid)
if (not name) and (not mail): if (not name) and (not mail):
@ -103,49 +105,63 @@ def _add_to_result(key, newvalue):
resultdict[thekey].append(newvalue) resultdict[thekey].append(newvalue)
def _handle_mail(mail, fpr):
if mail.endswith('@debian.org'):
login = mail[0:-len('@debian.org')]
_add_to_result('login:email:%s' % mail, login)
_add_to_result('login:fpr:%s' % fpr, login)
_add_to_result('fpr:login:%s' % login, fpr)
_add_to_result('fpr:email:%s' % mail, fpr)
_add_to_result('email:fpr:%s' % fpr, mail)
def _handle_uid(uid, fpr):
# Do stuff with 'uid'
if uid:
(uid, mail) = _parse_uid(uid)
if mail:
_handle_mail(mail, fpr)
if uid:
_add_to_result('name:fpr:%s' % fpr, uid)
if mail:
_add_to_result('name:email:%s' % mail, uid)
return fpr
def process_gpg_list_keys_line(line, fpr):
"""
Process a line of gpg --list-keys --with-colon output.
"""
items = line.split(':')
if items[0] == 'pub':
return None
if items[0] == 'fpr':
return items[9].strip()
if items[0] == 'uid':
if items[1] == 'r':
return fpr
return _handle_uid(items[9].strip(), fpr)
else:
return fpr
def process_keyrings(): def process_keyrings():
"""Process the keyrings and store the extracted data in an anydbm """Process the keyrings and store the extracted data in an anydbm
file.""" file."""
for keyring in _get_keyrings(): for keyring in _get_keyrings():
logging.debug("get data from %s", keyring) logging.debug("get data from %s", keyring)
proc = subprocess.Popen(["gpg", "--no-options", "--no-default-keyring", proc = subprocess.Popen([
"gpg", "--no-options", "--no-default-keyring",
"--homedir", os.path.expanduser(
CONFIG.get('DEFAULT', 'gnupghome')),
"--no-expensive-trust-checks", "--no-expensive-trust-checks",
"--keyring", keyring, "--list-keys", "--keyring", keyring, "--list-keys",
"--with-colons", "--fixed-list-mode", "--with-fingerprint", "--with-fingerprint"], "--with-colons", "--fixed-list-mode", "--with-fingerprint",
"--with-fingerprint"],
stdout=subprocess.PIPE) stdout=subprocess.PIPE)
fpr = None fpr = None
entry = None
lastpub = None
for line in proc.stdout.readlines(): for line in proc.stdout.readlines():
items = line.split(':') fpr = process_gpg_list_keys_line(line, fpr)
uid = None
if items[0] == 'pub':
fpr = entry = None
lastpub = items[4].strip()
continue
elif items[0] == 'fpr':
fpr = items[9].strip()
elif items[0] == 'uid':
if items[1] == 'r':
continue
uid = items[9].strip()
else:
continue
# Do stuff with 'uid'
if uid:
(uid, mail) = _parse_uid(uid)
if mail:
if mail.endswith('@debian.org'):
login = mail[0:-len('@debian.org')]
_add_to_result('login:email:%s' % mail, login)
_add_to_result('login:fpr:%s' % fpr, login)
_add_to_result('fpr:login:%s' % login, fpr)
_add_to_result('fpr:email:%s' % mail, fpr)
_add_to_result('email:fpr:%s' % fpr, mail)
if uid:
_add_to_result('name:fpr:%s' % fpr, uid)
if mail:
_add_to_result('name:email:%s' % mail, uid)
retcode = proc.wait() retcode = proc.wait()
if retcode != 0: if retcode != 0:
logging.error("subprocess ended with return code %d", retcode) logging.error("subprocess ended with return code %d", retcode)
@ -158,4 +174,9 @@ def process_keyrings():
if __name__ == '__main__': if __name__ == '__main__':
logging.basicConfig(stream=sys.stderr, level=logging.WARNING) logging.basicConfig(stream=sys.stderr, level=logging.WARNING)
CONFIG.readfp(pkg_resources.resource_stream(
__name__, 'ddportfolio.ini'))
gpghome = os.path.expanduser(CONFIG.get('DEFAULT', 'gnupghome'))
if not os.path.isdir(gpghome):
os.makedirs(gpghome, 0700)
process_keyrings() process_keyrings()