diff options
| author |   Brian Dolbec <dolsen@gentoo.org> | 2015-08-09 15:43:31 -0700 |
|---|---|---|
| committer | Brian Dolbec <dolsen@gentoo.org> | 2015-08-09 15:52:05 -0700 |
| commit | 38d2b1fed19ac636346ab1e7a456bbac5bc69cec (patch) | |
| tree | 4ad48da1f83dfcb237b45406dba46c52abfa21a2 | |
| parent | gkeys/seedhandler.py: Add an isdir check to load_category (diff) | |
| download | gentoo-keys-38d2b1fed19ac636346ab1e7a456bbac5bc69cec.tar.gz gentoo-keys-38d2b1fed19ac636346ab1e7a456bbac5bc69cec.tar.bz2 gentoo-keys-38d2b1fed19ac636346ab1e7a456bbac5bc69cec.zip | |
gkeys: Add settable trust-model for the keyrings
The --trust-model option is needed for git verification and many other gkeys operations.
| -rw-r--r-- | gkeys/etc/gkeys.conf | 14 | ||||
| -rw-r--r-- | gkeys/gkeys/actionbase.py | 10 |
2 files changed, 23 insertions, 1 deletions
diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf index e7a363f..e9eb820 100644 --- a/gkeys/etc/gkeys.conf +++ b/gkeys/etc/gkeys.conf @@ -67,9 +67,12 @@ files: 0o022 # file is a json text file of: nick, name, keydir, fingerprint # one file per line # category = category or seedfile name -# these categories/seedfile nmaes are used for the +# these categories/seedfile names are used for the # -C, --category input value validations # eg: category: filepath +# +# If adding additional seed files, +# remember to set an appropriate [trust-model] for them below" gentoo: %(seedsdir)s/gentoo.seeds gentoo-devs: %(seedsdir)s/gentoo-devs.seeds @@ -92,6 +95,15 @@ gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds #sign: +# Set the trust levels +# one of {pgp|classic|direct|always|auto} +# default is "auto" +# for the gentoo and gentoo-devs keyrings set to "always" +[trust-model] +gentoo: always +gentoo-devs: always + + [verify-seeds] # mapping of the seedfile category name diff --git a/gkeys/gkeys/actionbase.py b/gkeys/gkeys/actionbase.py index 77748c5..e8d5ba4 100644 --- a/gkeys/gkeys/actionbase.py +++ b/gkeys/gkeys/actionbase.py @@ -85,6 +85,16 @@ class ActionBase(object): self.category = cat catdir = os.path.join(keyring, cat) self.logger.debug(_unicode("ACTIONS: _set_category; catdir = %s") % catdir) + self._set_trust(cat) return catdir + def _set_trust(self, cat): + trust = self.config.get_key('trust-model', cat) + if trust in [None]: + trust = 'auto' + if 'trust-model' in self.config.defaults['gpg_defaults']: + index = self.config.defaults['gpg_defaults'].index('trust-model') + self.config.defaults['gpg_defaults'][index+1] = trust + else: + self.config.defaults['gpg_defaults'].extend(['--trust-model', trust]) |