-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote GPG key info #2401
Remote GPG key info #2401
Commits on Jul 15, 2021
-
lib/repo: Factor out GPG verifier key imports
Currently the verifier only imports all the GPG keys when verifying data, but it would also be useful for inspecting the trusted keys.
Configuration menu - View commit details
-
Copy full SHA for dba2cdc - Browse repository at this point
Copy the full SHA dba2cdcView commit details -
lib/repo: Factor out GPG verifier preparation
In order to use the GPG verifier, it needs to be seeded with GPG keys after instantation. Currently this is only used for verifying data, but it will also be used for getting a list of trusted GPG keys in a subsequent commit.
Configuration menu - View commit details
-
Copy full SHA for c8715c1 - Browse repository at this point
Copy the full SHA c8715c1View commit details -
lib/repo: Allow preparing GPG verifier without global keyrings
Currently the verifier decides whether to include the global keyrings based on whether the specified remote has its own keyring or not. Allow callers to exclude the global keyrings even when that's not the case. This will be used in a subsequent commit in order to get the GPG keys only associated with a remote.
Configuration menu - View commit details
-
Copy full SHA for fc07365 - Browse repository at this point
Copy the full SHA fc07365View commit details -
lib/repo: Add ostree_repo_remote_get_gpg_keys()
This function enumerates the trusted GPG keys for a remote and returns an array of `GVariant`s describing them. This is useful to see which keys are collected by ostree for a particular remote. The same information can be gathered with `gpg`. However, since ostree allows multiple keyring locations, that's only really useful if you have knowledge of how ostree collects GPG keyrings. The format of the variants is documented in `OSTREE_GPG_KEY_GVARIANT_FORMAT`. This format is primarily a copy of selected fields within `gpgme_key_t` and its subtypes. The fields are placed within vardicts rather than using a more efficient tuple of concrete types. This will allow flexibility if more components of `gpgme_key_t` are desired in the future.
Configuration menu - View commit details
-
Copy full SHA for a50f6d0 - Browse repository at this point
Copy the full SHA a50f6d0View commit details -
bin/remote: Add list-gpg-keys subcommand
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys` function to show the GPG keys associated with a remote. This is particularly useful for validating that GPG key updates have been applied. Tests are added, which checks the `ostree_repo_remote_get_gpg_keys` API by extension.
Configuration menu - View commit details
-
Copy full SHA for 74fb0c5 - Browse repository at this point
Copy the full SHA 74fb0c5View commit details -
libotutil: Import implementation of zbase32 encoding
This will be used to implement the PGP Web Key Directory (WKD) URL generation. This is a slightly cleaned up implementation[1] taken from the zbase32 author's original implementation[2]. It provides a single zbase32_encode API to convert a set of bytes to the zbase32 encoding. I believe this should be acceptable for inclusion in ostree. The license in the source files is BSD style while the original repo LICENSE file claims the Creative Commons CC0 1.0 Universal license, which is public domain. 1. https://github.com/dbnicholson/libbase32/tree/for-ostree 2. https://github.com/zooko/libbase32
Configuration menu - View commit details
-
Copy full SHA for fbff05e - Browse repository at this point
Copy the full SHA fbff05eView commit details -
libotutil: Add helper for GPG WKD update URLs
Calculate the advanced and direct update URLs for the key discovery portion[1] of the OpenPGP Web Key Directory specification, and include the URLs in the key listing in ostree_repo_remote_get_gpg_keys(). These URLs can be used to locate updated GPG keys for the remote. 1. https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-3.1
Configuration menu - View commit details
-
Copy full SHA for 4fa403a - Browse repository at this point
Copy the full SHA 4fa403aView commit details -
lib/repo: Include WKD update URLs in GPG key listing
If the key UID contains a valid email address, include the GPG WKD update URLs in GVariant returned by ostree_repo_remote_get_gpg_keys().
Configuration menu - View commit details
-
Copy full SHA for 27dc5d7 - Browse repository at this point
Copy the full SHA 27dc5d7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 90a3bda - Browse repository at this point
Copy the full SHA 90a3bdaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 30c054b - Browse repository at this point
Copy the full SHA 30c054bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 814e481 - Browse repository at this point
Copy the full SHA 814e481View commit details -
Configuration menu - View commit details
-
Copy full SHA for 81df5c8 - Browse repository at this point
Copy the full SHA 81df5c8View commit details