aboutsummaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Bump to 20.12•••Signed-off-by: Michał Górny <mgorny@gentoo.org> HEADv20.12masterMichał Górny2026-01-101-1/+1
* openpgp: always update information about the Web of Trust•••gemato can fail if /etc/gnupg/gpg.conf contains no-auto-check-trustdb while gemato needs --check-trustdb: $ gemato openpgp-verify-detached -K /usr/share/openpgp-keys/chetramey.asc -R --no-require-all-good /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz ERROR OpenPGP verification failed for <_io.BufferedReader name='/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz'> (sig in /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig): Good OpenPGP signature made using untrusted key: gpg: Warning: using insecure memory! gpg: Signature made Wed Jul 2 13:17:41 2025 UTC gpg: using DSA key 7C0135FB088AAF6C66C650B9BB5869F064EA74AB gpg: please do a --check-trustdb gpg: Good signature from "Chet Ramey <chet@cwru.edu>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7C01 35FB 088A AF6C 66C6 50B9 BB58 69F0 64EA 74AB This commit circumvent the issue by forcing --auto-check-trustdb which takes precedence over configuration file. Closes: https://bugs.gentoo.org/968583 Signed-off-by: Bertrand Jacquin <bertrand@jacquin.bzh> Part-of: https://github.com/gentoo/gemato/pull/41 Closes: https://github.com/gentoo/gemato/pull/41 Signed-off-by: Michał Górny <mgorny@gentoo.org> Bertrand Jacquin2026-01-101-2/+4
* Bump to 20.11•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.11Michał Górny2025-12-281-1/+1
* Fix datetime.datetime.utcnow DeprecationWarning•••``` /usr/share/gemato/gen_fast_metamanifest.py:119: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). ``` We can't use `datetime.UTC` because of old Python, so use `datetime.timezone.utc` instead to support <py3.11. Signed-off-by: Sam James <sam@gentoo.org> Part-of: https://github.com/gentoo/gemato/pull/40 Closes: https://github.com/gentoo/gemato/pull/40 Signed-off-by: Michał Górny <mgorny@gentoo.org> Sam James2025-12-284-6/+6
* Bump to 20.10•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.10Michał Górny2025-10-251-1/+1
* openpgp: Do not require "fpr" to follow "pub" immediately•••Fix processing "gpg --with-colons --list-keys" output to accept additional data (e.g. "rvk" lines) between a "pub" and a "fpr", as long as no UIDs or subkeys get in the way. Closes: https://github.com/gentoo/gemato/issues/39 Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-251-19/+30
* Bump to 20.9•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.9Michał Górny2025-10-251-1/+1
* openpgp: drop debugging print() from list_keys•••Fixes: 4a6d2c0daad479ada7cb8492e4c900cc0f08dad4 Signed-off-by: Sam James <sam@gentoo.org> Part-of: https://github.com/gentoo/gemato/pull/38 Closes: https://github.com/gentoo/gemato/pull/38 Signed-off-by: Michał Górny <mgorny@gentoo.org> Sam James2025-10-251-1/+0
* Bump to 20.8•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.8Michał Górny2025-10-241-1/+1
* Include test data in sdist•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-0/+1
* Bump to 20.7•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-1/+1
* Fix unfinished comment•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-1/+1
* Fix testing without GPG•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-1/+4
* Detect sequoia-chameleon-gnupg and XFAIL remaining tests•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-4/+28
* openpgp: Process refresh results manually•••Check the exact keys used while refreshing via HKP. Sequoia does not return errors like GnuPG does, so we need to double-check the result ourselves. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-1/+19
* Use correct GNUPG executable in gpg-wrap tests•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-3/+4
* openpgp: Explicitly reject keys with no valid UIDs•••Explicitly detect keys that have no self-signatures (via missing UID creation date) and reject them while importing. This is needed to match GnuPG behavior when using sequoia-chameleon-gnupg. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-2/+16
* openpgp: Make list_keys() return all UIDs•••Modify list_keys() to return all UIDs in a key, and do filtering in refresh_keys_wkd(). This will enable us to cleanly reuse it to check for keys without (valid) UIDs. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-242-19/+24
* Include the original signature in EXPIRED_PUBLIC_KEY•••Sequoia PGP requires that the original signature is present as well as the newer signature. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-1/+1
* Remove direct trust-mode setting•••Remove `trust-mode direct` since it's not supported by sequoia-chameleon-gnupg. It shouldn't really matter since we're using an isolated keyring, it was only an optimization. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-241-6/+0
* Regenerate test keys•••Add a script to regenerate test keys, and use it to generate a new set of test keys with more predictable timestamps, and hopefully more correct data. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-2428-70/+184
* Generate modified signed test Manifest programmatically•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-242-21/+13
* Generate dash-escaped test Manifest programatically•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-242-21/+13
* Annotate OpenPGP test data•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-231-9/+35
* Merge keydata.py back into test_openpgp.py•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-232-133/+85
* Move remaining test data into files•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-2312-188/+186
* Move test key data to files•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-2326-162/+45
* openpgp: Raise an exception of importing yields no keys•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-221-5/+7
* Revert "openpgp: Explicitly reject keys with no valid self-sigs"•••FreePG has been fixed. Let's revert the change for now, since the code is quite messy. We can reapply if Sequoia needs something similar. Reverts: 17c9c9c8b96f60115d1ad12232ac89f80b2e38b3 Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-221-28/+6
* openpgp: Explicitly reject keys with no valid self-sigs•••Explicitly detect keys that have no self-signatures (via missing UID creation date) and reject them while importing. This is necessary to match GnuPG behavior in FreePG, where importing keys without (valid) self-signatures is acceptable. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-211-6/+28
* openpgp: Support list_keys() in all envs•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2025-10-212-57/+76
* Fix license trove classifier•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2024-11-281-1/+1
* Include COPYING in sdist•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2024-07-151-0/+1
* Bump to 20.6•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.6Michał Górny2024-06-171-1/+1
* Update tested implementation list•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2024-06-172-2/+2
* openpgp: disable Tor use in dirmngr•••Pass 'no-use-tor' to avoid automagically using Tor if it's available on the system (which gnupg does by default)! This often causes connectivity issues and is a source of great confusion for users. See also d54fc1c3f35dca78a66dde10b857ab9ee54c68bc in getuto. Signed-off-by: Sam James <sam@gentoo.org> Closes: https://github.com/projg2/gemato/pull/34 Signed-off-by: Michał Górny <mgorny@gentoo.org> Sam James2024-06-171-2/+5
* Relicense as GPL-2.0-or-later•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2024-06-1727-46/+362
* Bump to 20.5•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.5Michał Górny2023-08-141-1/+1
* cli: Allow enabling debug via GEMATO_DEBUG envvar•••Support using GEMATO_DEBUG envvar to override the log level and force DEBUG. This is mostly meant to handle calling gemato executable via scripts where users can't trivially pass `--debug`. When gemato is used via the Python API, the caller needs to configure the logger. Something akin to the following is recommended: logging.basicConfig() if os.environ.get("GEMATO_DEBUG"): logging.getLogger("gemato").setLevel(logging.DEBUG) plus passing `debug=True` to `OpenPGPEnvironment` constructors. CloseS: https://github.com/projg2/gemato/issues/7 Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-08-141-0/+4
* Use per-module loggers•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-08-132-62/+67
* testutil: Remove obsolete test classes•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-08-131-35/+1
* Bump to 20.4•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.4Michał Górny2023-05-291-1/+1
* Remove leftover debug prints•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-05-292-4/+1
* Bump to 20.3•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.3Michał Górny2023-05-291-1/+1
* tox: Add py312•••Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-05-291-1/+1
* tests: Make StrayCompressedManifestLayout allow any gzip output•••Update StrayCompressedManifestLayout test not to rely on specific gzip output. It changes in Python 3.12, and it was a bad idea anyway. Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-05-291-20/+27
* openpgp: Support specifying connection timeout•••Support specifying connection timeout for key refresh operations. Set the default to 3 minutes. This affects both WKD requests (via requests, supports sub-second timeouts) and GPG requests (via dirmngr, supports second precision). Closes: https://github.com/projg2/gemato/issues/26 Signed-off-by: Michał Górny <mgorny@gentoo.org> Michał Górny2023-04-292-6/+31
* Bump to 20.2•••Signed-off-by: Michał Górny <mgorny@gentoo.org> v20.2Michał Górny2023-04-291-1/+1
* gemato/openpgp: correctly handle duplicate keys vs unexpected keys•••The old code path had a subtle behavior bug: if an expected key appeared twice in data from a WKD URL, it was then removed entirely. This happened at one point due to a GPG behavior: when using --export, if --keyring is passed twice, with different keyrings, but those keyrings both contain the key being exported (possibly with different signatures), then the export output will have duplicates of PGP packets present in both keyrings (e.g. UID). To avoid this, defer the removal of unexpected keys until the main import is completed. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> Closes: https://github.com/projg2/gemato/pull/32 Signed-off-by: Michał Górny <mgorny@gentoo.org> Robin H. Johnson2023-04-291-11/+25
* openpgp: Use DNS resolver of OS•••Signed-off-by: David Sardari <d@duxsco.de> Closes: https://github.com/projg2/gemato/pull/31 Signed-off-by: Michał Górny <mgorny@gentoo.org> David Sardari2023-04-221-0/+6