diff options
| author | Michał Górny <mgorny@gentoo.org> | 2018-07-23 23:57:19 +0200 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2018-07-24 08:41:52 +0200 |
| commit | 47e2a99c4497ea5c728ee4c9d5feb27076aff74d (patch) | |
| tree | 61f60aa3b3ff3a06b720ce1674ca06e39191570c | |
| parent | 909390c25a0ab589a4ae10d20cb9e321a51163b2 (diff) | |
| download | gemato-47e2a99c4497ea5c728ee4c9d5feb27076aff74d.tar.gz | |
openpgp: Support specifying custom keyserver URL
| -rw-r--r-- | gemato/cli.py | 5 | ||||
| -rw-r--r-- | gemato/openpgp.py | 17 |
2 files changed, 16 insertions, 6 deletions
diff --git a/gemato/cli.py b/gemato/cli.py index a33e593..15e46ad 100644 --- a/gemato/cli.py +++ b/gemato/cli.py @@ -126,6 +126,8 @@ class VerifyingOpenPGPMixin(BaseOpenPGPMixin): dest='allow_wkd', help='Do not attempt to use WKD to refetch keys (use ' +'keyservers only)') + subp.add_argument('--keyserver', + help='Force custom keyserver URL') def parse_args(self, args, argp): super(VerifyingOpenPGPMixin, self).parse_args(args, argp) @@ -135,7 +137,8 @@ class VerifyingOpenPGPMixin(BaseOpenPGPMixin): # (unless user specifically asked us not to) if args.refresh_keys: logging.info('Refreshing keys...') - self.openpgp_env.refresh_keys(allow_wkd=args.allow_wkd) + self.openpgp_env.refresh_keys(allow_wkd=args.allow_wkd, + keyserver=args.keyserver) logging.info('Keys refreshed.') diff --git a/gemato/openpgp.py b/gemato/openpgp.py index d3cb13d..dc2dd8e 100644 --- a/gemato/openpgp.py +++ b/gemato/openpgp.py @@ -56,7 +56,7 @@ class OpenPGPSystemEnvironment(object): raise NotImplementedError('import_key() is not implemented by this OpenPGP provider') - def refresh_keys(self, allow_wkd=True): + def refresh_keys(self, allow_wkd=True, keyserver=None): """ Update the keys from their assigned keyservers. This should be called at start of every execution in order to ensure that revocations @@ -65,6 +65,9 @@ class OpenPGPSystemEnvironment(object): @allow_wkd specifies whether WKD can be used to fetch keys. This is experimental but usually is more reliable than keyservers. If WKD fails to fetch *all* keys, gemato falls back to keyservers. + + @keyserver may be used to force an alternate keyserver. If its present, + it should specify a keyserver URL. """ raise NotImplementedError('refresh_keys() is not implemented by this OpenPGP provider') @@ -308,16 +311,20 @@ disable-scdaemon return True - def refresh_keys_keyserver(self): - exitst, out, err = self._spawn_gpg(['--refresh-keys'], '') + def refresh_keys_keyserver(self, keyserver=None): + ks_args = [] + if keyserver is not None: + ks_args = ['--keyserver', keyserver] + + exitst, out, err = self._spawn_gpg(ks_args + ['--refresh-keys'], '') if exitst != 0: raise gemato.exceptions.OpenPGPKeyRefreshError(err.decode('utf8')) - def refresh_keys(self, allow_wkd=True): + def refresh_keys(self, allow_wkd=True, keyserver=None): if allow_wkd and self.refresh_keys_wkd(): return - self.refresh_keys_keyserver() + self.refresh_keys_keyserver(keyserver=keyserver) @property def home(self): |