Refresh OpenPGP keys before verification

Always refresh OpenPGP keys before starting the verification process.
This ensures that the key has not been revoked, and also reduces
the risk of using an expired key.

3 files changed, 35 insertions, 4 deletions

diff --git a/gemato/cli.py b/gemato/cli.py
index 7459841..b0f4dbe 100644
--- a/gemato/cli.py
+++ b/gemato/cli.py
@@ -1,6 +1,6 @@
 # gemato: CLI routines
 # vim:fileencoding=utf-8
-# (c) 2017 Michał Górny
+# (c) 2017-2018 Michał Górny
 # Licensed under the terms of 2-clause BSD license
 
 from __future__ import print_function
@@ -55,6 +55,12 @@ def do_verify(args, argp):
             if args.openpgp_key is not None:
                 with io.open(args.openpgp_key, 'rb') as f:
                     env.import_key(f)
+                # always refresh keys to check for revocation
+                # (unless user specifically asked us not to)
+                if args.refresh_keys:
+                    logging.info('Refreshing keys from keyserver...')
+                    env.refresh_keys()
+                    logging.info('Keys refreshed.')
             init_kwargs['openpgp_env'] = env
 
             start = timeit.default_timer()
@@ -70,6 +76,8 @@ def do_verify(args, argp):
                 logging.error('Top-level Manifest {} is not OpenPGP signed'.format(tlm))
                 return 1
 
+            logging.info('Verifying {}...'.format(p))
+
             relpath = os.path.relpath(p, os.path.dirname(tlm))
             if relpath == '.':
                 relpath = ''
@@ -86,7 +94,7 @@ def do_verify(args, argp):
                 return 1
 
             stop = timeit.default_timer()
-            logging.info('{} validated in {:.2f} seconds'.format(p, stop - start))
+            logging.info('{} verified in {:.2f} seconds'.format(p, stop - start))
     return 0 if ret else 1
 
 
@@ -163,6 +171,8 @@ def do_update(args, argp):
                     argp.error('Incremental specified but no timestamp in Manifest')
                 update_kwargs['last_mtime'] = last_ts.ts.timestamp()
 
+            logging.info('Updating Manifests in {}...'.format(p))
+
             try:
                 start_ts = datetime.datetime.utcnow()
                 m.update_entries_for_directory(relpath, **update_kwargs)
@@ -249,6 +259,8 @@ def do_create(args, argp):
             if m.hashes is None:
                 argp.error('--hashes must be specified if not implied by --profile')
 
+            logging.info('Creating Manifests in {}...'.format(p))
+
             try:
                 start_ts = datetime.datetime.utcnow()
                 m.update_entries_for_directory()
@@ -293,6 +305,10 @@ def main(argv):
     verify.add_argument('-P', '--no-openpgp-verify', action='store_false',
             dest='openpgp_verify',
             help='Disable OpenPGP verification of signed Manifests')
+    verify.add_argument('-R', '--no-refresh-keys', action='store_false',
+            dest='refresh_keys',
+            help='Disable refreshing OpenPGP key (prevents network access, applicable '
+                +'when using -K only)')
     verify.add_argument('-s', '--require-signed-manifest', action='store_true',
             help='Require that the top-level Manifest is OpenPGP signed')
     verify.set_defaults(func=do_verify)
diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index b80ccbb..6fa500a 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -1,6 +1,6 @@
 # gemato: OpenPGP verification support
 # vim:fileencoding=utf-8
-# (c) 2017 Michał Górny
+# (c) 2017-2018 Michał Górny
 # Licensed under the terms of 2-clause BSD license
 
 import errno
@@ -41,6 +41,15 @@ class OpenPGPSystemEnvironment(object):
 
         raise NotImplementedError('import_key() is not implemented by this OpenPGP provider')
 
+    def refresh_keys(self):
+        """
+        Update the keys from their assigned keyservers. This should be called
+        at start of every execution in order to ensure that revocations
+        are respected. This action requires network access.
+        """
+
+        raise NotImplementedError('refresh_keys() is not implemented by this OpenPGP provider')
+
     def verify_file(self, f):
         """
         Perform an OpenPGP verification of Manifest data in open file @f.
@@ -156,6 +165,11 @@ disable-scdaemon
         if exitst != 0:
             raise RuntimeError('Unable to import key: {}'.format(err.decode('utf8')))
 
+    def refresh_keys(self):
+        exitst, out, err = self._spawn_gpg(['--refresh-keys'], '')
+        if exitst != 0:
+            raise RuntimeError('Unable to refresh keys: {}'.format(err.decode('utf8')))
+
     @property
     def home(self):
         if self._home is None:
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py
index 2241931..f42ad85 100644
--- a/tests/test_openpgp.py
+++ b/tests/test_openpgp.py
@@ -1,6 +1,6 @@
 # gemato: OpenPGP signature support tests
 # vim:fileencoding=utf-8
-# (c) 2017 Michał Górny
+# (c) 2017-2018 Michał Górny
 # Licensed under the terms of 2-clause BSD license
 
 import base64
@@ -436,6 +436,7 @@ class OpenPGPCorrectKeyTest(unittest.TestCase):
             self.assertEqual(
                     gemato.cli.main(['gemato', 'verify',
                         '--openpgp-key', os.path.join(d, '.key.asc'),
+                        '--no-refresh-keys',
                         '--require-signed-manifest', d]),
                     0)
         finally: