summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-05-29tox: Add py312Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-05-29tests: Make StrayCompressedManifestLayout allow any gzip outputMichał Górny
Update StrayCompressedManifestLayout test not to rely on specific gzip output. It changes in Python 3.12, and it was a bad idea anyway. Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-29openpgp: Support specifying connection timeoutMichał Górny
Support specifying connection timeout for key refresh operations. Set the default to 3 minutes. This affects both WKD requests (via requests, supports sub-second timeouts) and GPG requests (via dirmngr, supports second precision). Closes: https://github.com/projg2/gemato/issues/26 Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-29Bump to 20.2Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-29gemato/openpgp: correctly handle duplicate keys vs unexpected keysRobin H. Johnson
The old code path had a subtle behavior bug: if an expected key appeared twice in data from a WKD URL, it was then removed entirely. This happened at one point due to a GPG behavior: when using --export, if --keyring is passed twice, with different keyrings, but those keyrings both contain the key being exported (possibly with different signatures), then the export output will have duplicates of PGP packets present in both keyrings (e.g. UID). To avoid this, defer the removal of unexpected keys until the main import is completed. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> Closes: https://github.com/projg2/gemato/pull/32 Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-22openpgp: Use DNS resolver of OSDavid Sardari
Signed-off-by: David Sardari <d@duxsco.de> Closes: https://github.com/projg2/gemato/pull/31 Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-07Bump to 20.1Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-07log: Make last of --debug/--quiet take precedenceMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-04-07cli: add --quiet for openpgp modesSam James
emerge-webrsync needs this to suppress non-error/warning messages when running in quiet mode to avoid noise in cronjobs. Signed-off-by: Sam James <sam@gentoo.org> Closes: https://github.com/projg2/gemato/pull/30 Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-03-20CI: add Python 3.12 alphasSam James
Closes: https://github.com/projg2/gemato/pull/29 Signed-off-by: Sam James <sam@gentoo.org>
2023-03-08.github: Add ko-fiMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-03-01Bump to v20.0Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-03-01openpgp: Fix typoMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-03-01Support verifying detached signatures of data from stdinMichał Górny
Closes: https://github.com/projg2/gemato/issues/28 Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-02-15.github: Add FUNDINGMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-02-15Bump to 19.0Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-02-15test_openpgp: Inline signature timestampMichał Górny
The signature timestamp is a property of the signature, not the key, so it does not belong in keydata. Also, they are used only once, so inline them both. Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-02-15openpgp: Do not reject signatures made prior to key expirationMichał Górny
If the key is expired, reject it only if the signature was made after the key expired. This only works in isolated environments where we control key trust explicitly — as GnuPG will consider all expired keys untrusted. Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-02-15test_openpgp: Inline MANIFEST_*_SIGMichał Górny
Inline MANIFEST_GOOD_SIG and MANIFEST_BAD_SIG lists. They are both being used in only one test, and they are combined there too. Add one missing Manifest to the list. Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-23Bump to v18.0Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-23utils: Fix pyflakes complaintsMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-23Update README for detached sig supportMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22Remove the old bin/ wrapperMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22Add a __main__ module to call the package convenientlyMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22cli: Support running the module directlyMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22cli: Support verifying detached signaturesMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22tests: Extend test_verify_detached() to 1-out-of-2 caseMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22tests: Make assert_signature() more reusableMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Add a function to verify detached signatureMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Move gpg output processing into a dedicated functionMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22cli: Print multiple signature dataMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22cli: Add --no-require-all-good to openpgp-verify commandMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Allow verifying a subset of signaturesMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22test_openpgp: Add more tests for the multi-signature caseMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Pass OpenPGPSignatureData to OpenPGPVerificationFailureMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22exceptions: Verify excs to subclasses of OpenPGPVerificationFailureMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Distinguish NO_PUBLIC_KEY statusMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Store all verification results in OpenPGPSignatureDataMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-22openpgp: Stop relying on `gpg --verify` exit statusMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21openpgp: Initial support for multiple signaturesMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21openpgp: Convert OpenPGPSignatureData into a dataclassMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21test_openpgp: Workaround pyflakes' failuresMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21Require Python 3.9+Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21test_openpgp: Put common part of Manifest into a varMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21tests: Move the combined keys to keydataMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2023-01-21tests.keydata: Add __main__ that prints keydataMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2022-09-26Discontinue the support for Python 3.6 and 3.7Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2022-09-26Modernize via pyupgradeMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2022-09-17Bump to 17.0Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
2022-09-17Update tox install rules for flitMichał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-21 13:07:44 +0000