From b93ac7368dfddc8ce9a37824a54a95b93d46c7bf Mon Sep 17 00:00:00 2001 From: brent s Date: Tue, 5 Sep 2017 00:00:17 -0400 Subject: [PATCH] restructuring, adding man page to let us make the help output less verbose --- gpg/{ => kant}/commented.testbatch.kant.csv | 0 gpg/kant/kant.1 | 19 ++++++++ gpg/{ => kant}/kant.py | 54 ++++++++++++++++++--- gpg/{ => kant}/testbatch.kant.csv | 0 4 files changed, 66 insertions(+), 7 deletions(-) rename gpg/{ => kant}/commented.testbatch.kant.csv (100%) create mode 100644 gpg/kant/kant.1 rename gpg/{ => kant}/kant.py (89%) rename gpg/{ => kant}/testbatch.kant.csv (100%) diff --git a/gpg/commented.testbatch.kant.csv b/gpg/kant/commented.testbatch.kant.csv similarity index 100% rename from gpg/commented.testbatch.kant.csv rename to gpg/kant/commented.testbatch.kant.csv diff --git a/gpg/kant/kant.1 b/gpg/kant/kant.1 new file mode 100644 index 0000000..ccb4ad5 --- /dev/null +++ b/gpg/kant/kant.1 @@ -0,0 +1,19 @@ +.\" Manpage for KANT. +.\" Contact bts@square-r00t.net to correct errors or typos. +.TH kant 1 "04 Sept 2017" "1.0" "KANT - Keysigning and Notification Tool" +.SH NAME +kant \- Sign GnuPG/OpenPGP/PGP keys and notify the key owner(s) +.SH SYNOPSIS +.HP \w'\fBgpasswd\fR\ 'u +\fBkant\fR [\fIoptions\fR] \fI\fR +.SH DESCRIPTION +.PP +Keysigning (and keysigning parties) are a lot of fun\&. Unfortunately, they can be intimidating to those new to the experience\&. This tool offers a simple and easy-to-use interface to sign public keys (normal, local-only, and/or non-exportable), set owner trust, specify level of checking done, and push the signatures to a keyserver\&. +.SH OPTIONS +The nuseradd does not take any options. However, you can supply username. +.SH SEE ALSO +useradd(8), passwd(5), nuseradd.debian(8) +.SH BUGS +No known bugs. +.SH AUTHOR +Brent Saner (bts@square-r00t.net) \ No newline at end of file diff --git a/gpg/kant.py b/gpg/kant/kant.py similarity index 89% rename from gpg/kant.py rename to gpg/kant/kant.py index e4e41e2..ea82ae5 100755 --- a/gpg/kant.py +++ b/gpg/kant/kant.py @@ -14,6 +14,7 @@ import urllib.parse import gpgme # non-stdlib; Arch package is "python-pygpgme" # TODO: +# - http://tanguy.ortolo.eu/blog/article9/pgp-signature-infos edit certification level- possible with pygpgme? # -attach pubkey when sending below email # mail to first email address in key with signed message: #Subj: Your GPG key has been signed @@ -284,6 +285,24 @@ def sigKeys(trusts, args): # The More Business-End(TM) signerkey = gpg.get_key(s.keyid).subkeys[0].fpr if signerkey == mkey.subkeys[0].fpr: sign = False # We already signed this key + except gpgme.GpgmeError: + pass # usually if we get this it means we don't have a signer's key in our keyring + trusts[k]['sign'] = sign + + # edit_sign(ctx, key, index=0, local=False, norevoke=False, expire=True, check=0) + # index: the index of the user ID to sign, starting at 1. Sign all + # user IDs if set to 0. + # local: make a local signature + # norevoke: make a non-revokable signature + # command: the type of signature. One of sign, lsign, tsign or nrsign. + # expire: whether the signature should expire with the key. + # check: Amount of checking performed. One of: + # 0 - no answer + # 1 - no checking + # 2 - casual checking + # 3 - careful checking + + #gpgme.editutil.edit_sign(gpg, k, index = 0, lo def pushKeys(): # The Last Business-End(TM) @@ -414,13 +433,28 @@ def parseArgs(): help = 'The trust level to automatically apply to all keys\n' + '(if not specified, kant will prompt for each key).\n' + 'See -b/--batch for trust level notations.') + args.add_argument('-c', + '--check', + dest = 'checklevel', + default = None, + help = 'The level of checking done (if not specified, kant will\n' + + 'prompt for each key). See -b/--batch for check level notations.') + args.add_argument('-e', + '--export', + dest = 'export', + default = 'true', + help = 'Make the signatures exportable (default is True).\nSee -b/--batch for more information.') + args.add_argument('-l', + '--local', + dest = 'local', + default = 'false', + help = 'Make the signature(s) local-only (i.e. don\'t push to a keyserver).') args.add_argument('-s', '--keyservers', dest = 'keyservers', default = defkeyservers, - help = 'The comma-separated keyserver(s) to push to. If\n' + - '"None", don\'t push signatures (local-only signatures\n' + - 'will be made). Default keyserver list is: \n\n\t\033[1m{0}\033[0m\n\n'.format(re.sub(',', '\n\t', defkeyservers))) + help = 'The comma-separated keyserver(s) to push to.\n' + + 'Default keyserver list is: \n\n\t\033[1m{0}\033[0m\n\n'.format(re.sub(',', '\n\t', defkeyservers))) # This will require some restructuring... args.add_argument('-b', '--batch', @@ -428,12 +462,18 @@ def parseArgs(): action = 'store_true', help = 'If specified, -k/--keys is a CSV file to use as a\n' + 'batch run in the format of (one per line):\n' + - '\n\033[1mKEY_FINGERPRINT_OR_EMAIL_ADDRESS,TRUSTLEVEL,PUSH_TO_KEYSERVER\033[0m\n\n' - '\033[1mTRUSTLEVEL\033[0m can be numeric or string:' + + '\n\033[1mKEY_ID,TRUSTLEVEL,PUSH,CHECKLEVEL,EXPORT\033[0m\n' + '\n\033[1mKEY_ID\033[0m can be the full 40-char key ID (fingerprint)\n' + + 'or an email address of the key.\n\n\033[1mTRUSTLEVEL\033[0m is how much trust to assign, and can\n' + + 'be numeric or string:' + '\n\n\t\033[1m-1 = Never\n\t 0 = Unknown\n\t 1 = Untrusted\n\t 2 = Marginal\n\t 3 = Full\n\t 4 = Ultimate\033[0m\n' + - '\n\033[1mPUSH_TO_KEYSERVER\033[0m can be \033[1m1/True\033[0m, \033[1m0/False\033[0m, or \033[1m-1/Never\033[0m.\n' + + '\n\033[1mPUSH\033[0m can be \033[1m1/True\033[0m or \033[1m0/False\033[0m.\n' + 'If marked as False, the signature will be made local.\n' + - '(If marked as Never, the signature will be non-exportable.)') + '\n\033[1mCHECKLEVEL\033[0m is the amount of checking done on the owner\'s\n' + + 'validity of identity. Can be numeric or string:' + + '\n\n\t\033[1m 0 = Unknown\n\t 1 = None\n\t 2 = Casual\n\t 3 = Careful\033[0m\n' + + '\n\033[1mEXPORT\033[0m can be either \033[1m1/True\033[0m or \033[1m0/False\033[0m.\n' + + 'If True, make the signature exportable.\nIf False, make it non-exportable.') args.add_argument('-d', '--gpgdir', dest = 'gpgdir', diff --git a/gpg/testbatch.kant.csv b/gpg/kant/testbatch.kant.csv similarity index 100% rename from gpg/testbatch.kant.csv rename to gpg/kant/testbatch.kant.csv