forked from hswaw/hscloud
tools/secretstore: fix gpg encryption for expired key
We also set --trust-model=always, as we explicitly ship GPG fingerprints, so there's no need to rely on GPG's web of trust shenanigans. Change-Id: If2976130315c044f1d1727c61a6f6d489c876a52master
parent
4e534cc03c
commit
f97c9688d5
|
@ -49,6 +49,10 @@ keys = [
|
||||||
"0879F9FCA1C836677BB808C870FD60197E195C26", # implr
|
"0879F9FCA1C836677BB808C870FD60197E195C26", # implr
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# Currently, Patryk's GPG key is expired. This hacks around that by pretending
|
||||||
|
# it's January 2021.
|
||||||
|
# TODO(q3k/patryk): remove this once Patryk updates his key.
|
||||||
|
systime = '20210101T000000'
|
||||||
|
|
||||||
_logger_name = __name__
|
_logger_name = __name__
|
||||||
if _logger_name == '__main__':
|
if _logger_name == '__main__':
|
||||||
|
@ -61,7 +65,15 @@ class CLIException(Exception):
|
||||||
|
|
||||||
|
|
||||||
def encrypt(src, dst):
|
def encrypt(src, dst):
|
||||||
cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
|
cmd = [
|
||||||
|
'gpg' ,
|
||||||
|
'--encrypt',
|
||||||
|
'--faked-system-time', systime,
|
||||||
|
'--trust-model', 'always',
|
||||||
|
'--armor',
|
||||||
|
'--batch', '--yes',
|
||||||
|
'--output', dst,
|
||||||
|
]
|
||||||
for k in keys:
|
for k in keys:
|
||||||
cmd.append('--recipient')
|
cmd.append('--recipient')
|
||||||
cmd.append(k)
|
cmd.append(k)
|
||||||
|
@ -80,7 +92,7 @@ def _encryption_key_for_fingerprint(fp):
|
||||||
Returns the encryption key ID for a given GPG fingerprint (eg. one from the
|
Returns the encryption key ID for a given GPG fingerprint (eg. one from the
|
||||||
'keys' list.
|
'keys' list.
|
||||||
"""
|
"""
|
||||||
cmd = ['gpg', '-k', '--keyid-format', 'long', fp]
|
cmd = ['gpg', '-k', '--faked-system-time', systime, '--keyid-format', 'long', fp]
|
||||||
res = subprocess.check_output(cmd).decode()
|
res = subprocess.check_output(cmd).decode()
|
||||||
|
|
||||||
# Sample output:
|
# Sample output:
|
||||||
|
|
Loading…
Reference in New Issue