On Wed, Apr 13, 2011 at 01:39:30AM +0200, Luca Capello wrote: > 4) I parse the digital list and feed the result to caff > > Point 4) is the most critical one: AFAIK there is no automatic tool to > do it, so I still use a pipeline Zack (X-Debbugs-Cc:ed) suggested me > back at DebConf6:
Oh gosh, I didn't even realize a dirty oneliner cooked up at some
DebConf could have survived so long, even after I forgot about it. So,
what's better then replacing it with one written in the same context?
You can find attached a simple per script which parses a participantlist
file, and returns all the fingerprints marked with X/X. It will return
all fingerprints belonging to the marked person. Since, as observed in
this bug log, caff groks fingerprints, this relieves from the need of
checking fingerprints when piped to caff (as long as the used
participantlist file has been verified, of course).
A non implemented feature that would be good to have is to exclude keys
whose uid are all marked as "(S)" by gpgsigs. However, that is
suboptimal as new uid might have added among the time participantlist
has been prepared and the actual signing (given that with caff
individual uid-s are mailed their own signatures, many people consider
safe signing the new uid-s too).
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
#!/usr/bin/perl -w
#
# parse a gpgparticipants file and return fingerprints of verified keys
#
# Copyright: © 2011 Stefano Zacchiroli <z...@upsilon.cc>
# License: GNU General Public License (GPL), version 3 or above
# Key verification is indicated by editing the gpgparticipants file and marking
# with "X" both the "Fingerprint(s)" and "ID" check boxes in it. E.g.:
#
# #95 Stefano Zacchiroli (rank: 12)
#
# [X] Fingerprint(s) OK [X] ID OK
#
# pub 4096R/6D866396 2010-09-27
# Key fingerprint = 4900 707D DC5C 07F2 DECB 0283 9C31 503C 6D86 6396
use strict;
my $checksum_found = 0;
my $block = 0;
my $verified_block = 0;
my @fingerprints = ();
while (my $line = <>) {
chomp $line;
if (! $checksum_found && $line =~ /^SHA256/) {
$checksum_found = 1;
} elsif ($checksum_found) {
if ($line =~ /^#(\d+)/) {
$block = int($1);
$verified_block = 0;
} elsif ($line =~ /^\s+\[X\].*OK\s+\[X\].*OK.*$/i) {
$verified_block = 1;
} elsif ($verified_block && $line =~
/^\s+Key\s+fingerprint\s+=\s+(.*)\s*$/) {
my $fpr = $1;
$fpr =~ s/ +//g;
push @fingerprints, $fpr;
}
}
}
foreach my $fpr (@fingerprints) {
print $fpr, "\n";
}
signature.asc
Description: Digital signature
