[gentoo-commits] proj/gentoo-keys:master commit in: gkeys/gkeys/, gkeys/etc/

[Brian Dolbec]

commit:     38d2b1fed19ac636346ab1e7a456bbac5bc69cec
Author:     Brian Dolbec <dolsen <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  9 22:43:31 2015 +0000
Commit:     Brian Dolbec <dolsen <AT> gentoo <DOT> org>
CommitDate: Sun Aug  9 22:52:05 2015 +0000
URL:        https://gitweb.gentoo.org/proj/gentoo-keys.git/commit/?id=38d2b1fe

gkeys: Add settable trust-model for the keyrings

The --trust-model option is needed for git verification and many other gkeys 
operations.

 gkeys/etc/gkeys.conf      | 14 +++++++++++++-
 gkeys/gkeys/actionbase.py | 10 ++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index e7a363f..e9eb820 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -67,9 +67,12 @@ files: 0o022
 # file is a json text file of: nick, name, keydir, fingerprint
 # one file per line
 # category = category or seedfile name
-# these categories/seedfile nmaes are used for the
+# these categories/seedfile names are used for the
 # -C, --category input value validations
 # eg: category: filepath
+#
+# If adding additional seed files,
+# remember to set an appropriate [trust-model] for them below"
 gentoo: %(seedsdir)s/gentoo.seeds
 gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
 
@@ -92,6 +95,15 @@ gentoo-devs: 
https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
 #sign:
 
 
+# Set the trust levels
+# one of {pgp|classic|direct|always|auto}
+# default is "auto"
+# for the gentoo and gentoo-devs keyrings set to "always"
+[trust-model]
+gentoo: always
+gentoo-devs: always
+
+
 [verify-seeds]
 
 # mapping of the seedfile category name

diff --git a/gkeys/gkeys/actionbase.py b/gkeys/gkeys/actionbase.py
index 77748c5..e8d5ba4 100644
--- a/gkeys/gkeys/actionbase.py
+++ b/gkeys/gkeys/actionbase.py
@@ -85,6 +85,16 @@ class ActionBase(object):
         self.category = cat
         catdir = os.path.join(keyring, cat)
         self.logger.debug(_unicode("ACTIONS: _set_category; catdir = %s") % 
catdir)
+        self._set_trust(cat)
         return catdir
 
 
+    def _set_trust(self, cat):
+        trust = self.config.get_key('trust-model', cat)
+        if trust in [None]:
+            trust = 'auto'
+        if 'trust-model' in self.config.defaults['gpg_defaults']:
+            index = self.config.defaults['gpg_defaults'].index('trust-model')
+            self.config.defaults['gpg_defaults'][index+1] = trust
+        else:
+            self.config.defaults['gpg_defaults'].extend(['--trust-model', 
trust])