Commit bbfe5c45 authored by Jean-Benoist Leger's avatar Jean-Benoist Leger

gpg_partial_refresh

parent df2d4df7
#!/usr/bin/python3
# Copyright (c) 2018, Jean-Benoist Leger <jb@leger.tf>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from __future__ import print_function
import subprocess
import sys
import argparse
import random
import numpy as np
def get_keys(gpg_exec):
so = subprocess.Popen(
[gpg_exec, "--no-auto-check-trustdb", "--list-keys", "--with-colons"],
stdout=subprocess.PIPE,
)
keys = []
while True:
one_line = so.stdout.readline()
if one_line == b"":
break
splitted_line = one_line.split(b":")
if splitted_line[0] == b"pub":
keys.append(splitted_line[4].decode("utf8"))
return keys
def recv_keys(gpg_exec, keys, nb_max_recv_per_cmd, debug):
for t in range(0, len(keys), nb_max_recv_per_cmd):
gnupg_cmd = [gpg_exec, "--no-auto-check-trustdb", "--recv-keys"]
if not debug:
gnupg_cmd.append("--quiet")
gnupg_cmd.extend(keys[t : (t + nb_max_recv_per_cmd)])
subprocess.call(gnupg_cmd)
def check_trustdb(gpg_exec, debug):
gnupg_cmd = [gpg_exec, "--check-trustdb"]
if not debug:
gnupg_cmd.append("--quiet")
subprocess.call(gnupg_cmd)
def refresh_partial(gpg_exec, ratio, nbmax_recv_per_cmd, verbose, debug):
keys = get_keys(gpg_exec)
k = int(np.ceil(ratio * len(keys)))
if verbose:
print(f"Refresh {k} keys. Keyring contains {len(keys)} keys", file=sys.stderr)
to_refresh = random.sample(keys, k)
if debug:
print(f"Keys to refresh:", file=sys.stderr)
for key in to_refresh:
print(f" - {key}", file=sys.stderr)
recv_keys(gpg_exec, to_refresh, nbmax_recv_per_cmd, debug)
check_trustdb(gpg_exec, debug)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Partially pubring")
parser.add_argument(
"-g",
"--gpg",
dest="gpg_exec",
default="gpg2",
help='Command to execute gpg (by default "gpg2")',
)
parser.add_argument(
"-N",
dest="nbmax_recv_per_cmd",
default=25,
type=int,
help="Maximum number of keys received by a single gnupg invocation (by default 25)",
)
parser.add_argument(
"-r",
dest="ratio",
default=.05,
type=float,
help="Ratio of the keyring to refresh",
)
parser.add_argument(
"-v", dest="verbose", default=False, action="store_true", help="verbose verbose"
)
parser.add_argument(
"-d", dest="debug", default=False, action="store_true", help="debug mode"
)
args = parser.parse_args()
if args.debug:
args.verbose = True
refresh_partial(
args.gpg_exec, args.ratio, args.nbmax_recv_per_cmd, args.verbose, args.debug
)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment