| 1 |
Hello, |
| 2 |
|
| 3 |
This year I worked on improving and expanding the features of Gentoo Keys. |
| 4 |
|
| 5 |
Gentoo Keys is a Python based project that aims to manage the GPG |
| 6 |
keys used for validation on users and Gentoo's infrastructure |
| 7 |
servers. These keys will be any/all of the release keys, developer keys |
| 8 |
and any other third party keys or keyrings available or needed. |
| 9 |
|
| 10 |
Source code: https://github.com/gentoo/gentoo-keys |
| 11 |
|
| 12 |
Final Report |
| 13 |
========= |
| 14 |
|
| 15 |
Status: Finished |
| 16 |
|
| 17 |
Outline of features: |
| 18 |
--------------------------- |
| 19 |
Seeds |
| 20 |
* Seed file fetching support. |
| 21 |
* Data format reconstruction from pickle to JSON. |
| 22 |
* Addition/deletion/listing actions. |
| 23 |
Keys |
| 24 |
* Key installation support via seed files. |
| 25 |
* Key removal/listing support. |
| 26 |
Keyrings |
| 27 |
* Gentoo Keys can now export a public keyring with trusted keys. |
| 28 |
That binary keyring can be signed by a Certificate Authority(CA) and |
| 29 |
distributed to the users. |
| 30 |
Verification |
| 31 |
* File verification support(locally or via URL). |
| 32 |
Key checks |
| 33 |
* Checks for expired or revoked keys. |
| 34 |
* Checks for key validity. |
| 35 |
* Key capabilities checks. |
| 36 |
OpenPGP Key generation tool (Gkeygen) |
| 37 |
* OpenPGP key generation based on the GLEP 63 specifications[0]. |
| 38 |
Gentoo Key LDAP tool (Gkeyldap) |
| 39 |
* Gentoo-specific tool that is going to be used by Gentoo |
| 40 |
infrastructure in conjunction with LDAP to update seeds and remove |
| 41 |
keys that fail checks. |
| 42 |
|
| 43 |
The project has resulted in a few patches to ssl-fetch[1] and pyGPG[2] as well. |
| 44 |
|
| 45 |
Plans for the future |
| 46 |
============== |
| 47 |
|
| 48 |
Aside from some code refinements and minor changes, Gentoo Keys is |
| 49 |
almost ready for its first release. We, the Gentoo Keys team, are |
| 50 |
going to continue its development focusing on the test suites and the |
| 51 |
file verification on images, commits and other documents. Furthermore, |
| 52 |
our goal is to implement more features that make Gentoo keys more |
| 53 |
dynamic and flexible for general use. |
| 54 |
|
| 55 |
It has been a great experience working on the project. At this point, |
| 56 |
I would like to thank my mentor, Brian (dol-sen) Dolbec for his |
| 57 |
guidance and his suggestions throughout the past months and I would |
| 58 |
also like to thank Kristian (K_F) Fiskerstrand for his suggestions on |
| 59 |
the openPGP part. |
| 60 |
|
| 61 |
[0] https://wiki.gentoo.org/wiki/GLEP:63 |
| 62 |
[1] https://github.com/dol-sen/ssl-fetch |
| 63 |
[2] https://github.com/dol-sen/pyGPG |
| 64 |
|
| 65 |
Best regards, |
| 66 |
Pavlos Ratis |
Archives