1 |
Hello, |
2 |
|
3 |
This year I worked on improving and expanding the features of Gentoo Keys. |
4 |
|
5 |
Gentoo Keys is a Python based project that aims to manage the GPG |
6 |
keys used for validation on users and Gentoo's infrastructure |
7 |
servers. These keys will be any/all of the release keys, developer keys |
8 |
and any other third party keys or keyrings available or needed. |
9 |
|
10 |
Source code: https://github.com/gentoo/gentoo-keys |
11 |
|
12 |
Final Report |
13 |
========= |
14 |
|
15 |
Status: Finished |
16 |
|
17 |
Outline of features: |
18 |
--------------------------- |
19 |
Seeds |
20 |
* Seed file fetching support. |
21 |
* Data format reconstruction from pickle to JSON. |
22 |
* Addition/deletion/listing actions. |
23 |
Keys |
24 |
* Key installation support via seed files. |
25 |
* Key removal/listing support. |
26 |
Keyrings |
27 |
* Gentoo Keys can now export a public keyring with trusted keys. |
28 |
That binary keyring can be signed by a Certificate Authority(CA) and |
29 |
distributed to the users. |
30 |
Verification |
31 |
* File verification support(locally or via URL). |
32 |
Key checks |
33 |
* Checks for expired or revoked keys. |
34 |
* Checks for key validity. |
35 |
* Key capabilities checks. |
36 |
OpenPGP Key generation tool (Gkeygen) |
37 |
* OpenPGP key generation based on the GLEP 63 specifications[0]. |
38 |
Gentoo Key LDAP tool (Gkeyldap) |
39 |
* Gentoo-specific tool that is going to be used by Gentoo |
40 |
infrastructure in conjunction with LDAP to update seeds and remove |
41 |
keys that fail checks. |
42 |
|
43 |
The project has resulted in a few patches to ssl-fetch[1] and pyGPG[2] as well. |
44 |
|
45 |
Plans for the future |
46 |
============== |
47 |
|
48 |
Aside from some code refinements and minor changes, Gentoo Keys is |
49 |
almost ready for its first release. We, the Gentoo Keys team, are |
50 |
going to continue its development focusing on the test suites and the |
51 |
file verification on images, commits and other documents. Furthermore, |
52 |
our goal is to implement more features that make Gentoo keys more |
53 |
dynamic and flexible for general use. |
54 |
|
55 |
It has been a great experience working on the project. At this point, |
56 |
I would like to thank my mentor, Brian (dol-sen) Dolbec for his |
57 |
guidance and his suggestions throughout the past months and I would |
58 |
also like to thank Kristian (K_F) Fiskerstrand for his suggestions on |
59 |
the openPGP part. |
60 |
|
61 |
[0] https://wiki.gentoo.org/wiki/GLEP:63 |
62 |
[1] https://github.com/dol-sen/ssl-fetch |
63 |
[2] https://github.com/dol-sen/pyGPG |
64 |
|
65 |
Best regards, |
66 |
Pavlos Ratis |