Upload sources

[skip changelog]

(cherry picked from commit 78333f4d70)

.gitignore

@@ -52,3 +52,10 @@
 /archlinux-keyring-20231207.tar.gz
 /archlinux-keyring-20231222.tar.gz
 /archlinux-keyring-20240208.tar.gz
+/archlinux-keyring-20240313.tar.gz
+/archlinux-keyring-20240427.tar.gz
+/archlinux-keyring-20240520.tar.gz
+/archlinux-keyring-20240609.tar.gz
+/archlinux-keyring-20240709.tar.gz
+/archlinux-keyring-20241015.tar.gz
+/archlinux-keyring-20241203.tar.gz

1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch

@@ -0,0 +1,151 @@
+From 1b5d2bddcd847c0dc05ac4899867f2c76a8838b8 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Fri, 1 Nov 2024 12:28:54 +0100
+Subject: [PATCH] fix: Adapt use of sq to sequoia-sq 0.39.0
+
+Add various fixes, as
+- the output format of `sq toolbox packet split` changed (again)
+- the CLI of `sq toolbox packet split` changed (again)
+- the useless warning message on stderr now covers two lines and
+  interferes with parsing of `sq toolbox packet dump` output
+- the global option `--force` was renamed to `--overwrite`
+- the `sq key generate` subcommand introduced a mandatory `--rev-cert`
+  option
+- the `pki certify` subcommand was moved to `pki vouch certify` and
+  introduced mandatory options for our use-case (`--certifier-file`,
+  `--cert-file`, `--userid`)
+
+Signed-off-by: David Runge <dvzrv@archlinux.org>
+---
+ libkeyringctl/keyring.py | 12 ++++++------
+ libkeyringctl/sequoia.py | 14 +++++++-------
+ libkeyringctl/util.py    |  3 ++-
+ tests/test_sequoia.py    |  4 ++--
+ 4 files changed, 17 insertions(+), 16 deletions(-)
+
+diff --git a/libkeyringctl/keyring.py b/libkeyringctl/keyring.py
+index e4342c17..9937783a 100644
+--- a/libkeyringctl/keyring.py
++++ b/libkeyringctl/keyring.py
+@@ -56,12 +56,12 @@ PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S"
+ class PacketType(Enum):
+     """All understood OpenPGP packet types and the file endings as output by `sq packet split`"""
+ 
+-    PUBLIC_KEY = "Public-Key Packet"
+-    USER_ID = "User ID Packet"
+-    USER_ATTRIBUTE = "User Attribute Packet"
+-    PUBLIC_SUBKEY = "Public-Subkey Packet"
+-    SECRET_KEY = "Secret-Key Packet"
+-    SIGNATURE = "Signature Packet"
++    PUBLIC_KEY = "Public-Key-Packet"
++    USER_ID = "User-ID-Packet"
++    USER_ATTRIBUTE = "User-Attribute-Packet"
++    PUBLIC_SUBKEY = "Public-Subkey-Packet"
++    SECRET_KEY = "Secret-Key-Packet"
++    SIGNATURE = "Signature-Packet"
+ 
+ 
+ def is_pgp_fingerprint(string: str) -> bool:
+diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py
+index 4de264b6..1a432a45 100644
+--- a/libkeyringctl/sequoia.py
++++ b/libkeyringctl/sequoia.py
+@@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa
+     keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute()
+ 
+     with cwd(keyring_dir):
+-        system(["sq", "toolbox", "keyring", "split", str(keyring)])
++        system(["sq", "toolbox", "keyring", "split", "--prefix", "''", str(keyring)])
+ 
+     keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir()))
+ 
+@@ -77,7 +77,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force
+ 
+     cmd = ["sq", "toolbox", "keyring", "merge"]
+     if force:
+-        cmd.insert(1, "--force")
++        cmd.insert(1, "--overwrite")
+     if output:
+         cmd += ["--output", str(output)]
+     cmd += [str(cert) for cert in sorted(certificates)]
+@@ -123,7 +123,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool
+ 
+     cmd = ["sq", "toolbox", "packet", "join"]
+     if force:
+-        cmd.insert(1, "--force")
++        cmd.insert(1, "--overwrite")
+     packets_str = list(map(lambda path: str(path), packets))
+     cmd.extend(packets_str)
+     cmd.extend(["--output", str(output)])
+@@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str:
+     The contents of the packet dump
+     """
+ 
+-    return system(["sq", "toolbox", "packet", "dump", str(packet)])
++    return system(["sq", "toolbox", "packet", "dump", str(packet)], ignore_stderr=True)
+ 
+ 
+ def packet_dump_field(packet: Path, query: str) -> str:
+@@ -319,7 +319,7 @@ def key_generate(uids: List[Uid], outfile: Path) -> str:
+     cmd = ["sq", "key", "generate", "--without-password"]
+     for uid in uids:
+         cmd.extend(["--userid", str(uid)])
+-    cmd.extend(["--output", str(outfile)])
++    cmd.extend(["--output", str(outfile), "--rev-cert", f"{str(outfile)}.rev"])
+     return system(cmd)
+ 
+ 
+@@ -357,8 +357,8 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s
+     The result of the certification in case output is None
+     """
+ 
+-    cmd = ["sq", "pki", "certify"]
++    cmd = ["sq", "pki", "vouch", "certify"]
+     if output:
+         cmd.extend(["--output", str(output)])
+-    cmd.extend(["--certifier-file", str(key), str(certificate), uid])
++    cmd.extend(["--certifier-file", str(key), "--cert-file", str(certificate), "--userid", uid])
+     return system(cmd)
+diff --git a/libkeyringctl/util.py b/libkeyringctl/util.py
+index 79b95d0f..c9d7bedb 100644
+--- a/libkeyringctl/util.py
++++ b/libkeyringctl/util.py
+@@ -104,6 +104,7 @@ def system(
+     _stdin: Optional[IO[AnyStr]] = None,
+     exit_on_error: bool = False,
+     env: Optional[Dict[str, str]] = None,
++    ignore_stderr: bool = False,
+ ) -> str:
+     """Execute a command using check_output
+ 
+@@ -126,7 +127,7 @@ def system(
+         env = {"HOME": environ["HOME"], "PATH": environ["PATH"], "LANG": "en_US.UTF-8"}
+ 
+     try:
+-        return check_output(cmd, stderr=STDOUT, stdin=_stdin, env=env).decode()
++        return check_output(cmd, stderr=None if ignore_stderr else STDOUT, stdin=_stdin, env=env).decode()
+     except CalledProcessError as e:
+         stderr.buffer.write(e.stdout)
+         print_stack()
+diff --git a/tests/test_sequoia.py b/tests/test_sequoia.py
+index 1fbd5dce..b7d36d89 100644
+--- a/tests/test_sequoia.py
++++ b/tests/test_sequoia.py
+@@ -107,7 +107,7 @@ def test_packet_join(system_mock: Mock, output: Optional[Path], force: bool) ->
+     for packet in packets:
+         assert str(packet) in args[0]
+     if force:
+-        assert "--force" == args[0][1]
++        assert "--overwrite" == args[0][1]
+     if output:
+         assert "--output" in args[0] and str(output) in args[0]
+ 
+@@ -365,4 +365,4 @@ def test_certify(system_mock: Mock, output: Optional[Path]) -> None:
+     assert sequoia.certify(key=Path("key"), certificate=Path("cert"), uid=Uid("uid"), output=output) == "return"
+     name, args, kwargs = system_mock.mock_calls[0]
+     if output:
+-        assert str(output) == args[0][-5]
++        assert str(output) == args[0][5]
+-- 
+GitLab
+

archlinux-keyring-revert_to_sq-keyring-linter.diff

@@ -1,93 +0,0 @@
-From a8e44708937708290e62ad66898119902fd6425f Mon Sep 17 00:00:00 2001
-From: Michel Lind <salimma@fedoraproject.org>
-Date: Thu, 7 Sep 2023 11:11:00 -0500
-Subject: [PATCH] Revert "feat: Replace sq-keyring-linter with sq >= 0.31.0"
-
-For use in distribution packages where sq has not been updated
-
-This reverts commit 3365f8607cadf4c5e87b8e5d582cdbb021c0d267.
----
- README.md               | 3 ++-
- libkeyringctl/ci.py     | 2 +-
- libkeyringctl/cli.py    | 2 +-
- libkeyringctl/verify.py | 6 +++---
- 4 files changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/README.md b/README.md
-index 102e9c3..f409fc5 100644
---- a/README.md
-+++ b/README.md
-@@ -24,11 +24,12 @@ Build:
- Runtime:
- 
- * python
--* sequoia-sq >= 0.31.0
-+* sequoia-sq
- 
- Optional:
- 
- * hopenpgp-tools (verify)
-+* sq-keyring-linter (verify)
- * git (ci)
- 
- ## Usage
-diff --git a/libkeyringctl/ci.py b/libkeyringctl/ci.py
-index 7200709..31b0210 100644
---- a/libkeyringctl/ci.py
-+++ b/libkeyringctl/ci.py
-@@ -10,7 +10,7 @@ from .verify import verify
- 
- 
- def ci(working_dir: Path, keyring_root: Path, project_root: Path) -> None:
--    """Verify certificates against modern expectations using `sq keyring lint` and hokey
-+    """Verify certificates against modern expectations using sq-keyring-linter and hokey
- 
-     Currently only newly added certificates will be checked against the expectations as existing
-     keys are not all fully compatible with those assumptions.
-diff --git a/libkeyringctl/cli.py b/libkeyringctl/cli.py
-index 020f64b..3334c17 100644
---- a/libkeyringctl/cli.py
-+++ b/libkeyringctl/cli.py
-@@ -118,7 +118,7 @@ verify_parser.add_argument(
- )
- verify_parser.add_argument("--no-lint-hokey", dest="lint_hokey", action="store_false", help="Do not run hokey lint")
- verify_parser.add_argument(
--    "--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq keyring lint"
-+    "--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq-keyring-linter"
- )
- verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True)
- 
-diff --git a/libkeyringctl/verify.py b/libkeyringctl/verify.py
-index a0c582b..5b7fc7d 100644
---- a/libkeyringctl/verify.py
-+++ b/libkeyringctl/verify.py
-@@ -29,7 +29,7 @@ def verify(  # noqa: ignore=C901
-     lint_hokey: bool = True,
-     lint_sq_keyring: bool = True,
- ) -> None:
--    """Verify certificates against modern expectations using `sq keyring lint` and hokey
-+    """Verify certificates against modern expectations using sq-keyring-linter and hokey
- 
-     Parameters
-     ----------
-@@ -38,7 +38,7 @@ def verify(  # noqa: ignore=C901
-     sources: A list of username, fingerprint or directories from which to read PGP packet information
-         (defaults to `keyring_root`)
-     lint_hokey: Whether to run hokey lint
--    lint_sq_keyring: Whether to run sq keyring lint
-+    lint_sq_keyring: Whether to run sq-keyring-linter
-     """
- 
-     if not sources:
-@@ -71,7 +71,7 @@ def verify(  # noqa: ignore=C901
-                 keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE)
-                 print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="")
-             if lint_sq_keyring:
--                print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="")
-+                print(system(["sq-keyring-linter", f"{str(keyring_path)}"]), end="")
- 
- 
- def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None:  # noqa: ignore=C901
--- 
-2.41.0
-

archlinux-keyring.spec

@@ -1,9 +1,10 @@
 Name:           archlinux-keyring
-Version:        20240208
+Version:        20241203
 Release:        %autorelease
 Url:            https://archlinux.org/packages/core/any/archlinux-keyring/
-Source0:        https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz
-Patch:          archlinux-keyring-revert_to_sq-keyring-linter.diff
+Source:         https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz
+Patch:          https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/commit/1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch
+
 # see https://wiki.archlinux.org/index.php/Pacman-key for introduction
 License:        LicenseRef-Fedora-Public-Domain
 Summary:        GPG keys used by Arch Linux distribution to sign packages
@@ -29,7 +30,8 @@ developers into an RPM package to allow for safe and convenient
 installation on Fedora systems.
 
 %prep
-%autosetup -p1
+%setup -q
+%patch -P0 -R -p1
 
 %build
 

sources

@@ -1 +1 @@
-SHA512 (archlinux-keyring-20240208.tar.gz) = 47ab241044701821d00dfa83b15ebbe60c5d4aa004aebec2235fca42e4d65566533ee14b43db443ba03cc50a2078667c6126d8f740e55b8c910b334d52eff660
+SHA512 (archlinux-keyring-20241203.tar.gz) = ef680d29f80b874f4175856e7e77ac28e19a8fa53e555f217d5eaf4ac42af3ee770a77f96eb353804b29dc7fecf1426a4a274f074387021263e76ba076126c40