File: constants.py

package info (click to toggle)
pius 3.0.0-8
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 432 kB
  • sloc: python: 2,963; perl: 178; makefile: 2; sh: 1
file content (134 lines) | stat: -rw-r--r-- 4,544 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# vim:shiftwidth=4:tabstop=4:expandtab:textwidth=80:softtabstop=4:ai:

import os
import re

VERSION = "3.0.0"

HOME = os.environ.get("HOME")
GNUPGHOME = os.environ.get("GNUPGHOME", os.path.join(HOME, ".gnupg"))
DEFAULT_GPG_PATH = "/usr/bin/gpg"
DEFAULT_KEYRING = os.path.join(GNUPGHOME, "pubring.kbx")
DEFAULT_TMP_DIR = "/tmp/pius_tmp"
DEFAULT_OUT_DIR = "/tmp/pius_out"
DEFAULT_MAIL_HOST = "localhost"
DEFAULT_MAIL_PORT = 587

# used instead of base_opts by pius-report
# which is in fact using the default keyring
GPG_MIN_OPTS = [
    "--use-agent",
    "--keyid-format", "long",
    # not strictly speaking necessary, but no need to slow pius-report
    # down by checking the trustdb in the middle of things
    "--no-auto-check-trustdb",
]

GPG_BASE_OPTS = [
    "--use-agent",
    "--keyid-format", "long",
    "--no-default-keyring",
    # must be specified anytime no-default-keyring is specified
    "--no-auto-check-trustdb",
]
GPG_QUIET_OPTS = ["-q", "--no-tty", "--batch"]
GPG_FD_OPTS = ["--command-fd", "0", "--status-fd", "1"]

ACCEPTABLE_WHITESPACE_RE = r"[ \t\n]"
# Match whole key blcoks
KEY_RE = re.compile(
    r"(-----BEGIN PGP PUBLIC KEY BLOCK-----\n.*-----END PGP"
    " PUBLIC KEY BLOCK-----)",
    re.DOTALL,
)
# Match fill fingerprints
FP_RE = re.compile(r"((?:[\dA-Fa-f]{4}" + ACCEPTABLE_WHITESPACE_RE + r"*){10})")
# Match uids in the form of `name <email>`
UID_RE = re.compile(r"(.*) <(.*)>$")

# Fix up RE: removing leading quotes
FIXNAME1_RE = re.compile(r'^[\'"]')
# Fix up RE: removing trailing quotes
FIXNAME2_RE = re.compile(r'[\'"]$')
# Fix up RE: Squash whitespace in FPs.
FIXFP_RE = re.compile(ACCEPTABLE_WHITESPACE_RE + r"+")

# Note the line with the email address on it below is intentionally
# shorter than the rest to give it space to grow and still be < 80.
DEFAULT_MIME_EMAIL_TEXT = """Hello,

Attached is a copy of your PGP key (0x%(keyid)s) signed by my key
(0x%(signer)s).

If your key has more than one UID, then this key only has the UID associated
with this email address (%(email)s) signed and you will receive
additional emails containing signatures of the other UIDs at the respective
email addresses.

Please take the attached message and decrypt it and then import it.
Something like this should work:

   gpg --import <file>

(In mutt ctrl-k will do this.)

Then, don't forget to send it to a keyserver:

   gpg --keyserver pool.sks-keyservers.net --send-key %(keyid)s

If you have any questions, let me know.


Generated by PIUS (http://www.phildev.net/pius/).
"""

DEFAULT_NON_MIME_EMAIL_TEXT = """Hello,

Attached is a copy of your PGP key (0x%(keyid)s) signed by my key
(0x%(signer)s).

If your key has more than one UID, then this key only has the UID associated
with this email address (%(email)s) signed and you will receive
additional emails containing signatures of the other UIDs at the respective
email addresses.

Please take the attached message and decrypt it and then import it.
Something like this should work:

   gpg -d <file> | gpg --import

Then, don't forget to send it to a keyserver:

   gpg --keyserver pool.sks-keyservers.net --send-key %(keyid)s

If you have any questions, let me know.


Generated by PIUS (http://www.phildev.net/pius/).
"""

CERT_LEVEL_INFO = """Each certification level means something specific and is a
public statement by you about this UID on this key. The following definitions
are taken from the GnuPG man page.

0   means you make no particular claim as to how carefully you verified the
    key.

1   means you believe the key is owned by the person who claims to own it but
    you could not, or did not verify the key at all. This is useful for a
    "persona" verification, where you sign the key of a pseudonymous user.

2   means you did casual verification of the key. For example, this could mean
    that you verified the key fingerprint and checked the user ID on the key
    against a photo ID.

3   means you did extensive verification of the key. For example, this could
    mean that you verified the key fingerprint with the owner of the key in
    person, and that you checked, by means of a hard to forge document with a
    photo ID (such as a passport) that the name of the key owner matches the
    name in the user ID on the key, and finally that you verified (by exchange
    of email) that the email address on the key belongs to the key owner.

Note that the examples given above for levels 2 and 3 are just that: examples.
In the end, it is up to you to decide just what "casual" and "extensive" mean to
you."""