django: GPG management

Baptiste Beauplatrequested to merge
lyknode/debexpo:dj/gpg into django

Django migration: #47 (closed)

This MR re-adds the GPG implementation for Debexpo.

From the user profile

  • Keys can be added and removed
  • The fingerprint of the key apprear when a valid key is in use

The input field for the key has been changed. It is now a textbox to fit more closely to the backend model

For the key storage

The key is stored in the table keyring_key. It has the following attributes:

  • key: the key data
  • fingerprint
  • algo: a ForeignKey to a list of allowed algo (from table keyring_gpgalgo)
  • size
  • last_updated

Two new classes

With in-DB only storage of the key, a new class VirtualKeyring has been created to manage various operation using user's key. An instance can be created directly from a user or with a standalone key (to allow key requirements checking).

A helper class named GPGSignedFile has been created to facilitate the verification of signed file. From a signed file, it is possible to retrieve directly the key that signed it (and by extension its user).

Missing feature

The enforcing of having at least one uid on the key matching the email has not been re-implemented yet. That is a feature has we might want to drop in the future.

As usual tests, migration scripts, documentation and translations have been updated.

Edited by Baptiste Beauplat

Merge request reports