X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/de8edc7fdb0a26ca9cb736a49b020a64ee4a0d40..ab6f1b0d12478b8fe266e3dacc3de7121df29066:/keys/tripe-keys.in diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in index 62b62b6e..4ec89e90 100644 --- a/keys/tripe-keys.in +++ b/keys/tripe-keys.in @@ -10,19 +10,18 @@ ### ### This file is part of Trivial IP Encryption (TrIPE). ### -### TrIPE is free software; you can redistribute it and/or modify -### it under the terms of the GNU General Public License as published by -### the Free Software Foundation; either version 2 of the License, or -### (at your option) any later version. +### TrIPE is free software: you can redistribute it and/or modify it under +### the terms of the GNU General Public License as published by the Free +### Software Foundation; either version 3 of the License, or (at your +### option) any later version. ### -### TrIPE is distributed in the hope that it will be useful, -### but WITHOUT ANY WARRANTY; without even the implied warranty of -### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -### GNU General Public License for more details. +### TrIPE is distributed in the hope that it will be useful, but WITHOUT +### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +### for more details. ### ### You should have received a copy of the GNU General Public License -### along with TrIPE; if not, write to the Free Software Foundation, -### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +### along with TrIPE. If not, see . ###-------------------------------------------------------------------------- ### External dependencies. @@ -167,7 +166,7 @@ def run(args): SYS.stdout.flush() rc = OS.spawnvp(OS.P_WAIT, args[0], args) if rc != 0: - raise SubprocessError, rc + raise SubprocessError(rc) def hexhyphens(bytes): """ @@ -218,7 +217,7 @@ def conf_read(f): if line[-1] == '\n': line = line[:-1] match = rx_keyval.match(line) if not match: - raise ConfigFileError, "%s:%d: bad line `%s'" % (f, lno, line) + raise ConfigFileError("%s:%d: bad line `%s'" % (f, lno, line)) k, v = match.groups() conf[k] = conf_subst(v) @@ -239,12 +238,21 @@ def conf_defaults(): ('upload-hook', ': run upload hook'), ('kx', 'dh'), ('kx-genalg', lambda: {'dh': 'dh', - 'ec': 'ec'}[conf['kx']]), + 'ec': 'ec', + 'x25519': 'x25519', + 'x448': 'x448'}[conf['kx']]), ('kx-param-genalg', lambda: {'dh': 'dh-param', - 'ec': 'ec-param'}[conf['kx']]), + 'ec': 'ec-param', + 'x25519': 'empty', + 'x448': 'empty'}[conf['kx']]), ('kx-param', lambda: {'dh': '-LS -b3072 -B256', - 'ec': '-Cnist-p256'}[conf['kx']]), - ('kx-attrs', 'serialization=constlen'), + 'ec': '-Cnist-p256', + 'x25519': '', + 'x448': ''}[conf['kx']]), + ('kx-attrs', lambda: {'dh': 'serialization=constlen', + 'ec': 'serialization=constlen', + 'x25519': '', + 'x448': ''}[conf['kx']]), ('kx-expire', 'now + 1 year'), ('kx-warn-days', '28'), ('bulk', 'iiv'), @@ -259,7 +267,10 @@ def conf_defaults(): or '%s-hmac/%d' % (conf['hash'], C.gchashes[conf['hash']].hashsz * 4)), - ('sig', lambda: {'dh': 'dsa', 'ec': 'ecdsa'}[conf['kx']]), + ('sig', lambda: {'dh': 'dsa', + 'ec': 'ecdsa', + 'x25519': 'ed25519', + 'x448': 'ed448'}[conf['kx']]), ('sig-fresh', 'always'), ('sig-genalg', lambda: {'kcdsa': 'dh', 'dsa': 'dsa', @@ -471,14 +482,14 @@ def cmd_update(args): OS.mkdir('tmp') OS.chdir('tmp') seq = int(conf['master-sequence']) - run('curl -s -o tripe-keys.tar.gz ${repos-url}') - run('curl -s -o tripe-keys.sig %s' % seqsubst('sig-url', seq)) + run('curl -sL -o tripe-keys.tar.gz ${repos-url}') + run('curl -sL -o tripe-keys.sig %s' % seqsubst('sig-url', seq)) run('tar xfz tripe-keys.tar.gz') ## Verify the signature want = C.bytes(rx_nonalpha.sub('', conf['hk-master'])) got = fingerprint('repos/master.pub', 'master-%d' % seq) - if want != got: raise VerifyError + if want != got: raise VerifyError() run('''catsign -krepos/master.pub verify -avC -kmaster-%d -t${sig-fresh} tripe-keys.sig tripe-keys.tar.gz''' % seq)