diff options
Diffstat (limited to '')
| -rwxr-xr-x | debian/migrate-pubring-from-classic-gpg | 108 | ||||
| -rw-r--r-- | debian/migrate-pubring-from-classic-gpg.1 | 94 |
2 files changed, 202 insertions, 0 deletions
diff --git a/debian/migrate-pubring-from-classic-gpg b/debian/migrate-pubring-from-classic-gpg new file mode 100755 index 0000000..ecbc8d9 --- /dev/null +++ b/debian/migrate-pubring-from-classic-gpg @@ -0,0 +1,108 @@ +#!/bin/bash + +# script to migrate fully from pubring.gpg to pubring.kbx + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Date: 2016-04-01 +# License: GPLv3+ + +# This was written for the Debian project + +set -e + +GPG="${GPG:-gpg}" + +# select the default GnuPG home directory to work from: +GHD=${GNUPGHOME:-${HOME:-$(getent passwd "$(id -u)" | cut -f6 -d:)}/.gnupg} + +# Check that this is gnupg 2.1 or 2.2: +VERSION=$("$GPG" --version | head -n1 | cut -f3 -d\ | cut -f1,2 -d.) +if [ "$VERSION" != 2.1 ] && [ "$VERSION" != 2.2 ] ; then + printf '%s is version %s not version 2.1 or 2.2, this script might be wrong\n' "$GPG" "$VERSION" >&2 + exit 1 +fi + +usage() { + printf 'Usage: %s [GPGHOMEDIR|--default] +\tMigrate public keyring in GPGHOMEDIR from "classic" to "modern" GnuPG +\tusing %s version %s. + +\t--default migrates the GnuPG home directory at "%s" +' "$0" "$GPG" "$VERSION" "$GHD" +} + +if [ -z "$1" ]; then + usage >&2 + exit 1 +else + case "$1" in + --help|--usage|-h) + usage + exit + ;; + --default) + ;; + *) + GHD="$1" + ;; + esac +fi + +GPG=("$GPG" --homedir "$GHD" --batch) + +# ensure that there is a pubring.gpg to migrate: +if ! [ -f "$GHD/pubring.gpg" ]; then + printf 'There is no %s/pubring.gpg, no need to migrate\n' "$GHD" >&2 + exit +fi +if ! [ -s "$GHD/pubring.gpg" ]; then + mv -- "$GHD/pubring.gpg" "$GHD/pubring.gpg.empty" + printf '%s/pubring.gpg was empty (and has been moved out of the way), no need to migrate\n' "$GHD" >&2 + exit +fi + +BACKUP="$(mktemp -d "$GHD/migrate-from-classic-backup.$(date +%F).XXXXXX")" +printf 'Migrating from:\n%s\n[Backing up to %s]\n' "$(ls -l "$GHD/pubring.gpg")" "$BACKUP" >&2 + +"${GPG[@]}" --export-ownertrust > "$BACKUP/ownertrust.txt" +mv "$GHD/pubring.gpg" "$BACKUP/" + +revert() { + printf >&2 'Restoring pubring.gpg...\n' + cp "$BACKUP/pubring.gpg" "$GHD/pubring.gpg" +} + +trap revert EXIT + +if ! "${GPG[@]}" --status-file "$BACKUP/import-status" --import-options import-local-sigs,keep-ownertrust,repair-pks-subkey-bug --import < "$BACKUP/pubring.gpg" ; then + cat >&2 <<EOF +Keyring import was not completely successful (see error message above, +and the LIMITATIONS section of migrate-pubring-from-classic-gpg(1) for +more details). + +If you suspect a bug in the migration script, please use: + + reportbug gnupg-utils --subject='migrate-pubring-from-classic-gpg partial failure' + +And include the above output (redacted for privacy as needed) in the +body of the report. + +Continuing with the rest of the migration anyway... +EOF +fi +"${GPG[@]}" --import-ownertrust < "$BACKUP/ownertrust.txt" +"${GPG[@]}" --check-trustdb + +if ! [ -f "$GHD/pubring.kbx" ]; then + cat >&2 <<EOF +No keybox was created at $GHD/pubring.kbx. Something went wrong! + +Please report a bug in the migration script, using: + + reportbug gnupg-utils --subject='migrate-pubring-from-classic-gpg no pubring.kbx ($BACKUP)' +EOF + exit 1 +fi +trap - EXIT + +printf 'Migration completed successfully:\n%s\n' "$(ls -l "$GHD/pubring.kbx")" >&2 diff --git a/debian/migrate-pubring-from-classic-gpg.1 b/debian/migrate-pubring-from-classic-gpg.1 new file mode 100644 index 0000000..7cbeec7 --- /dev/null +++ b/debian/migrate-pubring-from-classic-gpg.1 @@ -0,0 +1,94 @@ +.TH "MIGRATE-PUBRING-FROM-CLASSIC-GPG" 1 "April 2016" + +.SH NAME +migrate\-pubring\-from\-classic\-gpg \- Migrate a public keyring from "classic" to "modern" GnuPG + +.SH SYNOPSIS +.B migrate\-pubring\-from\-classic\-gpg +.RB "[ " GPGHOMEDIR " | " +.IR \-\-default " ]" + +.SH DESCRIPTION + +.B migrate\-pubring\-from\-classic\-gpg +migrates the public keyring in GnuPG home directory GPGHOMEDIR from +the "classic" keyring format (pubring.gpg) to the "modern" keybox format using GnuPG +versions 2.1 or 2.2 (pubring.kbx). + +Specifying +.B \-\-default +selects the standard GnuPG home directory (looking at $GNUPGHOME +first, and falling back to ~/.gnupg if unset. + +.SH OPTIONS +.BR \-h ", " \-\-help ", " \-\-usage +Output a short usage information. + +.SH DIAGNOSTICS +The program sends quite a bit of text (perhaps too much) to stderr. + +During a migration, the tool backs up several pieces of data in a +timestamped subdirectory of the GPGHOMEDIR. + +.SH LIMITATIONS +The keybox format rejects a number of OpenPGP certificates that the +"classic" keyring format used to accept. These filters are defensive, +since the certificates rejected are unsafe -- either cryptographically +unsound, or dangerously non-performant. This means that some +migrations may produce warning messages about the migration being +incomplete. This is generally a good thing! + +Known limitations: + +.B Flooded certificates +.RS 4 +Some OpenPGP certificates have been flooded with bogus certifications +as part of an attack on the SKS keyserver network (see +https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-2.1). + +The keybox format rejects import of any OpenPGP certificate larger +than 5MiB. As of GnuPG 2.2.17, if gpg encounters such a flooded +certificate will retry the import while stripping all third-party +certifications (see "self-sigs-only" in gpg(1)). + +The typical error message when migrating a keyring with a flooded +certificate will be something like: + +.RE +.RS 8 +error writing keyring 'pubring.kbx': Provided object is too large +.RE + +.B OpenPGPv3 public keys (a.k.a. "PGP-2" keys) +.RS 4 +Modern OpenPGP implementations use so-called "OpenPGP v4" public keys. +Older versions of the public key format have serious known problems. +See https://tools.ietf.org/html/rfc4880#section-5.5.2 for more details +about and reasons for v3 key deprecation. + +The keybox format skips v3 keys entirely during migration, and GnuPG +will produce a message like: + +.RE +.RS 8 +skipped PGP-2 keys: 1 +.RE + +.SH ENVIRONMENT VARIABLES + +.B GNUPGHOME +Selects the GnuPG home directory when set and --default is given. + +.B GPG +The name of the +.B gpg +executable (defaults to +.B gpg +). + +.SH SEE ALSO +.BR gpg (1) + +.SH AUTHOR +Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please +report bugs via the Debian BTS. |