Add keyserver-options parser and expose ca-cert-file for recv-keys #166
Conversation
|
Hello, any thoughts on if we could get this in the mainline? And if it needs any additional work. Thank you! |
|
Hi @dmwilcox! Thanks for the patches! I'm sorry it's taken me so long to get to them. |
gnupg/_parsers.py
Outdated
| :rtype: :obj:`str` or :obj:`None` | ||
| :returns: A string of the keyserver option or None. | ||
| """ | ||
| def _is_valid_file(option_value): |
There was a problem hiding this comment.
You probably want to use gnupg._util._is_file() here.
gnupg/_parsers.py
Outdated
| def _check_keyserver_option(ks_option): | ||
| """Check that the provided keyserver option is valid and safe. | ||
|
|
||
| :param str ks_option: A valid argument to --keyserver-option. |
There was a problem hiding this comment.
It looks like you renamed the parameter to option_value?
There was a problem hiding this comment.
Oh, nope, I'm sorry. I appear to be used to C and Rust where the docstrings go above the function they document. Carry on!
There was a problem hiding this comment.
Thanks, no worries! I've solidly moved into Go these days so who knows what I'm going to write in during this merge :)
gnupg/gnupg.py
Outdated
| >>> ca_cert = '/home/user/hkps.pool.sks-keyservers.netCA.pem' | ||
| >>> gpg.recv_keys('6F682D87', | ||
| keyserver=ssl_keyserver, | ||
| keyserver_certs=ca_cert) |
There was a problem hiding this comment.
I think we'll need >>> on these two lines to be able to run them as a doctest.
|
It looks like I messed up Python3 support somewhere along the way -- I'll take a more thorough look tomorrow and report back. Also if we were to write tests for these gpg2 features we'd need gpg2 in Travis -- which I haven't used or looked into yet so that's something to think about. |
Hi! I noticed I couldn't get hkps working without --keyserver-options so I tacked it through. Please take a look and let me know what I can do to better make the code fit with the rest of the codebase and be committed upstream.
Thank you for such a lovely library, cheers!
ps: I've thought it would be good to warn about trying to use gpg v1 with '--keyserver-options' (which doesn't seem to work) or using 'ca-cert-file', and others deprecated and relegated to dirmngr in gpg v2.1. Suggestions on how to handle each would be much appreciated.