From 33047c2c5567be189a92e994bbd258d75afd0195 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Roth?= <neolynx@gmail.com>
Date: Fri, 4 Oct 2024 18:21:31 +0200
Subject: [PATCH] cleanup gpg keys

- move gpg files to one place
- with gpg2, the secretkey parameter is ignored. aptly can also ignore it
---
 .gitignore                                    |   5 ++--
 pgp/gnupg_test.go                             |  24 +++++++++---------
 pgp/internal_test.go                          |   8 +++---
 pgp/keyrings/aptly.pub                        | Bin 915 -> 0 bytes
 pgp/keyrings/aptly.sec                        | Bin 977 -> 0 bytes
 pgp/keyrings/aptly_passphrase.pub             | Bin 915 -> 0 bytes
 pgp/keyrings/aptly_passphrase.sec             | Bin 1052 -> 0 bytes
 .../files}/aptly2.pub.armor                   |   0
 .../files}/aptly2.sec.armor                   |   0
 .../files}/aptly2_passphrase.pub.armor        |   0
 .../files}/aptly2_passphrase.sec.armor        |   0
 .../files}/aptly2_trusted.pub                 | Bin
 system/t12_api/publish.py                     |   1 -
 13 files changed, 18 insertions(+), 20 deletions(-)
 delete mode 100644 pgp/keyrings/aptly.pub
 delete mode 100644 pgp/keyrings/aptly.sec
 delete mode 100644 pgp/keyrings/aptly_passphrase.pub
 delete mode 100644 pgp/keyrings/aptly_passphrase.sec
 rename {pgp/keyrings => system/files}/aptly2.pub.armor (100%)
 rename {pgp/keyrings => system/files}/aptly2.sec.armor (100%)
 rename {pgp/keyrings => system/files}/aptly2_passphrase.pub.armor (100%)
 rename {pgp/keyrings => system/files}/aptly2_passphrase.sec.armor (100%)
 rename {pgp/keyrings => system/files}/aptly2_trusted.pub (100%)

diff --git a/.gitignore b/.gitignore
index f7e71d55..6b1b2081 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,9 +43,8 @@ aptly.test
 
 build/
 
-pgp/keyrings/aptly2*.gpg
-pgp/keyrings/aptly2*.gpg~
-pgp/keyrings/.#*
+system/files/aptly2.gpg~
+system/files/aptly2_passphrase.gpg~
 
 *.creds
 
diff --git a/pgp/gnupg_test.go b/pgp/gnupg_test.go
index afc11d2d..d17dbe20 100644
--- a/pgp/gnupg_test.go
+++ b/pgp/gnupg_test.go
@@ -110,8 +110,8 @@ func (s *Gnupg1SignerSuite) SetUpTest(c *C) {
 		c.Skip(err.Error())
 	}
 
-	s.keyringNoPassphrase = [2]string{"keyrings/aptly.pub", "keyrings/aptly.sec"}
-	s.keyringPassphrase = [2]string{"keyrings/aptly_passphrase.pub", "keyrings/aptly_passphrase.sec"}
+	s.keyringNoPassphrase = [2]string{"../system/files/aptly.pub", "../system/files/aptly.sec"}
+	s.keyringPassphrase = [2]string{"../system/files/aptly_passphrase.pub", "../system/files/aptly_passphrase.sec"}
 	s.passphraseKey = "F30E8CB9CDDE2AF8"
 	s.noPassphraseKey = "21DBB89C16DB3E6D"
 
@@ -119,8 +119,8 @@ func (s *Gnupg1SignerSuite) SetUpTest(c *C) {
 	s.signer.SetBatch(true)
 
 	s.verifier = &GoVerifier{}
-	s.verifier.AddKeyring("./keyrings/aptly.pub")
-	s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub")
+	s.verifier.AddKeyring("../system/files/aptly.pub")
+	s.verifier.AddKeyring("../system/files/aptly_passphrase.pub")
 
 	c.Assert(s.verifier.InitKeyring(false), IsNil)
 
@@ -183,7 +183,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
 				args = append(args, "--pinentry-mode", "loopback")
 			}
 		}
-		args = append(args, "keyrings/aptly2"+item.suffix+".sec.armor")
+		args = append(args, "../system/files/aptly2"+item.suffix+".sec.armor")
 
 		output, err := exec.Command(gpg, args...).CombinedOutput()
 		c.Log(string(output))
@@ -193,14 +193,14 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
 	// import public keys into gpg2
 	// we can't use pre-built keyrings as gpg 2.0.x and 2.1+ have different keyring formats
 	for _, suffix := range []string{"", "_passphrase"} {
-		output, err := exec.Command(gpg, "--no-default-keyring", "--batch", "--keyring", "./keyrings/aptly2"+suffix+".gpg",
-			"--import", "keyrings/aptly2"+suffix+".pub.armor").CombinedOutput()
+		output, err := exec.Command(gpg, "--no-default-keyring", "--batch", "--keyring", "../system/files/aptly2"+suffix+".gpg",
+			"--import", "../system/files/aptly2"+suffix+".pub.armor").CombinedOutput()
 		c.Log(string(output))
 		c.Check(err, IsNil)
 	}
 
-	s.keyringNoPassphrase = [2]string{"./keyrings/aptly2.gpg", ""}
-	s.keyringPassphrase = [2]string{"./keyrings/aptly2_passphrase.gpg", ""}
+	s.keyringNoPassphrase = [2]string{"../system/files/aptly2.gpg", ""}
+	s.keyringPassphrase = [2]string{"../system/files/aptly2_passphrase.gpg", ""}
 	s.noPassphraseKey = "751DF85C2B220D45"
 	s.passphraseKey = "6656CD181E92D2D5"
 
@@ -208,7 +208,7 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
 	s.signer.SetBatch(true)
 
 	s.verifier = &GoVerifier{}
-	s.verifier.AddKeyring("./keyrings/aptly2_trusted.pub")
+	s.verifier.AddKeyring("../system/files/aptly2_trusted.pub")
 
 	c.Assert(s.verifier.InitKeyring(false), IsNil)
 
@@ -220,6 +220,6 @@ func (s *Gnupg2SignerSuite) SetUpTest(c *C) {
 func (s *Gnupg2SignerSuite) TearDownTest(c *C) {
 	s.SignerSuite.TearDownTest(c)
 
-	os.Remove("./keyrings/aptly2.gpg")
-	os.Remove("./keyrings/aptly2_passphrase.gpg")
+	os.Remove("../system/files/aptly2.gpg")
+	os.Remove("../system/files/aptly2_passphrase.gpg")
 }
diff --git a/pgp/internal_test.go b/pgp/internal_test.go
index 0e31b6ba..8601179f 100644
--- a/pgp/internal_test.go
+++ b/pgp/internal_test.go
@@ -24,8 +24,8 @@ type GoSignerSuite struct {
 var _ = Suite(&GoSignerSuite{})
 
 func (s *GoSignerSuite) SetUpTest(c *C) {
-	s.keyringNoPassphrase = [2]string{"keyrings/aptly.pub", "keyrings/aptly.sec"}
-	s.keyringPassphrase = [2]string{"keyrings/aptly_passphrase.pub", "keyrings/aptly_passphrase.sec"}
+	s.keyringNoPassphrase = [2]string{"../system/files/aptly.pub", "../system/files/aptly.sec"}
+	s.keyringPassphrase = [2]string{"../system/files/aptly_passphrase.pub", "../system/files/aptly_passphrase.sec"}
 	s.passphraseKey = "F30E8CB9CDDE2AF8"
 	s.noPassphraseKey = "21DBB89C16DB3E6D"
 
@@ -33,8 +33,8 @@ func (s *GoSignerSuite) SetUpTest(c *C) {
 	s.signer.SetBatch(true)
 
 	s.verifier = &GoVerifier{}
-	s.verifier.AddKeyring("./keyrings/aptly.pub")
-	s.verifier.AddKeyring("./keyrings/aptly_passphrase.pub")
+	s.verifier.AddKeyring("../system/files/aptly.pub")
+	s.verifier.AddKeyring("../system/files/aptly_passphrase.pub")
 
 	c.Assert(s.verifier.InitKeyring(false), IsNil)
 
diff --git a/pgp/keyrings/aptly.pub b/pgp/keyrings/aptly.pub
deleted file mode 100644
index 08758e4302de6ce4f49a2af5c44c3933784c7aaa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 915
zcmV;E18n@60ipy_`=yT&1OU0Xct7+Dh9|KF?G`P|&qxfns=ia+?_C}Z3Q77aY&oDm
z=DPPGT}v`rhosG`k(mHKkP*T<;A>!VCtNV^wrbkr>Li1<EtVEcwc>NuVz(`hR_)ne
z3th6NpdiQ7<<KBDXkO-0`>Fwy!G{GEu6DDvIH>J2*jMl!ZAe17%%=dL<rE=Ot2v26
zoetU_LN)oBXb^@m1OSb5eRVIr!>dNX<rvbKW+)knV7e!cqj?_<o&Q2x2v<vI^Fg9=
z4zEL^xi3AK7ElI@EGJ(WMCvav%4$5Pg)M$Mcf~;5?~?HkL=>9~nLZfdb`w!OtYzEZ
zU$tG7+;oa-r;o+m6H6^)RKfTUEn;!>+{aCdpam;laCrjBCQ$?bPc%>)c$RkTb8gOo
zrva@giIB^900*$mRq4tsG9J{_hH8zMD=;ruT--<4KXg9&0lu4`2*h(Q_s&%G^(Qn2
zVuFZYUd@|3-K+MvV<Of>;N!hz-S>vtdu82MEjJB_U#G=RRF%3O;1~3hdN8HZHx{C9
z1CNbQHrRY!)*y&Ov@Jn!bZmJbRAqB?WpW@WWN&UKbRczeWguyEDIh#_Wpi{uVQ_S8
zc`j*gW^X=-VgwTr0stZf0#f^>j{+Mb1`7!Y2Ll2I6$k<e3JU}l0s{d89svRufB*^!
z5Fy*RoEF<YZQ8^DpxOS>zyoEjx*d~P+M;6PgR0^f+5npe&Ob>g0mP-)vE<&{=?mIr
z23Ur<0SyFF`=yT%1OW6E{*kf_=~7suCOy4D*L(qZ6Ku9KyXE#t+4?gNe8$M_(Kmq-
zP;Yssfh76u=2mM8H4M=@hjQB<z<8RP==E~cT|)tZbZk1V1LRFIg7De?(qYR$Fcu`v
zT%j!e>hqbgdyn+ihl14|aY*z!=QmG;cwgo~FYwKN))*q5??(Uw1q1-f`}d!7QG;m{
zd-x)&h$fKs*|h%_ERc**yvS^~>Cd~E<M&l)w3j||7OI{{(?b^G!%G8%i%G%Fb7qQS
z^7;}mF`?sa0^=;;=F9Z`z@VUb35wS!6X}3PB$wq*7Ifs#G*6g8wGcheXQ)nnFm5i4
zE@1zyu`T*l4}BmwS4(z?Ndy=X0ssjG0#f^>j{+ME0162ZA=|i|7TZ2;IfekBy@su2
pbXyVDebzEULM=)oxk=@Z0G>PR9ZewfiG<^n85QUm&on6Zx23xEox=bC

diff --git a/pgp/keyrings/aptly.sec b/pgp/keyrings/aptly.sec
deleted file mode 100644
index f90e1c913181ff15a8dc9434d9b43a64ccefee16..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 977
zcmV;?11|iP0lNfJ`=yT&1OU0Xct7+Dh9|KF?G`P|&qxfns=ia+?_C}Z3Q77aY&oDm
z=DPPGT}v`rhosG`k(mHKkP*T<;A>!VCtNV^wrbkr>Li1<EtVEcwc>NuVz(`hR_)ne
z3th6NpdiQ7<<KBDXkO-0`>Fwy!G{GEu6DDvIH>J2*jMl!ZAe17%%=dL<rE=Ot2v26
zoetU_LN)oBXb^@m1OSb5eRVIr!>dNX<rvbKW+)knV7e!cqj?_<o&Q2x2v<vI^Fg9=
z4zEL^xi3AK7ElI@EGJ(WMCvav%4$5Pg)M$Mcf~;5?~?HkL=>9~nLZfdb`w!OtYzEZ
zU$tG7+;oa-r;o+m6H6^)RKfTUEn;!>+{aCdpam;laCrjBCQ$?bPc%>)c$RkTb8gOo
zrva@giIB^900*$mRq4tsG9J{_hH8zMD=;ruT--<4KXg9&0lu4`2*h(Q_s&%G^(Qn2
zVuFZYUd@|3-K+MvV<Of>;N!hz-S>vtdu82MEjJB_U#G=RRF%3O;1~3hdN8HZHx{C9
z1CNbQHrRY!)*y&O005w)1dfm)xUZvne1p<;!PnDwZ9?-4)U+)@aCB^WAXH^@bY*fN
zC}eMLCv+fnb7dfDbSWS_bY*jNKw)rnY<VteZf0*jh++g25dr`r1p-q0rH=v|BL)iz
z2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@oOMxSST-K5g2>0HE3a(ZB;`uDTtQSlXgu
z<AbW=7}@}v2hKl9C;`N!*s<i^+vyA1Wd>M=odGfgQv0Qk5Cj1975<U34Czu>qb5DQ
zLDzf%coS^4GrQ&XN!j`{4}8YR?a?=Z5>Rh>r-3B-?dDc%3N;MTI)`%G9>92-n&|a%
z)LlaXfply-t^?#vGJ^2g{?cK~Krj|0&Rn4^{p$0Xv3rm7)`x=C9dStXI_Eb}gm_=(
zKriske%2Twp6^Eh0|f*C%KP`9b5Vn76MOg~tB59$_Sv-m7A%mAQM|}(x9QKjnB(_V
zXtb9;au%wdN7F+V;=@Y=go{bR&2wgoV)FVDFfpOyZ35#g;O5Kp{lK80cnONvC==;`
zMkJTzP8M|J&oob%LA4M)&u6GkeK2k=j4ojRt+6foRS$h2I9E${008;|bEM3c%`#AN
zru560gfdK6&xeM|gQ~xG>`LCTiFnl$FNjG57!d*h2?YXD`=yTp8w>yn2@oOMxSST-
zK5aRM0H0M8G=^ntPd5ey_o*~SD*~Mfd4vF;U8*?cN<@Qwtw{io%pDp^eS*?nqr<u|

diff --git a/pgp/keyrings/aptly_passphrase.pub b/pgp/keyrings/aptly_passphrase.pub
deleted file mode 100644
index ec24aa32d580f5d8b194894520b34acca0a273da..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 915
zcmV;E18n@60ipy{0QiRy1OSd4WNFxt1~o!-S1@skL_54;9Geppna?(rQ9M6;^61m0
zTSc%gL&7ChBb7d0Or!C1EV9=15fqC^yng{ATtzFu#5gJRR62G-ad;H|u8fW1KTwD|
zCDAtEgtlGHCcZom-PUPIqgO@njh~(Gx=D-y-tNOz))K;%IhEXR8>;}I-q#?f(6RWI
z-OXcvP^lCq*Y(mz1OSYhefdk_v|koHb|0LjoxH?qTlgA$bn7b870Rh(E1cglq~G{>
zWL?y~4}83gH#RycF+D%8ydsilZBTai=zl~H98lZSjS(v;$SGmeyYy8*$-j|mLziOa
z{obdM51&ogV40AocwqWy+AlT_X#AfTRq$3*Tw5Ul<EIb&H{1jL6~Bcl`-}r<>o75{
z5GH^K+7jr|XFr#NX?6%so!OiZh!Wm`05$wkSQradtZH3SskB4Zw%f(MlI2R-7a=l+
z{8{$?w!RKVk-wSPG5bS^_ZEKw8Ne}Uuq?ynS-DDNnLJuM7R5qGzPE3U5p_#<2X?R+
zuJ3`wrlz5JMxYP|v@Jn!bZmJbRAqB?WpW@WWN&UKbRczeWguyEDIh#_Wpi{uVQ_S8
zc`j*gW^X=-VgwTr0stZf0#pF_hXNZT1`7!Y2Ll2I6$k<e3JU}l0s{d89svRufB*^!
z5c3X<xy{}x_(doHoDU_V1kRa1^45^0i``Y&J1AD|s{o*<`3PHWL_uZR^}{F^!f4S3
zsVD5Y0SyFH0QiRx1OVy{MSg-sqfe59+hdUKfS>f<gleZN07Goh9?)~;ATE3MnM!E^
zhFFN!5l%9c^dbM)Ys=cbF(O+ac5NFTN%@AaiHXSssD&`yC~v?QI6)6IDrCI3>Glbf
zPQGN+gxEe1^{B*lQvX=Ds$?0p8=xACrv5hEUyUMX#wm|s_X7X}1_S`N5*%@3y6^74
z;EF*<?$eq%dB;{>YS!LmMi4Gt({SiHgpC<Kt)cDLmxZ2qKQOpe49EIFw1+MRPj&QZ
zQGQK{<fH9O{lSiaKv{F(w9Y}t4luk3aHRKt>!7P5z)S3^=$Wb)<WJ?Y#tdzFD8?XS
z(^>i;Na;L}$HUX!z_VwFNdy=X0ssjG0#pF_hXNZ60162Z^A3!;&E6{bVvhizhW1^F
pQh@M!p0s?4b08k6=4vgD0G>G%4Dudkh>m4~)&`HDtX0QWgp6=$od5s;

diff --git a/pgp/keyrings/aptly_passphrase.sec b/pgp/keyrings/aptly_passphrase.sec
deleted file mode 100644
index 2ffe24ef89c4e7d10037073e8862f7503f8618cc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1052
zcmV+%1mpXa0pSEx0QiRy1OSd4WNFxt1~o!-S1@skL_54;9Geppna?(rQ9M6;^61m0
zTSc%gL&7ChBb7d0Or!C1EV9=15fqC^yng{ATtzFu#5gJRR62G-ad;H|u8fW1KTwD|
zCDAtEgtlGHCcZom-PUPIqgO@njh~(Gx=D-y-tNOz))K;%IhEXR8>;}I-q#?f(6RWI
z-OXcvP^lCq*Y(mz1OSYhefdk_v|koHb|0LjoxH?qTlgA$bn7b870Rh(E1cglq~G{>
zWL?y~4}83gH#RycF+D%8ydsilZBTai=zl~H98lZSjS(v;$SGmeyYy8*$-j|mLziOa
z{obdM51&ogV40AocwqWy+AlT_X#AfTRq$3*Tw5Ul<EIb&H{1jL6~Bcl`-}r<>o75{
z5GH^K+7jr|XFr#NX?6%so!OiZh!Wm`05$wkSQradtZH3SskB4Zw%f(MlI2R-7a=l+
z{8{$?w!RKVk-wSPG5bS^_ZEKw8Ne}Uuq?ynS-DDNnLJuM7R5qGzPE3U5p_#<2X?R+
zuJ3`wrlz5JMxYP|{sRL7D=XB?HUmj|U^$$e&t2|=B_YXad=mkJ=kX&cY2vWjGN3nB
zD-j=-J1wYJT@3T@DFIFtwk?epcH;rGEkST}Y<VD5Wpi|8av&&VZ*C`aAa!$PAZc_d
zAUt$sb96vqaCB^WE@^INZ$5}(1QQVg03rnfQ~>yg0vjU+3ke7Z0|EvW2m%QT3j`Jd
z0|5da0Rk6*0162Z^A3!;&E6{bMJNEA4<(}n&Y3^*){v!(-Bs8-C|2#O0HCM&2wQDL
zL1o(Y!zdTRXwe3#C+wX8R|Hf5_=gY#0O}1zeu71#Pm+V%W03BEpY+~@YNsmzLu}9<
z&~xP=E_?QwN@)RxScujUPBN7AA^+HG%i6s$B3mGKZ5tj*`G&8FiOB@0g)rSHZ@?Eg
zK@T)4WW2ZO_6d|uzGT#d*gg>TsKj<s|5&%GWEr&^pc;#&{x;lSjUs2pDUV_I0{{aC
z1OT@Z9C2g1@9w|gia|&2)0#PX$5viy*4|}C5H4NQaOgRNjTt_zq3zd~g`RjnFt}9=
z$NE6Dhb{(Bb@XXbeocwwqwP%n!H$4HS##jD&OyfxFuVwGr1yX8psOOlOYExXnW`7$
zPvx@43~hNR#vo$TS^6MI={%3e!_(ftvuFMT0|F~6)XO#lNqS%_!4zhF-L<*V!>e>Z
zf0g#1l9hhR0AF)>qD$GcIyY`KhK&{VxJh?n50SC%vbZd5af68kggg`<oKjw<h)Dz(
z5dr`S1p-t6_=f@;3;+rV5c3X<xy{}x_+pO$pLB>TG9C524rc0esPistbb8{ZDgdC~
W)GO}0JmQ4yFg1%k_1g1bkD$UqR@;aG

diff --git a/pgp/keyrings/aptly2.pub.armor b/system/files/aptly2.pub.armor
similarity index 100%
rename from pgp/keyrings/aptly2.pub.armor
rename to system/files/aptly2.pub.armor
diff --git a/pgp/keyrings/aptly2.sec.armor b/system/files/aptly2.sec.armor
similarity index 100%
rename from pgp/keyrings/aptly2.sec.armor
rename to system/files/aptly2.sec.armor
diff --git a/pgp/keyrings/aptly2_passphrase.pub.armor b/system/files/aptly2_passphrase.pub.armor
similarity index 100%
rename from pgp/keyrings/aptly2_passphrase.pub.armor
rename to system/files/aptly2_passphrase.pub.armor
diff --git a/pgp/keyrings/aptly2_passphrase.sec.armor b/system/files/aptly2_passphrase.sec.armor
similarity index 100%
rename from pgp/keyrings/aptly2_passphrase.sec.armor
rename to system/files/aptly2_passphrase.sec.armor
diff --git a/pgp/keyrings/aptly2_trusted.pub b/system/files/aptly2_trusted.pub
similarity index 100%
rename from pgp/keyrings/aptly2_trusted.pub
rename to system/files/aptly2_trusted.pub
diff --git a/system/t12_api/publish.py b/system/t12_api/publish.py
index 4ecffbc1..42866421 100644
--- a/system/t12_api/publish.py
+++ b/system/t12_api/publish.py
@@ -6,7 +6,6 @@ from api_lib import TASK_SUCCEEDED, APITest
 
 DefaultSigningOptions = {
     "Keyring": os.path.join(os.path.dirname(inspect.getsourcefile(APITest)), "files") + "/aptly.pub",
-    "SecretKeyring": os.path.join(os.path.dirname(inspect.getsourcefile(APITest)), "files") + "/aptly.sec",
 }