[tor-commits] [bridgedb/master] Add new GnuPG options to bridgedb.conf.
isis at torproject.org
isis at torproject.org
Sat Mar 21 02:03:02 UTC 2015
commit a9688d06fd6ae7ebe0c47174ef70ae0bc774c390
Author: Isis Lovecruft <isis at torproject.org>
Date: Sun Feb 22 09:56:12 2015 +0000
Add new GnuPG options to bridgedb.conf.
* ADD new options to bridgedb.conf:
- EMAIL_GPG_HOMEDIR
- EMAIL_GPG_PRIMARY_KEY_FINGERPRINT
- EMAIL_GPG_PASSPHRASE
- EMAIL_GPG_PASSPHRASE_FILE
* ADD EMAIL_GPG_HOMEDIR and EMAIL_GPG_PASSPHRASE_FILE to the options
whose paths are expanded in ``bridgedb.configure.loadConfig()``.
---
bridgedb.conf | 55 ++++++++++++++++++++++++++++++++++++++++++---
lib/bridgedb/configure.py | 3 ++-
2 files changed, 54 insertions(+), 4 deletions(-)
diff --git a/bridgedb.conf b/bridgedb.conf
index f8b126c..e0b25f0 100644
--- a/bridgedb.conf
+++ b/bridgedb.conf
@@ -15,11 +15,19 @@
# for details.
# :copyright: (c) 2007-2014 The Tor Project, Inc.
# (c) 2007-2014, all sentient entities within the AUTHORS file
-# :version: 0.0.13
+# :version: 0.0.14
#===============================================================================
#
# CHANGELOG:
# ~~~~~~~~~~
+# Changes in version 0.0.14 - 2015-02-22
+# * ADD new OpenPGP-related options:
+# - EMAIL_GPG_HOMEDIR
+# - EMAIL_GPG_PRIMARY_KEY_FINGERPRINT
+# - EMAIL_GPG_PASSPHRASE
+# - EMAIL_GPG_PASSPHRASE_FILE
+# * REMOVE old OpenPGP signing key file option, EMAIL_GPG_SIGNING_KEY.
+#
# Changes in version 0.0.13 - 2015-02-20
# * ADD NO_DISTRIBUTION_COUNRIES option for refusing to distribute bridges
# whose primary ORAddress is geolocated to any of some certain countries.
@@ -388,9 +396,50 @@ EMAIL_N_BRIDGES_PER_ANSWER = 3
# once we have the vidalia/tor interaction fixed for everbody.
EMAIL_INCLUDE_FINGERPRINTS = True
-# Configuration options for GPG signed messages
+#
+# Configuration options for OpenPGP signing and encryption
+# ------------------------------------------------------------------------------
+
+# Should we sign all email responses to clients with the key specified by
+# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT (or one of its subkeys)?
EMAIL_GPG_SIGNING_ENABLED = True
-EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec'
+
+# The directory, relative to BridgeDB's runtime directory, in which to store
+# OpenPGP keyrings and associated files.
+EMAIL_GPG_HOMEDIR = '.gnupg'
+
+# This should be a 40-character hexadecimal string containing the OpenPGP
+# fingerprint (without spaces) of the default primary key to use. The key
+# should be capable of both signing and encryption, or have subkeys capable of
+# such.
+#
+# The default primary key fingerprint below is the test key contained in the
+# '.gnupg/TESTING.subkeys.sec' and '.gnupg/TESTING.pub' files:
+EMAIL_GPG_PRIMARY_KEY_FINGERPRINT = '0017098C5DF4197E3C884DCFF1B240D43F148C21'
+
+# If the key referred to by EMAIL_GPG_PRIMARY_KEY_FINGERPRINT requires a
+# passphrase for signing or encryption, then the passphrase may be given in
+# the EMAIL_GPG_PASSPHRASE option (as a string), or it may be contained within
+# the file pointed to by EMAIL_GPG_PASSPHRASE_FILE. Currently, only one
+# passphrase is supported, so if the key specified by
+# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT has multiple subkeys, those subkeys MUST
+# all have the same passphrase.
+#
+# If EMAIL_GPG_PASSPHRASE_FILE is used, and the filepath is not absolute, the
+# path is interpreted as being relative to BridgeDB's runtime directory.
+# (Note: be sure not to put any newlines after the phassphrase in the
+# EMAIL_GPG_PASSPHRASE_FILE, or else they will be interpreted as part of the
+# passphrase.)
+#
+# There are currently no safety checks on the permissions of either this
+# configuration file or the EMAIL_GPG_PASSPHRASE_FILE, so beware and use at
+# your own risk.
+#
+# If both EMAIL_GPG_PASSPHRASE and EMAIL_GPG_PASSPHRASE_FILE are ``None``,
+# then it is assumed that the key specified by
+# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT does not require a passphrase.
+EMAIL_GPG_PASSPHRASE = None
+EMAIL_GPG_PASSPHRASE_FILE = None
#-------------------------------
# Hashring Allocation Options \
diff --git a/lib/bridgedb/configure.py b/lib/bridgedb/configure.py
index 83b53d6..55fcba5 100644
--- a/lib/bridgedb/configure.py
+++ b/lib/bridgedb/configure.py
@@ -104,7 +104,8 @@ def loadConfig(configFile=None, configCls=None):
"ASSIGNMENTS_FILE", "HTTPS_CERT_FILE", "HTTPS_KEY_FILE",
"LOG_FILE", "STATUS_FILE", "COUNTRY_BLOCK_FILE",
"GIMP_CAPTCHA_DIR", "GIMP_CAPTCHA_HMAC_KEYFILE",
- "GIMP_CAPTCHA_RSA_KEYFILE"]:
+ "GIMP_CAPTCHA_RSA_KEYFILE", "EMAIL_GPG_HOMEDIR",
+ "EMAIL_GPG_PASSPHRASE_FILE"]:
setting = getattr(config, attr, None)
if setting is None:
setattr(config, attr, setting)
More information about the tor-commits
mailing list