commit a9688d06fd6ae7ebe0c47174ef70ae0bc774c390 Author: Isis Lovecruft isis@torproject.org Date: Sun Feb 22 09:56:12 2015 +0000
Add new GnuPG options to bridgedb.conf.
* ADD new options to bridgedb.conf: - EMAIL_GPG_HOMEDIR - EMAIL_GPG_PRIMARY_KEY_FINGERPRINT - EMAIL_GPG_PASSPHRASE - EMAIL_GPG_PASSPHRASE_FILE
* ADD EMAIL_GPG_HOMEDIR and EMAIL_GPG_PASSPHRASE_FILE to the options whose paths are expanded in ``bridgedb.configure.loadConfig()``. --- bridgedb.conf | 55 ++++++++++++++++++++++++++++++++++++++++++--- lib/bridgedb/configure.py | 3 ++- 2 files changed, 54 insertions(+), 4 deletions(-)
diff --git a/bridgedb.conf b/bridgedb.conf index f8b126c..e0b25f0 100644 --- a/bridgedb.conf +++ b/bridgedb.conf @@ -15,11 +15,19 @@ # for details. # :copyright: (c) 2007-2014 The Tor Project, Inc. # (c) 2007-2014, all sentient entities within the AUTHORS file -# :version: 0.0.13 +# :version: 0.0.14 #=============================================================================== # # CHANGELOG: # ~~~~~~~~~~ +# Changes in version 0.0.14 - 2015-02-22 +# * ADD new OpenPGP-related options: +# - EMAIL_GPG_HOMEDIR +# - EMAIL_GPG_PRIMARY_KEY_FINGERPRINT +# - EMAIL_GPG_PASSPHRASE +# - EMAIL_GPG_PASSPHRASE_FILE +# * REMOVE old OpenPGP signing key file option, EMAIL_GPG_SIGNING_KEY. +# # Changes in version 0.0.13 - 2015-02-20 # * ADD NO_DISTRIBUTION_COUNRIES option for refusing to distribute bridges # whose primary ORAddress is geolocated to any of some certain countries. @@ -388,9 +396,50 @@ EMAIL_N_BRIDGES_PER_ANSWER = 3 # once we have the vidalia/tor interaction fixed for everbody. EMAIL_INCLUDE_FINGERPRINTS = True
-# Configuration options for GPG signed messages +# +# Configuration options for OpenPGP signing and encryption +# ------------------------------------------------------------------------------ + +# Should we sign all email responses to clients with the key specified by +# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT (or one of its subkeys)? EMAIL_GPG_SIGNING_ENABLED = True -EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec' + +# The directory, relative to BridgeDB's runtime directory, in which to store +# OpenPGP keyrings and associated files. +EMAIL_GPG_HOMEDIR = '.gnupg' + +# This should be a 40-character hexadecimal string containing the OpenPGP +# fingerprint (without spaces) of the default primary key to use. The key +# should be capable of both signing and encryption, or have subkeys capable of +# such. +# +# The default primary key fingerprint below is the test key contained in the +# '.gnupg/TESTING.subkeys.sec' and '.gnupg/TESTING.pub' files: +EMAIL_GPG_PRIMARY_KEY_FINGERPRINT = '0017098C5DF4197E3C884DCFF1B240D43F148C21' + +# If the key referred to by EMAIL_GPG_PRIMARY_KEY_FINGERPRINT requires a +# passphrase for signing or encryption, then the passphrase may be given in +# the EMAIL_GPG_PASSPHRASE option (as a string), or it may be contained within +# the file pointed to by EMAIL_GPG_PASSPHRASE_FILE. Currently, only one +# passphrase is supported, so if the key specified by +# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT has multiple subkeys, those subkeys MUST +# all have the same passphrase. +# +# If EMAIL_GPG_PASSPHRASE_FILE is used, and the filepath is not absolute, the +# path is interpreted as being relative to BridgeDB's runtime directory. +# (Note: be sure not to put any newlines after the phassphrase in the +# EMAIL_GPG_PASSPHRASE_FILE, or else they will be interpreted as part of the +# passphrase.) +# +# There are currently no safety checks on the permissions of either this +# configuration file or the EMAIL_GPG_PASSPHRASE_FILE, so beware and use at +# your own risk. +# +# If both EMAIL_GPG_PASSPHRASE and EMAIL_GPG_PASSPHRASE_FILE are ``None``, +# then it is assumed that the key specified by +# EMAIL_GPG_PRIMARY_KEY_FINGERPRINT does not require a passphrase. +EMAIL_GPG_PASSPHRASE = None +EMAIL_GPG_PASSPHRASE_FILE = None
#------------------------------- # Hashring Allocation Options \ diff --git a/lib/bridgedb/configure.py b/lib/bridgedb/configure.py index 83b53d6..55fcba5 100644 --- a/lib/bridgedb/configure.py +++ b/lib/bridgedb/configure.py @@ -104,7 +104,8 @@ def loadConfig(configFile=None, configCls=None): "ASSIGNMENTS_FILE", "HTTPS_CERT_FILE", "HTTPS_KEY_FILE", "LOG_FILE", "STATUS_FILE", "COUNTRY_BLOCK_FILE", "GIMP_CAPTCHA_DIR", "GIMP_CAPTCHA_HMAC_KEYFILE", - "GIMP_CAPTCHA_RSA_KEYFILE"]: + "GIMP_CAPTCHA_RSA_KEYFILE", "EMAIL_GPG_HOMEDIR", + "EMAIL_GPG_PASSPHRASE_FILE"]: setting = getattr(config, attr, None) if setting is None: setattr(config, attr, setting)