- Flush key-collecting structures each time a new public key entry is found.
This will avoid adding sub-keys and overwriting main keys with them.
- Use parseaddr from email.utils to parse emails (and drop realname part).
- Record logs produced during unit tests.
- Fix a small bug in test code.
Also: add basic information about available test identities to testing
documentation.
Introduce new Python modules:
- lacre.notify -- to send notifications from the cron script;
- lacre.dbschema -- to keep database schema definition as code (SQLAlchemy);
- lacre.repositories -- to define key and identity repositories with high
level APIs that we can then use elsewhere.
Also:
- rework GnuPG.add_key to return fingerprint so we can use it in the cron
script;
- rename cron-job's logger name, replacing dash with an underscore as logging
module doesn't like dashes.
- Use regular expressions instead of finding particular characters in gnupg
output to decide whether confirmation line was found.
- Use tempfile.mkdtemp to create secure temporary directories.
- Record information about the key considered by GnuPG. When missing in
exception, it means no key was found.
When GnuPG refuses to encrypt a message (e.g. when key has expired), record
information about the failure and send to logs, then deliver cleartext. This
way we won't bounce email that could be delivered without encryption.
Also: add more E2E tests.
- Cover basic GnuPG functionality with tests (confirm_key, public_keys).
- Add a test public key file.
- Fix resource leak by closing streams opened by Popen.
- Add a new test input message for a new test identity, test scenario
configuration and a test key.
- While retrieving message payload, determine charset based on the
Content-Type header. When missing, default to UTF-8.
- Use more comprehensible variables names.
- Adjust logging levels.
Related to #63: TypeError: memoryview: a bytes-like object is required, not
'str'.
- Allow GnuPG.add_key accept either 'str' or 'bytes'.
- Import MIMEText from email.mime.text.
Since it's not so easy to encrypt a message exactly the same way twice, we
only verify if the message has been encrypted or not.
Introduce minor changes to the library itself, because it doesn't work very
well with modern GnuPG.
Also, include GnuPG directory (pointed at by --homedir option).
Piotr F. Mieszkowski
fkrone
perennate
Colin Moller
Taylor Hornby
Igor Rzegocki
mcmaster