Added the option to pass args to the GPG init call.

5e6db1be · Tobias Dussa · d9b329b9 · 5e6db1be · 5e6db1be
Commit 5e6db1be authored 8 months ago by Tobias Dussa
--- a/reaction-mailcreate/README.md
+++ b/reaction-mailcreate/README.md
@@ -134,6 +134,9 @@ DFN-CERT,Tobias,Dussa,dussa@dfn-cert.de
   be empty (`""`) or `gpg`.  Defaults to none.
 - `--sign-arg`: Specifies additional arguments to be passed to the function
   call that signs the mail.  Defaults to none.
+ - `--sign-init-arg`: Specifies additional arguments to be passed to the
+   function call that initializes the mail-signing mechanism.  Defaults to
+   none.
 - `-s`/`--subject`: Specifies the mail subject to be used.  Defaults to
   `Security Challenge Message -- {campaign}{infix}`.
 - `-T`/`--to`: Specifies the recipient mail address to be used.  Defaults
@@ -269,6 +272,12 @@ the signing command:
 ./createMails.py --sign gpg --sign-arg "keyid=0x1234567890ABCDEF"
 ```

+You can also specify a different directory to be used as GnuPG home by
+passing call options to the signing command:
+```
+./createMails.py --sign gpg --sign-init-arg "gnupghome=/some/dir"
+```
+
 By default, mails are sent to localhost on port 25 using plain SMTP.  To
 use a different mail server, you need to specify the server to be used:
 ```

--- a/reaction-mailcreate/createMails.py
+++ b/reaction-mailcreate/createMails.py
@@ -53,36 +53,37 @@ class KeyValueAction(argparse.Action):
 parser.register('action', 'keyvalue', KeyValueAction)

 # Parse args
-parser.add_argument('-a', '--attach',     dest='attach',     default=[], nargs=1, action='extend', help='add attachment(s) to mail (default: None)')
-parser.add_argument('-b', '--basedir',    dest='basedir',    default='Mails', help='base directory for all output (default: "Mails")')
-parser.add_argument('-B', '--bcc',        dest='bcc',        default=[], nargs=1, action='extend', help='additional mail recipient(s) to bcc (default: None)')
-parser.add_argument('-c', '--campaign',   dest='campaign',   default='Test', help='campaign name (default: "Test")')
-parser.add_argument('-C', '--cc',         dest='cc',         default=[], nargs=1, action='extend', help='additional mail recipient(s) to cc (default: None)')
-parser.add_argument('-d', '--dry-run',    dest='dryrun',     default=False, action='store_true', help='dry run -- do not actually send mails or create targets (default: False)')
-parser.add_argument('-f', '--from',       dest='sender',     default='Nobody <nobody@example.com>', help='sender mail address (default: "Nobody <nobody@example.com>"; implies dry-run if not set)')
-parser.add_argument('-F', '--force',      dest='force',      default=False, action='store_true', help='force insecure login without TLS/SSL (default: False)')
-parser.add_argument('-H', '--hashstring', dest='hashstring', default='{salt}{campaign}{infix}-{site}', help='string to be hashed for the URL (default: "{salt}{campaign}{infix}-{site}" where "{salt}" is a random string)')
-parser.add_argument('-i', '--input',      dest='input',      default='{basedir}/{campaign}/Input{infix}.lst', help='input file (default: "{basedir}/{campaign}/Input{infix}.lst")')
-parser.add_argument('-I', '--message-id', dest='messageid',  default=False, action='store_true', help='create a message ID (default: False)')
-parser.add_argument('-o', '--output',     dest='output',     default='{basedir}/{campaign}/{site}/{timestamp}{infix}.eml', help='output file name template (default: "{basedir}/{campaign}/{site}/{timestamp}{infix}.eml")')
-parser.add_argument('-R', '--reply-to',   dest='replyto',    default=None, help='reply-to mail address (default: None)')
-parser.add_argument(      '--salt',       dest='salt',       default=None, help='salt to use for hashing (default: random 8-byte hex string)')
-parser.add_argument(      '--sign',       dest='sign',       default='', type=str.lower, choices=['', 'gpg', 'gpgsm'], help='signature method (default: ""); one of "", "gpg"')
-parser.add_argument(      '--sign-arg',   dest='signarg',    default={}, nargs=1, action='keyvalue', help='additional arguments to be passed to the signature call (default: None)')
-parser.add_argument('-s', '--subject',    dest='subject',    default='Security Challenge for {site} -- {campaign}{infix}', help='mail subject (default: "Security Challenge Message -- {campaign}{infix}")')
-parser.add_argument('-S', '--smtpserver', dest='smtpserver', default='localhost', help='SMTP server to use (default: "localhost"); port can be specified with "<host>:<port>" notation and takes precedence over implied ports and port specification')
-parser.add_argument(      '--smtpport',   dest='smtpport',   default=0, type=int, help='SMTP port to use (default: 25); takes precedence over implied ports')
-parser.add_argument(      '--smtpuser',   dest='smtpuser',   default=None, help='SMTP user to login with (default: none); implies TLS (port 465) unless STARTTLS is set as well')
-parser.add_argument(      '--smtppass',   dest='smtppass',   default=None, help='SMTP password to login with (default: none); implies TLS (port 465) unless STARTTLS is set as well; will be queried interactively if set to "-"')
-parser.add_argument(      '--starttls',   dest='starttls',   default=False, action='store_true', help='login using STARTTLS (default: False); implies port 587')
-parser.add_argument('-t', '--template',   dest='template',   default='{basedir}/{campaign}/Mail.template', help='mail template file (default: "{basedir}/{campaign}/Mail.template")')
-parser.add_argument(      '--timestamp',  dest='timestamp',  default='%Y-%m-%dT%H:%M:%SZ', help='timestamp format used for {timestamp} keyword (default: "%%Y-%%m-%%dT%%H:%%M:%%SZ")')
-parser.add_argument('-T', '--to',         dest='to',         default='{firstname} {lastname} <{email}>', help='recipient mail address (default: "{firstname} {lastname} <{email}>")')
-parser.add_argument('-u', '--url',        dest='url',        default='{webserver}/{campaign}{infix}-{hash}', help='URL template to use (default: "{webserver}/{campaign}{infix}-{hash}"')
-parser.add_argument('-U', '--createurl',  dest='createurl',  default='{webserver}/{campaign}{infix}-{hash}/create', help='URL template to use for creation URL (default: "{webserver}/{campaign}{infix}-{hash}/create"')
-parser.add_argument('-v', '--verbose',    dest='verbose',    default=False, action='store_true', help='increase verbosity')
-parser.add_argument('-w', '--webserver',  dest='webserver',  default='https://challenge.example.com', help='web server to use (default: "https://challenge.example.com"; implies dry-run if not set; to suppress web-hook calling, set to empty string ""')
-parser.add_argument('infix',                                 default='', nargs='?', help='infix for ID purposes, default empty')
+parser.add_argument('-a', '--attach',        dest='attach',      default=[], nargs=1, action='extend', help='add attachment(s) to mail (default: None)')
+parser.add_argument('-b', '--basedir',       dest='basedir',     default='Mails', help='base directory for all output (default: "Mails")')
+parser.add_argument('-B', '--bcc',           dest='bcc',         default=[], nargs=1, action='extend', help='additional mail recipient(s) to bcc (default: None)')
+parser.add_argument('-c', '--campaign',      dest='campaign',    default='Test', help='campaign name (default: "Test")')
+parser.add_argument('-C', '--cc',            dest='cc',          default=[], nargs=1, action='extend', help='additional mail recipient(s) to cc (default: None)')
+parser.add_argument('-d', '--dry-run',       dest='dryrun',      default=False, action='store_true', help='dry run -- do not actually send mails or create targets (default: False)')
+parser.add_argument('-f', '--from',          dest='sender',      default='Nobody <nobody@example.com>', help='sender mail address (default: "Nobody <nobody@example.com>"; implies dry-run if not set)')
+parser.add_argument('-F', '--force',         dest='force',       default=False, action='store_true', help='force insecure login without TLS/SSL (default: False)')
+parser.add_argument('-H', '--hashstring',    dest='hashstring',  default='{salt}{campaign}{infix}-{site}', help='string to be hashed for the URL (default: "{salt}{campaign}{infix}-{site}" where "{salt}" is a random string)')
+parser.add_argument('-i', '--input',         dest='input',       default='{basedir}/{campaign}/Input{infix}.lst', help='input file (default: "{basedir}/{campaign}/Input{infix}.lst")')
+parser.add_argument('-I', '--message-id',    dest='messageid',   default=False, action='store_true', help='create a message ID (default: False)')
+parser.add_argument('-o', '--output',        dest='output',      default='{basedir}/{campaign}/{site}/{timestamp}{infix}.eml', help='output file name template (default: "{basedir}/{campaign}/{site}/{timestamp}{infix}.eml")')
+parser.add_argument('-R', '--reply-to',      dest='replyto',     default=None, help='reply-to mail address (default: None)')
+parser.add_argument(      '--salt',          dest='salt',        default=None, help='salt to use for hashing (default: random 8-byte hex string)')
+parser.add_argument(      '--sign',          dest='sign',        default='', type=str.lower, choices=['', 'gpg', 'gpgsm'], help='signature method (default: ""); one of "", "gpg"')
+parser.add_argument(      '--sign-arg',      dest='signarg',     default={}, nargs=1, action='keyvalue', help='additional arguments to be passed to the signature call (default: None)')
+parser.add_argument(      '--sign-init-arg', dest='signinitarg', default={}, nargs=1, action='keyvalue', help='additional arguments to be passed to the signature-mechanism init call (default: None)')
+parser.add_argument('-s', '--subject',       dest='subject',     default='Security Challenge for {site} -- {campaign}{infix}', help='mail subject (default: "Security Challenge Message -- {campaign}{infix}")')
+parser.add_argument('-S', '--smtpserver',    dest='smtpserver',  default='localhost', help='SMTP server to use (default: "localhost"); port can be specified with "<host>:<port>" notation and takes precedence over implied ports and port specification')
+parser.add_argument(      '--smtpport',      dest='smtpport',    default=0, type=int, help='SMTP port to use (default: 25); takes precedence over implied ports')
+parser.add_argument(      '--smtpuser',      dest='smtpuser',    default=None, help='SMTP user to login with (default: none); implies TLS (port 465) unless STARTTLS is set as well')
+parser.add_argument(      '--smtppass',      dest='smtppass',    default=None, help='SMTP password to login with (default: none); implies TLS (port 465) unless STARTTLS is set as well; will be queried interactively if set to "-"')
+parser.add_argument(      '--starttls',      dest='starttls',    default=False, action='store_true', help='login using STARTTLS (default: False); implies port 587')
+parser.add_argument('-t', '--template',      dest='template',    default='{basedir}/{campaign}/Mail.template', help='mail template file (default: "{basedir}/{campaign}/Mail.template")')
+parser.add_argument(      '--timestamp',     dest='timestamp',   default='%Y-%m-%dT%H:%M:%SZ', help='timestamp format used for {timestamp} keyword (default: "%%Y-%%m-%%dT%%H:%%M:%%SZ")')
+parser.add_argument('-T', '--to',            dest='to',          default='{firstname} {lastname} <{email}>', help='recipient mail address (default: "{firstname} {lastname} <{email}>")')
+parser.add_argument('-u', '--url',           dest='url',         default='{webserver}/{campaign}{infix}-{hash}', help='URL template to use (default: "{webserver}/{campaign}{infix}-{hash}"')
+parser.add_argument('-U', '--createurl',     dest='createurl',   default='{webserver}/{campaign}{infix}-{hash}/create', help='URL template to use for creation URL (default: "{webserver}/{campaign}{infix}-{hash}/create"')
+parser.add_argument('-v', '--verbose',       dest='verbose',     default=False, action='store_true', help='increase verbosity')
+parser.add_argument('-w', '--webserver',     dest='webserver',   default='https://challenge.example.com', help='web server to use (default: "https://challenge.example.com"; implies dry-run if not set; to suppress web-hook calling, set to empty string ""')
+parser.add_argument('infix',                                     default='', nargs='?', help='infix for ID purposes, default empty')
 args = parser.parse_args()

 class SafeDict(dict):
@@ -221,9 +222,9 @@ def toHex(serial):
 def signMailGPG(message):
    # Set up GPG context
    if args.sign == 'gpg':
-        gpg = gnupg.GPG()
+        gpg = gnupg.GPG(**args.signinitarg)
    else:
-        gpg = gnupg.GPG(gpgbinary='gpgsm')
+        gpg = gnupg.GPG(gpgbinary='gpgsm', **args.signinitarg)

    # Sign mail
    try: