More cleanup

atomicturtle · atomicturtle · commit b406825c0e92 · 2026-01-08T13:06:32.000-05:00
Signed-off-by: Scott R. Shinn &lt;scott@atomicorp.com&gt;
diff --git a/chelon.spec b/chelon.spec
@@ -1,6 +1,6 @@
 Name:           chelon
 Version:        1.0.0
-Release:        7%{?dist}
+Release:        12%{?dist}
 Summary:        Remote GPG package signing service
 
 License:        GPL-2.0-or-later
@@ -138,40 +138,5 @@ fi
 %{python3_sitelib}/__pycache__/
 
 %changelog
-* Thu Jan 08 2026 Atomicorp <support@atomicorp.com> - 1.0.0-7
-- Fix: Ensure chelon_client.py is installed to site-packages (spec file fix)
-
-* Thu Jan 08 2026 Atomicorp <support@atomicorp.com> - 1.0.0-6
-- Move chelon_client.py to site-packages for standard import resolution
-
-* Thu Jan 08 2026 Atomicorp <support@atomicorp.com> - 1.0.0-5
-- Fix python import path for client library in chelon-sign
-
-* Thu Jan 08 2026 Atomicorp <support@atomicorp.com> - 1.0.0-4
-- Support dynamic key names in chelon-sign (removed hardcoded Key IDs)
-- Added --key-name alias for --key-type
-
-* Wed Jan 07 2026 Atomicorp <support@atomicorp.com> - 1.0.0-3
-- Consolidate chelon-sign-rpm and chelon-sign-repomd into chelon-sign
-- Security: Sanitize script paths in RPM macros
-- Security: Optimize DoS protection with chunked reading
-- Fix: Add error handling for malformed base64 signatures
-- Fix: Improve client certificate fallback logic
-
-* Wed Jan 07 2026 Atomicorp <support@atomicorp.com> - 1.0.0-2
-- Split into server and client subpackages
-- Add client signing tools (chelon-sign-rpm, chelon-sign-repomd)
-- Add binary data signing support
-- Update HTTP API endpoints and request/response formats
-- Unified logging to journald/syslog
-- Enhanced audit logging with request tracing
-- Fixed hardcoded admin tool paths
-- Code review fixes: config ownership, SSL validation, payload size checks
-
-* Tue Jan 06 2026 Atomicorp <support@atomicorp.com> - 1.0.0-1
-- Initial package
-- Flask-based HTTP API for remote signing
-- Support for Legacy and Modern GPG keys
-- Token-based authentication
-- Audit logging
-- Default port: 5050
+* Thu Jan 08 2026 Atomicorp <support@atomicorp.com> - 1.0.0-12
+- Initial release
diff --git a/tools/chelon-sign b/tools/chelon-sign
@@ -130,8 +130,10 @@ def gpg_mode(args: List[str]):
             data = f.read()
             
     # Determine key type from key_id (mapping logic)
-    # In this wrapper, we rely on env CHELON_KEY_TYPE or default to modern
-    key_type = os.environ.get('CHELON_KEY_TYPE', 'modern')
+    key_type = os.environ.get('CHELON_KEY') or os.environ.get('CHELON_KEY_TYPE')
+    if not key_type:
+        print("Error: No key specified via environment (CHELON_KEY).", file=sys.stderr)
+        sys.exit(1)
     
     # Initialize client
     try:
@@ -321,8 +323,8 @@ def main():
                        help='Signing type (default: guess from extension or "rpm")')
     parser.add_argument('--resign', action='store_true', help='Embed signature into RPM header (requires rpmsign, implies --type rpm)')
     parser.add_argument('-o', '--output', help='Output signature file (default: <file>.asc, only for detached)')
-    parser.add_argument('-k', '--key-type', '--key-name', dest='key_type', default='modern',
-                       help='GPG key name/type (default: modern)') # --key-name is alias
+    parser.add_argument('-k', '--key', '--key-name', dest='key_name', metavar='KEY',
+                       help='GPG key name')
     parser.add_argument('--insecure', action='store_true', help='Disable SSL certificate verification')
     parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
     
@@ -342,17 +344,25 @@ def main():
             op_type = 'rpm'
     
     try:
+        # Validate key_name presence or fallback to env
+        key_name = args.key_name
+        if not key_name:
+            key_name = os.environ.get('CHELON_KEY') or os.environ.get('CHELON_KEY_TYPE')
+        
+        if not key_name:
+            parser.error("GPG key name is required (-k/--key or CHELON_KEY env var)")
+
         if args.resign:
             if op_type != 'rpm':
                 print("Error: --resign is only supported for RPM files", file=sys.stderr)
                 return 1
-            success = sign_rpm_integrated(args.file, key_type=args.key_type, verbose=args.verbose)
+            success = sign_rpm_integrated(args.file, key_type=key_name, verbose=args.verbose)
             return 0 if success else 1
         else:
             output_file = sign_file_detached(
                 args.file,
                 output_path=args.output,
-                key_type=args.key_type,
+                key_type=key_name,
                 operation=op_type,
                 verbose=args.verbose
             )
