This simple perl script takes the output of gpg --list-keys --verbose,

which lists all the keys in your public key ring, along with all
their signatures, and converts it to a di-graph in "dot" language
form.

The graphviz package can turn the description into a graph you can
look at to see who has signed whose key, or how far it is from your
key to someone in Reykjavik, etc.

4 files changed, 142 insertions, 0 deletions

diff --git a/security/gpg2dot/DESCR b/security/gpg2dot/DESCR
new file mode 100644
index 00000000000..efd6d47b434
--- /dev/null
+++ b/security/gpg2dot/DESCR
@@ -0,0 +1,8 @@
+This simple perl script takes the output of gpg --list-keys --verbose,
+which lists all the keys in your public key ring, along with all
+their signatures, and converts it to a di-graph in "dot" language
+form.
+
+The graphviz package can turn the description into a graph you can
+look at to see who has signed whose key, or how far it is from your
+key to someone in Reykjavik, etc.
diff --git a/security/gpg2dot/Makefile b/security/gpg2dot/Makefile
new file mode 100644
index 00000000000..d37ce16a1d6
--- /dev/null
+++ b/security/gpg2dot/Makefile
@@ -0,0 +1,55 @@
+# $NetBSD: Makefile,v 1.1 2004/01/21 04:04:55 atatat Exp $
+#
+
+DISTNAME=	gpg2dot-1.0
+WRKSRC=		${WRKDIR}
+CATEGORIES=	security
+MASTER_SITES=	# empty
+DISTFILES=	# empty
+
+MAINTAINER=	lukem@NetBSD.org
+HOMEPAGE=	ftp://ftp.NetBSD.org/pub/NetBSD/packages/pkgsrc/Packages.txt
+COMMENT=	Converts your GnuPG keyring to a graph of associations
+
+USE_PERL5=	YES
+
+EXTRACT_ONLY=	# empty
+NO_CHECKSUM=	yes
+NO_CONFIGURE=	yes
+
+DISTVER=	${DISTNAME:S/gpg2dot-//}
+
+.include "../../mk/bsd.prefs.mk"
+
+.if ${OPSYS} == "SunOS"
+# This doesn't create readable manual pages. "mandoc" should be added
+# to zoularis.
+NROFF=		nroff -man
+.else
+NROFF=		nroff -mandoc
+.endif
+
+do-extract:
+	${CP} ${FILESDIR}/gpg2dot.pl ${WRKSRC}/gpg2dot.pl
+#	${CP} ${FILESDIR}/gpg2dot.1 ${WRKSRC}/gpg2dot.1.in
+
+do-build:
+.for FILE in gpg2dot
+	${SED} -e 's|@PREFIX@|${PREFIX}|g'		\
+		-e 's|@DISTVER@|${DISTVER}|g'		\
+		< ${WRKSRC}/${FILE}.pl 			\
+		> ${WRKSRC}/${FILE}
+.endfor
+#.for FILE in gpg2dot
+#	${SED} -e ''					\
+#		< ${WRKSRC}/${FILE}.1.in		\
+#		> ${WRKSRC}/${FILE}.1
+#	${NROFF} ${WRKSRC}/${FILE}.1 >${WRKSRC}/${FILE}.0
+#.endfor
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/gpg2dot ${PREFIX}/bin/gpg2dot
+#	${INSTALL_MAN} ${WRKSRC}/gpg2dot.0 ${PREFIX}/man/cat1
+#	${INSTALL_MAN} ${WRKSRC}/gpg2dot.1 ${PREFIX}/man/man1
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/gpg2dot/PLIST b/security/gpg2dot/PLIST
new file mode 100644
index 00000000000..6d8b7ee6f9b
--- /dev/null
+++ b/security/gpg2dot/PLIST
@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1 2004/01/21 04:04:55 atatat Exp $
+bin/gpg2dot
diff --git a/security/gpg2dot/files/gpg2dot.pl b/security/gpg2dot/files/gpg2dot.pl
new file mode 100644
index 00000000000..6cd62881c52
--- /dev/null
+++ b/security/gpg2dot/files/gpg2dot.pl
@@ -0,0 +1,77 @@
+#!@PREFIX@/bin/perl
+
+# ----------------------------------------------------------------------------
+# "THE BEER-WARE LICENSE" (Revision 42):
+# <atatat@NetBSD.ORG> wrote this file.  As long as you retain this notice you
+# can do whatever you want with this stuff. If we meet some day, and you think
+# this stuff is worth it, you can buy me a beer in return.
+#
+# Andrew Brown
+# ----------------------------------------------------------------------------
+
+$date = localtime();
+
+$sg = "";
+open(GPG, "gpg --list-keys --verbose 2>/dev/null |");
+while (<GPG>) {
+    chomp;
+    if (/^(pub) +(\S+)\s+(\S+)\s+(.+\S)/ ||
+	/^(uid) +\s+(.+\S)/) {
+	if ($1 eq "pub") {
+	    ($lkeyid, $date, $kuid) = ($2, $3, $4);
+	}
+	else {
+	    ($kuid) = ($2);
+	}
+	$kuid =~ s/\"/\\\"/g;
+	($keyid = $lkeyid) =~ s:.*/::;
+	next if ($kuid !~ /netbsd.org/i);
+	$kuid{$keyid} = $kuid;
+	$label{$keyid} = "$lkeyid - $date\\n$kuid";
+    }
+    elsif (/^sig (.{7}) (\S+)\s+(\S+)\s+(.+\S)/) {
+	($skeyid, $date, $suid) = ($2, $3, $4);
+	next if ($kuid !~ /netbsd.org/i ||
+		 $suid =~ /id not found/ ||
+		 $skeyid eq $keyid);
+	push(@isigs, "$keyid $skeyid $date $suid");
+    }
+}
+
+foreach (@isigs) {
+    ($keyid, $skeyid, $date, $suid) = split(/ /, $_, 4);
+    next if (!$kuid{$keyid} || !$kuid{$skeyid});
+    push(@sigs, sprintf("\"%s\" -> \"%s\";\t// %s -> %s\n",
+			$skeyid, $keyid, $kuid{$skeyid}, $kuid{$keyid}));
+    $signer{$skeyid} = "yes";
+    $signed{$keyid} = "yes";
+}
+
+foreach (keys %label) {
+    next if (!$signer{$_} && !$signed{$_});
+    push(@keys, sprintf("\"%s\" [label=\"%s\"];\n",
+			$_, $label{$_}));
+}
+
+@sigs = uniq(sort(@sigs));
+
+$" = "";
+print(<<"EOF")
+digraph "gpg" {
+label = "gpg signature graph, $date";
+
+@keys
+@sigs
+}
+EOF
+    ;
+
+sub uniq {
+    my (@i) = @_;
+    my (@o);
+    push(@o, shift(@i));
+    foreach (@i) {
+	push(@o, $_) if ($o[-1] ne $_);
+    }
+    @o;
+}