[projects/pld-ftp-admin.git] / modules / sign.py

#!/usr/bin/env python
# vi: encoding=utf-8 ts=8 sts=4 sw=4 et

import os
import sys
import rpm
import subprocess
import pexpect
from config import sign_key

def getSigInfo(hdr):
    """checks signature from an hdr hand back signature information and/or
       an error code"""
    # yum-3.2.22/rpmUtils/miscutils.py

    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
    siginfo = hdr.sprintf(string)
    if siginfo == '(none)':
        return None
   
    return siginfo.split(',')[2].lstrip()

def is_signed(rpm_file):
    """Returns rpm information is package signed by the same key"""
    # http://code.activestate.com/recipes/306705/

    if sign_key == None:
        return None

    ts = rpm.ts()
    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
    fdno = os.open(rpm_file, os.O_RDONLY)
    hdr = ts.hdrFromFdno(fdno)
    os.close(fdno)

    sigid = getSigInfo(hdr)
    if sigid == None:
        return None

    return sign_key == sigid[-len(sign_key):]

def signpkgs(files, password):
    if not os.path.isfile('/usr/bin/gpg'):
        raise OSError, 'Missing gnupg binary'
    if not os.path.isfile('/bin/rpm'):
        raise OSError, 'Missing rpm binary'

    os.putenv('LC_ALL', 'C')
    args = ['--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
    child = pexpect.spawn('/bin/rpm', args)
    child.logfile_read = sys.stderr
    child.expect('Enter pass phrase:', timeout=30)
    child.sendline(password)
    child.expect(pexpect.EOF, timeout=None)
    child.close()
    rc = child.exitstatus
    if rc != 0:
        raise OSError, 'package signing failed'
Commit	Line	Data
7b5c7734 ER	1	#!/usr/bin/env python
	2	# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
	3
	4	import os
89b8ea8d	5	import sys
7b5c7734 ER	6	import rpm
7b5c7734 ER	7	import subprocess
89b8ea8d	8	import pexpect
7b5c7734 ER	9	from config import sign_key
	10
	11	def getSigInfo(hdr):
	12	"""checks signature from an hdr hand back signature information and/or
	13	an error code"""
	14	# yum-3.2.22/rpmUtils/miscutils.py
	15
	16	string = '%\|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%\|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%\|SIGGPG?{%{SIGGPG:pgpsig}}:{%\|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}\|}\|}\|}\|'
	17	siginfo = hdr.sprintf(string)
	18	if siginfo == '(none)':
	19	return None
	20
	21	return siginfo.split(',')[2].lstrip()
	22
	23	def is_signed(rpm_file):
	24	"""Returns rpm information is package signed by the same key"""
	25	# http://code.activestate.com/recipes/306705/
	26
	27	if sign_key == None:
	28	return None
	29
	30	ts = rpm.ts()
	31	ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
	32	fdno = os.open(rpm_file, os.O_RDONLY)
	33	hdr = ts.hdrFromFdno(fdno)
	34	os.close(fdno)
	35
	36	sigid = getSigInfo(hdr)
	37	if sigid == None:
	38	return None
	39
	40	return sign_key == sigid[-len(sign_key):]
	41
89b8ea8d	42	def signpkgs(files, password):
7b5c7734 ER	43	if not os.path.isfile('/usr/bin/gpg'):
	44	raise OSError, 'Missing gnupg binary'
	45	if not os.path.isfile('/bin/rpm'):
	46	raise OSError, 'Missing rpm binary'
	47
89b8ea8d AM	48	os.putenv('LC_ALL', 'C')
	49	args = ['--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
	50	child = pexpect.spawn('/bin/rpm', args)
866a153b	51	child.logfile_read = sys.stderr
89b8ea8d AM	52	child.expect('Enter pass phrase:', timeout=30)
89b8ea8d AM	53	child.sendline(password)
866a153b	54	child.expect(pexpect.EOF, timeout=None)
89b8ea8d AM	55	child.close()
89b8ea8d AM	56	rc = child.exitstatus
7b5c7734 ER	57	if rc != 0:
7b5c7734 ER	58	raise OSError, 'package signing failed'