[projects/pld-ftp-admin.git] / modules / sign.py

#!/usr/bin/env python
# vi: encoding=utf-8 ts=8 sts=4 sw=4 et

import os
import rpm
import subprocess
from config import sign_key

def getSigInfo(hdr):
    """checks signature from an hdr hand back signature information and/or
       an error code"""
    # yum-3.2.22/rpmUtils/miscutils.py

    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
    siginfo = hdr.sprintf(string)
    if siginfo == '(none)':
        return None
   
    return siginfo.split(',')[2].lstrip()

def is_signed(rpm_file):
    """Returns rpm information is package signed by the same key"""
    # http://code.activestate.com/recipes/306705/

    if sign_key == None:
        return None

    ts = rpm.ts()
    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
    fdno = os.open(rpm_file, os.O_RDONLY)
    hdr = ts.hdrFromFdno(fdno)
    os.close(fdno)

    sigid = getSigInfo(hdr)
    if sigid == None:
        return None

    return sign_key == sigid[-len(sign_key):]

def signpkgs(files):
    if not os.path.isfile('/usr/bin/gpg'):
        raise OSError, 'Missing gnupg binary'
    if not os.path.isfile('/bin/rpm'):
        raise OSError, 'Missing rpm binary'

    cmd = ['/bin/rpm', '--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
    rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
    if rc != 0:
        raise OSError, 'package signing failed'
Commit	Line	Data
7b5c7734 ER	1	#!/usr/bin/env python
	2	# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
	3
	4	import os
	5	import rpm
	6	import subprocess
	7	from config import sign_key
	8
	9	def getSigInfo(hdr):
	10	"""checks signature from an hdr hand back signature information and/or
	11	an error code"""
	12	# yum-3.2.22/rpmUtils/miscutils.py
	13
	14	string = '%\|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%\|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%\|SIGGPG?{%{SIGGPG:pgpsig}}:{%\|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}\|}\|}\|}\|'
	15	siginfo = hdr.sprintf(string)
	16	if siginfo == '(none)':
	17	return None
	18
	19	return siginfo.split(',')[2].lstrip()
	20
	21	def is_signed(rpm_file):
	22	"""Returns rpm information is package signed by the same key"""
	23	# http://code.activestate.com/recipes/306705/
	24
	25	if sign_key == None:
	26	return None
	27
	28	ts = rpm.ts()
	29	ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
	30	fdno = os.open(rpm_file, os.O_RDONLY)
	31	hdr = ts.hdrFromFdno(fdno)
	32	os.close(fdno)
	33
	34	sigid = getSigInfo(hdr)
	35	if sigid == None:
	36	return None
	37
	38	return sign_key == sigid[-len(sign_key):]
	39
	40	def signpkgs(files):
	41	if not os.path.isfile('/usr/bin/gpg'):
	42	raise OSError, 'Missing gnupg binary'
	43	if not os.path.isfile('/bin/rpm'):
	44	raise OSError, 'Missing rpm binary'
	45
	46	cmd = ['/bin/rpm', '--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
	47	rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
	48	if rc != 0:
	49	raise OSError, 'package signing failed'