]>
Commit | Line | Data |
---|---|---|
7b5c7734 ER |
1 | #!/usr/bin/env python |
2 | # vi: encoding=utf-8 ts=8 sts=4 sw=4 et | |
3 | ||
4 | import os | |
5 | import rpm | |
6 | import subprocess | |
7 | from config import sign_key | |
8 | ||
9 | def getSigInfo(hdr): | |
10 | """checks signature from an hdr hand back signature information and/or | |
11 | an error code""" | |
12 | # yum-3.2.22/rpmUtils/miscutils.py | |
13 | ||
14 | string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|' | |
15 | siginfo = hdr.sprintf(string) | |
16 | if siginfo == '(none)': | |
17 | return None | |
18 | ||
19 | return siginfo.split(',')[2].lstrip() | |
20 | ||
21 | def is_signed(rpm_file): | |
22 | """Returns rpm information is package signed by the same key""" | |
23 | # http://code.activestate.com/recipes/306705/ | |
24 | ||
25 | if sign_key == None: | |
26 | return None | |
27 | ||
28 | ts = rpm.ts() | |
29 | ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | |
30 | fdno = os.open(rpm_file, os.O_RDONLY) | |
31 | hdr = ts.hdrFromFdno(fdno) | |
32 | os.close(fdno) | |
33 | ||
34 | sigid = getSigInfo(hdr) | |
35 | if sigid == None: | |
36 | return None | |
37 | ||
38 | return sign_key == sigid[-len(sign_key):] | |
39 | ||
40 | def signpkgs(files): | |
41 | if not os.path.isfile('/usr/bin/gpg'): | |
42 | raise OSError, 'Missing gnupg binary' | |
43 | if not os.path.isfile('/bin/rpm'): | |
44 | raise OSError, 'Missing rpm binary' | |
45 | ||
46 | cmd = ['/bin/rpm', '--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files | |
47 | rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True) | |
48 | if rc != 0: | |
49 | raise OSError, 'package signing failed' |