- reset file perms after signing, rpm5 leaves them with 0600

[projects/pld-ftp-admin.git] / modules / sign.py

diff --git a/modules/sign.py b/modules/sign.py
index 8c1167af951e15f4637875183d1637148eb4e467..522af24699b91970b70af62a5fa5d73b0c207413 100644 (file)
--- a/modules/sign.py
+++ b/modules/sign.py
@@ -2,8 +2,9 @@
 # vi: encoding=utf-8 ts=8 sts=4 sw=4 et
 
 import os
+import sys
 import rpm
-import subprocess
+import pexpect
 from config import sign_key
 
 def getSigInfo(hdr):
@@ -15,7 +16,7 @@ def getSigInfo(hdr):
     siginfo = hdr.sprintf(string)
     if siginfo == '(none)':
         return None
-   
+
     return siginfo.split(',')[2].lstrip()
 
 def is_signed(rpm_file):
@@ -26,7 +27,6 @@ def is_signed(rpm_file):
         return None
 
     ts = rpm.ts()
-    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
     fdno = os.open(rpm_file, os.O_RDONLY)
     hdr = ts.hdrFromFdno(fdno)
     os.close(fdno)
@@ -37,13 +37,22 @@ def is_signed(rpm_file):
 
     return sign_key == sigid[-len(sign_key):]
 
-def signpkgs(files):
+def signpkgs(files, password):
     if not os.path.isfile('/usr/bin/gpg'):
         raise OSError, 'Missing gnupg binary'
     if not os.path.isfile('/bin/rpm'):
         raise OSError, 'Missing rpm binary'
 
-    cmd = ['/bin/rpm', '--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
-    rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
+    os.putenv('LC_ALL', 'C')
+    args = ['--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
+    child = pexpect.spawn('/bin/rpm', args)
+    child.logfile_read = sys.stderr
+    child.expect('Enter pass phrase:', timeout=30)
+    child.sendline(password)
+    child.expect(pexpect.EOF, timeout=None)
+    child.close()
+    rc = child.exitstatus
     if rc != 0:
         raise OSError, 'package signing failed'
+    for rpm in files:
+        os.chmod(rpm, 0644)