import ftptree
from common import checkdir
import ftpio
+from config import sign_key
+import rpm
if len(sys.argv) < 3:
- print "ERR: not enough parameters given"
- print "sign.py tree package1 [package2...]"
+ print >>sys.stderr, "ERR: not enough parameters given"
+ print >>sys.stderr, "sign.py tree package1 [package2...]"
+ sys.exit(1)
+
+if sign_key == None:
+ print >>sys.stderr, "ERR: sign_key not defined in config"
sys.exit(1)
checkdir(sys.argv[1])
print "ERR: %s tree already locked" % sys.argv[1]
sys.exit(1)
-# TODO: implement signpkg() from:
-# http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-ftp-admin/shell/bashrc
+def getSigInfo(hdr):
+ """checks signature from an hdr hand back signature information and/or
+ an error code"""
+ # yum-3.2.22/rpmUtils/miscutils.py
+
+ string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
+ siginfo = hdr.sprintf(string)
+ if siginfo == '(none)':
+ return None
+
+ return siginfo.split(',')[2].lstrip()
+
+
+def is_signed(rpm_file, key):
+ """Returns rpm information is package signed by the same key"""
+ # http://code.activestate.com/recipes/306705/
+ ts = rpm.ts()
+ ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+ fdno = os.open(rpm_file, os.O_RDONLY)
+ hdr = ts.hdrFromFdno(fdno)
+ os.close(fdno)
+
+ sigid = getSigInfo(hdr)
+ if sigid == None:
+ return None
+
+ return key == sigid[-len(key):]
try:
- tree=ftptree.FtpTree(sys.argv[1])
-# tree.mark4removal(sys.argv[2:])
-# tree.removepkgs()
+ tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
+ tree.mark4moving(sys.argv[2:])
+ files = tree.rpmfiles()
+
+ from pprint import pprint
+
+ print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
+ sign = []
+ for file in files:
+ if not is_signed(file, sign_key):
+ sign.append(file)
+
+ if len(sign) > 0:
+ print "Signing %d packages" % len(sign)
+ else:
+ print "No packages to sign"
+
except ftptree.SomeError:
# In case of problems we need to unlock the tree before exiting
ftpio.unlock(sys.argv[1])
sys.exit(1)
ftpio.unlock(sys.argv[1])
-