- simple tool to verify if packages are signed

Changed files:
    bin/pfa-checksign -> 1.1

diff --git a/bin/pfa-checksign b/bin/pfa-checksign
new file mode 100644 (file)
index 0000000..14060e2
--- /dev/null
+++ b/bin/pfa-checksign
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
+
+import sys, os
+import getopt
+sys.path.insert(0, os.environ['HOME']+'/pld-ftp-admin/modules')
+import ftptree
+import getpass
+from common import checkdir
+import ftpio
+from config import sign_key
+from sign import is_signed, signpkgs
+
+try:
+    opts, args = getopt.getopt(sys.argv[1:], '')
+except getopt.GetoptError:
+    print >>sys.stderr, "ERR: options error"
+    print >>sys.stderr, "checksign.py tree package1 [package2...]"
+    sys.exit(1)
+
+if len(args) < 1:
+    print >>sys.stderr, "ERR: missing tree name"
+    print >>sys.stderr, "checksign.py tree package1 [package2...]"
+    sys.exit(1)
+
+if sign_key == None:
+    print >>sys.stderr, "ERR: sign_key not defined in config"
+    sys.exit(1)
+
+treename = args[0]
+packages = args[1:]
+
+checkdir(treename)
+
+ftpio.connect('sign')
+
+if not ftpio.lock(treename, True):
+    print >>sys.stderr, "ERR: %s tree already locked" % treename
+    sys.exit(1)
+
+files = []
+try:
+    if len(packages) < 1:
+        loadall = True
+    else:
+        loadall = False
+
+    # if no files specified, grab whole tree contents
+    tree = ftptree.FtpTree(treename, loadall = loadall)
+    if loadall:
+        # this is hack, should be a param, not access private .loadedpkgs element
+        tree.mark4moving(tree.loadedpkgs)
+    else:
+        tree.mark4moving(packages)
+
+except ftptree.SomeError:
+    # In case of problems we need to unlock the tree before exiting
+    ftpio.unlock(treename)
+    sys.exit(1)
+
+ftpio.unlock(treename)
+
+print "Checking signatures of %d packages" % len(tree.loadedpkgs)
+sign = []
+for pkg in tree.marked4moving:
+    unsigned = 0
+    for file in pkg.rpmfiles():
+        if not is_signed(file):
+            unsigned += 1
+
+    if unsigned != 0:
+        print '%s: %d files NOT signed' % (pkg.nvr, unsigned)
+    else:
+        print '%s signed' % pkg.nvr
+
+sys.exit(0)