]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/env python | |
2 | # vi: encoding=utf-8 ts=8 sts=4 sw=4 et | |
3 | ||
4 | import os | |
5 | import sys | |
6 | import rpm | |
7 | import pexpect | |
8 | from config import sign_key | |
9 | ||
10 | def getSigInfo(hdr): | |
11 | """checks signature from an hdr hand back signature information and/or | |
12 | an error code""" | |
13 | # yum-3.2.22/rpmUtils/miscutils.py | |
14 | ||
15 | string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|' | |
16 | siginfo = hdr.sprintf(string) | |
17 | if siginfo == '(none)': | |
18 | return None | |
19 | ||
20 | return siginfo.split(',')[2].lstrip() | |
21 | ||
22 | def is_signed(rpm_file): | |
23 | """Returns rpm information is package signed by the same key""" | |
24 | # http://code.activestate.com/recipes/306705/ | |
25 | ||
26 | if sign_key == None: | |
27 | return None | |
28 | ||
29 | ts = rpm.ts() | |
30 | ts.setVSFlags(rpm.RPMVSF_NODSAHEADER) | |
31 | fdno = os.open(rpm_file, os.O_RDONLY) | |
32 | hdr = ts.hdrFromFdno(fdno) | |
33 | os.close(fdno) | |
34 | ||
35 | sigid = getSigInfo(hdr) | |
36 | if sigid == None: | |
37 | return None | |
38 | ||
39 | return sign_key == sigid[-len(sign_key):] | |
40 | ||
41 | def signpkgs(files, password): | |
42 | if not os.path.isfile('/usr/bin/gpg'): | |
43 | raise OSError('Missing gnupg binary') | |
44 | if not os.path.isfile('/bin/rpm'): | |
45 | raise OSError('Missing rpm binary') | |
46 | ||
47 | os.putenv('LC_ALL', 'C') | |
48 | args = ['--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files | |
49 | child = pexpect.spawn('/bin/rpm', args, encoding='utf-8') | |
50 | child.logfile_read = sys.stderr | |
51 | child.expect(u'Enter pass phrase:', timeout=30) | |
52 | child.sendline(password) | |
53 | child.expect(pexpect.EOF, timeout=None) | |
54 | child.close() | |
55 | rc = child.exitstatus | |
56 | if rc != 0: | |
57 | raise OSError('package signing failed') | |
58 | for rpm in files: | |
59 | os.chmod(rpm, 0o644) |