]>
Commit | Line | Data |
---|---|---|
dfff8bd5 MM |
1 | # vi: encoding=utf-8 ts=8 sts=4 sw=4 et |
2 | ||
c764c38b | 3 | import log |
f12b80ea MM |
4 | import popen2 |
5 | import re | |
94169186 | 6 | import StringIO |
f12b80ea | 7 | |
4d9b6f71 | 8 | import util |
69f57435 | 9 | import os |
3f446d8f | 10 | import pipeutil |
4d9b6f71 | 11 | |
a88b03ea AM |
12 | def __gpg_close(descriptors): |
13 | for d in descriptors: | |
14 | if not d.closed: | |
15 | d.close() | |
16 | ||
b5e0afc4 ER |
17 | def get_keys(buf): |
18 | """Extract keys from gpg message | |
19 | ||
20 | """ | |
21 | ||
22 | if not os.path.isfile('/usr/bin/gpg'): | |
23 | log.error("missing gnupg binary: /usr/bin/gpg") | |
24 | raise OSError, 'Missing gnupg binary' | |
25 | ||
26 | gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True) | |
27 | try: | |
28 | body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild) | |
29 | except OSError, e: | |
30 | __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild]) | |
31 | gpg_run.wait() | |
32 | log.error("gnupg run, does gpg binary exist? : %s" % e) | |
33 | raise | |
34 | ||
35 | rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)") | |
36 | keys = [] | |
37 | for l in gpg_run.childerr.xreadlines(): | |
38 | m = rx.match(l) | |
39 | if m: | |
40 | keys.append(m.group(1)) | |
41 | ||
42 | return keys | |
43 | ||
94169186 | 44 | def verify_sig(buf): |
dfff8bd5 | 45 | """Check signature. |
b5e0afc4 | 46 | |
dfff8bd5 MM |
47 | Given email as file-like object, return (signer-emails, signed-body). |
48 | where signer-emails is lists of strings, and signed-body is StringIO | |
49 | object. | |
50 | """ | |
7af01e52 | 51 | |
69f57435 ER |
52 | if not os.path.isfile('/usr/bin/gpg'): |
53 | log.error("missing gnupg binary: /usr/bin/gpg") | |
54 | raise OSError, 'Missing gnupg binary' | |
55 | ||
56 | gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True) | |
c764c38b | 57 | try: |
00d62528 | 58 | body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild) |
cf75625b | 59 | except OSError, e: |
f8a94d0f | 60 | __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild]) |
00d62528 | 61 | gpg_run.wait() |
b5e0afc4 | 62 | log.error("gnupg run failed, does gpg binary exist? : %s" % e) |
c764c38b AM |
63 | raise |
64 | ||
8fe263f9 | 65 | rx = re.compile("^gpg: (Good signature from| aka) .*<([^>]+)>") |
dfff8bd5 | 66 | emails = [] |
00d62528 | 67 | for l in gpg_run.childerr.xreadlines(): |
dfff8bd5 MM |
68 | m = rx.match(l) |
69 | if m: | |
8fe263f9 | 70 | emails.append(m.group(2)) |
00d62528 AM |
71 | __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild]) |
72 | gpg_run.wait() | |
dfff8bd5 | 73 | return (emails, body) |
94169186 MM |
74 | |
75 | def sign(buf): | |
69f57435 ER |
76 | if not os.path.isfile('/usr/bin/gpg'): |
77 | log.error("missing gnupg binary: /usr/bin/gpg") | |
78 | raise OSError, 'Missing gnupg binary' | |
79 | ||
80 | gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --clearsign", True) | |
c764c38b | 81 | try: |
00d62528 | 82 | body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild) |
cf75625b | 83 | except OSError, e: |
ed9ca3e3 | 84 | __gpg_close([gpg_out, gpg_err, gpg_in]) |
00d62528 | 85 | gpg_run.wait() |
cf75625b | 86 | log.error("gnupg signing failed, does gpg binary exist? : %s" % e) |
c764c38b AM |
87 | raise |
88 | ||
00d62528 AM |
89 | __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild]) |
90 | gpg_run.wait() | |
dfff8bd5 | 91 | return body |