[projects/pld-builder.new.git] / PLD_Builder / gpg.py

# vi: encoding=utf-8 ts=8 sts=4 sw=4 et

import log
import popen2
import re
import StringIO

import util
import os
import pipeutil

def __gpg_close(descriptors):
    for d in descriptors:
        if not d.closed:
            d.close()

def get_keys(buf):
    """Extract keys from gpg message

    """

    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True)
    try:
        body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
    except OSError, e:
        __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
        gpg_run.wait()
        log.error("gnupg run, does gpg binary exist? : %s" % e)
        raise

    rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
    keys = []
    for l in gpg_run.childerr.xreadlines():
        m = rx.match(l)
        if m:
            keys.append(m.group(1))

    return keys

def verify_sig(buf):
    """Check signature.

    Given email as file-like object, return (signer-emails, signed-body).
    where signer-emails is lists of strings, and signed-body is StringIO
    object.
    """

    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True)
    try:
        body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
    except OSError, e:
        __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
        gpg_run.wait()
        log.error("gnupg run failed, does gpg binary exist? : %s" % e)
        raise

    rx = re.compile("^gpg: (Good signature from|                aka) .*<([^>]+)>")
    emails = []
    for l in gpg_run.childerr.xreadlines():
        m = rx.match(l)
        if m:
            emails.append(m.group(2))
    __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
    gpg_run.wait()
    return (emails, body)

def sign(buf):
    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    gpg_run  = popen2.Popen3("/usr/bin/gpg --batch --no-tty --clearsign", True)
    try:
        body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
    except OSError, e:
        __gpg_close([gpg_out, gpg_err, gpg_in])
        gpg_run.wait()
        log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
        raise

    __gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
    gpg_run.wait()
    return body
Commit	Line	Data
dfff8bd5 MM	1	# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
dfff8bd5 MM	2
c764c38b	3	import log
f12b80ea MM	4	import popen2
f12b80ea MM	5	import re
94169186	6	import StringIO
f12b80ea	7
4d9b6f71	8	import util
69f57435	9	import os
3f446d8f	10	import pipeutil
4d9b6f71	11
a88b03ea AM	12	def __gpg_close(descriptors):
	13	for d in descriptors:
	14	if not d.closed:
	15	d.close()
	16
b5e0afc4 ER	17	def get_keys(buf):
	18	"""Extract keys from gpg message
	19
	20	"""
	21
	22	if not os.path.isfile('/usr/bin/gpg'):
	23	log.error("missing gnupg binary: /usr/bin/gpg")
	24	raise OSError, 'Missing gnupg binary'
	25
	26	gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True)
	27	try:
	28	body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
	29	except OSError, e:
	30	__gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
	31	gpg_run.wait()
	32	log.error("gnupg run, does gpg binary exist? : %s" % e)
	33	raise
	34
	35	rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
	36	keys = []
	37	for l in gpg_run.childerr.xreadlines():
	38	m = rx.match(l)
	39	if m:
	40	keys.append(m.group(1))
	41
	42	return keys
	43
94169186	44	def verify_sig(buf):
dfff8bd5	45	"""Check signature.
b5e0afc4	46
dfff8bd5 MM	47	Given email as file-like object, return (signer-emails, signed-body).
	48	where signer-emails is lists of strings, and signed-body is StringIO
	49	object.
	50	"""
7af01e52	51
69f57435 ER	52	if not os.path.isfile('/usr/bin/gpg'):
	53	log.error("missing gnupg binary: /usr/bin/gpg")
	54	raise OSError, 'Missing gnupg binary'
	55
	56	gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --decrypt", True)
c764c38b	57	try:
00d62528	58	body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
cf75625b	59	except OSError, e:
f8a94d0f	60	__gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
00d62528	61	gpg_run.wait()
b5e0afc4	62	log.error("gnupg run failed, does gpg binary exist? : %s" % e)
c764c38b AM	63	raise
c764c38b AM	64
8fe263f9	65	rx = re.compile("^gpg: (Good signature from\| aka) .*<([^>]+)>")
dfff8bd5	66	emails = []
00d62528	67	for l in gpg_run.childerr.xreadlines():
dfff8bd5 MM	68	m = rx.match(l)
dfff8bd5 MM	69	if m:
8fe263f9	70	emails.append(m.group(2))
00d62528 AM	71	__gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
00d62528 AM	72	gpg_run.wait()
dfff8bd5	73	return (emails, body)
94169186 MM	74
94169186 MM	75	def sign(buf):
69f57435 ER	76	if not os.path.isfile('/usr/bin/gpg'):
	77	log.error("missing gnupg binary: /usr/bin/gpg")
	78	raise OSError, 'Missing gnupg binary'
	79
	80	gpg_run = popen2.Popen3("/usr/bin/gpg --batch --no-tty --clearsign", True)
c764c38b	81	try:
00d62528	82	body = pipeutil.rw_pipe(buf, gpg_run.tochild, gpg_run.fromchild)
cf75625b	83	except OSError, e:
ed9ca3e3	84	__gpg_close([gpg_out, gpg_err, gpg_in])
00d62528	85	gpg_run.wait()
cf75625b	86	log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
c764c38b AM	87	raise
c764c38b AM	88
00d62528 AM	89	__gpg_close([gpg_run.fromchild, gpg_run.childerr, gpg_run.tochild])
00d62528 AM	90	gpg_run.wait()
dfff8bd5	91	return body