2 # vi: encoding=utf-8 ts=8 sts=4 sw=4 et
5 sys.path.insert(0, os.environ['HOME']+'/pld-ftp-admin/modules')
7 from common import checkdir
9 from config import sign_key
14 print >>sys.stderr, "ERR: not enough parameters given"
15 print >>sys.stderr, "sign.py tree package1 [package2...]"
19 print >>sys.stderr, "ERR: sign_key not defined in config"
26 if not ftpio.lock(sys.argv[1], True):
27 print "ERR: %s tree already locked" % sys.argv[1]
31 """checks signature from an hdr hand back signature information and/or
33 # yum-3.2.22/rpmUtils/miscutils.py
35 string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
36 siginfo = hdr.sprintf(string)
37 if siginfo == '(none)':
40 return siginfo.split(',')[2].lstrip()
43 def is_signed(rpm_file, key):
44 """Returns rpm information is package signed by the same key"""
45 # http://code.activestate.com/recipes/306705/
47 ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
48 fdno = os.open(rpm_file, os.O_RDONLY)
49 hdr = ts.hdrFromFdno(fdno)
52 sigid = getSigInfo(hdr)
56 return key == sigid[-len(key):]
59 if not os.path.isfile('/usr/bin/gpg'):
60 raise OSError, 'Missing gnupg binary'
61 if not os.path.isfile('/bin/rpm'):
62 raise OSError, 'Missing rpm binary'
64 cmd = ['/bin/rpm', '--resign']
66 rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
68 print >>sys.stderr, "package signing failed"
72 tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
73 tree.mark4moving(sys.argv[2:])
74 files = tree.rpmfiles()
76 print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
79 if not is_signed(file, sign_key):
83 print "Signing %d packages" % len(sign)
86 print "No packages to sign"
88 except ftptree.SomeError:
89 # In case of problems we need to unlock the tree before exiting
90 ftpio.unlock(sys.argv[1])
93 ftpio.unlock(sys.argv[1])