-def getSigInfo(hdr):
- """checks signature from an hdr hand back signature information and/or
- an error code"""
- # yum-3.2.22/rpmUtils/miscutils.py
-
- string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
- siginfo = hdr.sprintf(string)
- if siginfo == '(none)':
- return None
-
- return siginfo.split(',')[2].lstrip()
-
-
-def is_signed(rpm_file, key):
- """Returns rpm information is package signed by the same key"""
- # http://code.activestate.com/recipes/306705/
- ts = rpm.ts()
- ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
- fdno = os.open(rpm_file, os.O_RDONLY)
- hdr = ts.hdrFromFdno(fdno)
- os.close(fdno)
-
- sigid = getSigInfo(hdr)
- if sigid == None:
- return None
-
- return key == sigid[-len(key):]
-
-def signpkgs(files):
- if not os.path.isfile('/usr/bin/gpg'):
- raise OSError, 'Missing gnupg binary'
- if not os.path.isfile('/bin/rpm'):
- raise OSError, 'Missing rpm binary'
-
- cmd = ['/bin/rpm', '--resign']
- cmd += files
- rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
- if rc != 0:
- print >>sys.stderr, "package signing failed"
- sys.exit(rc)
-