- find unsigned packages with rpm-python

Changed files:
    bin/pfa-signpkg -> 1.2

diff --git a/bin/pfa-signpkg b/bin/pfa-signpkg
index ae49101e7aa9700f69da201254fd674970c33a38..3541c897bfc8dc837ad2b15388a1476761bb6265 100644 (file)
--- a/bin/pfa-signpkg
+++ b/bin/pfa-signpkg
@@ -6,10 +6,16 @@ sys.path.insert(0, os.environ['HOME']+'/pld-ftp-admin/modules')
 import ftptree
 from common import checkdir
 import ftpio
+from config import sign_key
+import rpm
 
 if len(sys.argv) < 3:
-    print "ERR: not enough parameters given"
-    print "sign.py tree package1 [package2...]"
+    print >>sys.stderr, "ERR: not enough parameters given"
+    print >>sys.stderr, "sign.py tree package1 [package2...]"
+    sys.exit(1)
+
+if sign_key == None:
+    print >>sys.stderr, "ERR: sign_key not defined in config"
     sys.exit(1)
 
 checkdir(sys.argv[1])
@@ -20,17 +26,55 @@ if not ftpio.lock(sys.argv[1], True):
     print "ERR: %s tree already locked" % sys.argv[1]
     sys.exit(1)
 
-# TODO: implement signpkg() from:
-# http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-ftp-admin/shell/bashrc
+def getSigInfo(hdr):
+    """checks signature from an hdr hand back signature information and/or
+       an error code"""
+    # yum-3.2.22/rpmUtils/miscutils.py
+
+    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
+    siginfo = hdr.sprintf(string)
+    if siginfo == '(none)':
+        return None
+   
+    return siginfo.split(',')[2].lstrip()
+
+
+def is_signed(rpm_file, key):
+    """Returns rpm information is package signed by the same key"""
+    # http://code.activestate.com/recipes/306705/
+    ts = rpm.ts()
+    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+    fdno = os.open(rpm_file, os.O_RDONLY)
+    hdr = ts.hdrFromFdno(fdno)
+    os.close(fdno)
+
+    sigid = getSigInfo(hdr)
+    if sigid == None:
+        return None
+
+    return key == sigid[-len(key):]
 
 try:
-    tree=ftptree.FtpTree(sys.argv[1])
-#    tree.mark4removal(sys.argv[2:])
-#    tree.removepkgs()
+    tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
+    tree.mark4moving(sys.argv[2:])
+    files = tree.rpmfiles()
+
+    from pprint import pprint
+
+    print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
+    sign = []
+    for file in files:
+        if not is_signed(file, sign_key):
+            sign.append(file)
+
+    if len(sign) > 0:
+        print "Signing %d packages" % len(sign)
+    else:
+        print "No packages to sign"
+
 except ftptree.SomeError:
     # In case of problems we need to unlock the tree before exiting
     ftpio.unlock(sys.argv[1])
     sys.exit(1)
 
 ftpio.unlock(sys.argv[1])
-