From 42c96205e1f8223372fe5890069c3f4dc8b6784c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@pld-linux.org>
Date: Wed, 27 May 2009 19:26:05 +0000
Subject: [PATCH] - use sign module

Changed files:
    bin/pfa-signpkg -> 1.4
---
 bin/pfa-signpkg | 72 +++++++++++--------------------------------------
 1 file changed, 16 insertions(+), 56 deletions(-)

diff --git a/bin/pfa-signpkg b/bin/pfa-signpkg
index da66759..5b7803b 100644
--- a/bin/pfa-signpkg
+++ b/bin/pfa-signpkg
@@ -7,8 +7,7 @@ import ftptree
 from common import checkdir
 import ftpio
 from config import sign_key
-import rpm
-import subprocess
+from sign import is_signed, signpkgs
 
 if len(sys.argv) < 3:
     print >>sys.stderr, "ERR: not enough parameters given"
@@ -27,67 +26,28 @@ if not ftpio.lock(sys.argv[1], True):
     print "ERR: %s tree already locked" % sys.argv[1]
     sys.exit(1)
 
-def getSigInfo(hdr):
-    """checks signature from an hdr hand back signature information and/or
-       an error code"""
-    # yum-3.2.22/rpmUtils/miscutils.py
-
-    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
-    siginfo = hdr.sprintf(string)
-    if siginfo == '(none)':
-        return None
-   
-    return siginfo.split(',')[2].lstrip()
-
-
-def is_signed(rpm_file, key):
-    """Returns rpm information is package signed by the same key"""
-    # http://code.activestate.com/recipes/306705/
-    ts = rpm.ts()
-    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-    fdno = os.open(rpm_file, os.O_RDONLY)
-    hdr = ts.hdrFromFdno(fdno)
-    os.close(fdno)
-
-    sigid = getSigInfo(hdr)
-    if sigid == None:
-        return None
-
-    return key == sigid[-len(key):]
-
-def signpkgs(files):
-    if not os.path.isfile('/usr/bin/gpg'):
-        raise OSError, 'Missing gnupg binary'
-    if not os.path.isfile('/bin/rpm'):
-        raise OSError, 'Missing rpm binary'
-
-    cmd = ['/bin/rpm', '--resign']
-    cmd += files
-    rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
-    if rc != 0:
-        print >>sys.stderr, "package signing failed"
-        sys.exit(rc)
-
+files = []
 try:
-    tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
+    tree = ftptree.FtpTree(sys.argv[1])
     tree.mark4moving(sys.argv[2:])
     files = tree.rpmfiles()
 
-    print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
-    sign = []
-    for file in files:
-        if not is_signed(file, sign_key):
-            sign.append(file)
-
-    if len(sign) > 0:
-        print "Signing %d packages" % len(sign)
-        signpkgs(sign)
-    else:
-        print "No packages to sign"
-
 except ftptree.SomeError:
     # In case of problems we need to unlock the tree before exiting
     ftpio.unlock(sys.argv[1])
     sys.exit(1)
 
 ftpio.unlock(sys.argv[1])
+
+print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
+sign = []
+for file in files:
+    if not is_signed(file):
+        sign.append(file)
+
+if len(sign) == 0:
+    print "No packages to sign"
+    sys.exit(0)
+
+print "Signing %d files" % len(sign)
+signpkgs(sign)
-- 
2.44.0