]>
Commit | Line | Data |
---|---|---|
dfff8bd5 MM |
1 | # vi: encoding=utf-8 ts=8 sts=4 sw=4 et |
2 | ||
c764c38b | 3 | import log |
5180bf1f | 4 | import subprocess |
f12b80ea | 5 | import re |
94169186 | 6 | import StringIO |
f12b80ea | 7 | |
4d9b6f71 | 8 | import util |
69f57435 | 9 | import os |
3f446d8f | 10 | import pipeutil |
4d9b6f71 | 11 | |
b5e0afc4 ER |
12 | def get_keys(buf): |
13 | """Extract keys from gpg message | |
14 | ||
15 | """ | |
16 | ||
17 | if not os.path.isfile('/usr/bin/gpg'): | |
18 | log.error("missing gnupg binary: /usr/bin/gpg") | |
19 | raise OSError, 'Missing gnupg binary' | |
20 | ||
5180bf1f AM |
21 | d_stdout = None |
22 | d_stderr = None | |
23 | cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt'] | |
24 | gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) | |
b5e0afc4 | 25 | try: |
0c5ee9d0 | 26 | d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8')) |
b5e0afc4 | 27 | except OSError, e: |
b5e0afc4 ER |
28 | log.error("gnupg run, does gpg binary exist? : %s" % e) |
29 | raise | |
30 | ||
31 | rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)") | |
32 | keys = [] | |
e6376553 | 33 | |
f49129cd | 34 | for l in d_stderr.split('\n'): |
b5e0afc4 ER |
35 | m = rx.match(l) |
36 | if m: | |
37 | keys.append(m.group(1)) | |
38 | ||
39 | return keys | |
40 | ||
94169186 | 41 | def verify_sig(buf): |
dfff8bd5 | 42 | """Check signature. |
b5e0afc4 | 43 | |
dfff8bd5 MM |
44 | Given email as file-like object, return (signer-emails, signed-body). |
45 | where signer-emails is lists of strings, and signed-body is StringIO | |
46 | object. | |
47 | """ | |
7af01e52 | 48 | |
69f57435 ER |
49 | if not os.path.isfile('/usr/bin/gpg'): |
50 | log.error("missing gnupg binary: /usr/bin/gpg") | |
51 | raise OSError, 'Missing gnupg binary' | |
52 | ||
5180bf1f AM |
53 | d_stdout = None |
54 | d_stderr = None | |
55 | cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt'] | |
56 | gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) | |
c764c38b | 57 | try: |
0c5ee9d0 | 58 | d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8')) |
cf75625b | 59 | except OSError, e: |
b5e0afc4 | 60 | log.error("gnupg run failed, does gpg binary exist? : %s" % e) |
c764c38b AM |
61 | raise |
62 | ||
8fe263f9 | 63 | rx = re.compile("^gpg: (Good signature from| aka) .*<([^>]+)>") |
dfff8bd5 | 64 | emails = [] |
5180bf1f | 65 | for l in d_stderr.split('\n'): |
dfff8bd5 MM |
66 | m = rx.match(l) |
67 | if m: | |
8fe263f9 | 68 | emails.append(m.group(2)) |
49bb1bce AM |
69 | if not emails: |
70 | log.error("gnupg signature check failed: %s" % d_stderr) | |
5180bf1f | 71 | return (emails, d_stdout) |
94169186 MM |
72 | |
73 | def sign(buf): | |
69f57435 ER |
74 | if not os.path.isfile('/usr/bin/gpg'): |
75 | log.error("missing gnupg binary: /usr/bin/gpg") | |
76 | raise OSError, 'Missing gnupg binary' | |
77 | ||
5180bf1f AM |
78 | d_stdout = None |
79 | d_stderr = None | |
80 | cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign'] | |
cbcf9583 | 81 | # TODO: check for gpg return code! |
5180bf1f | 82 | gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) |
c764c38b | 83 | try: |
0c5ee9d0 | 84 | d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8')) |
cf75625b AM |
85 | except OSError, e: |
86 | log.error("gnupg signing failed, does gpg binary exist? : %s" % e) | |
c764c38b AM |
87 | raise |
88 | ||
cbcf9583 ER |
89 | if len(d_stderr): |
90 | log.error("gpg: %s" % d_stderr) | |
91 | ||
5180bf1f | 92 | return d_stdout |