[projects/pld-builder.new.git] / PLD_Builder / gpg.py

# vi: encoding=utf-8 ts=8 sts=4 sw=4 et

import log
import subprocess
import re
import StringIO

import util
import os
import pipeutil

def get_keys(buf):
    """Extract keys from gpg message

    """

    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    d_stdout = None
    d_stderr = None
    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
    try:
        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
    except OSError, e:
        log.error("gnupg run, does gpg binary exist? : %s" % e)
        raise

    rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
    keys = []

    for l in d_stderr.split('\n'):
        m = rx.match(l)
        if m:
            keys.append(m.group(1))

    return keys

def verify_sig(buf):
    """Check signature.

    Given email as file-like object, return (signer-emails, signed-body).
    where signer-emails is lists of strings, and signed-body is StringIO
    object.
    """

    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    d_stdout = None
    d_stderr = None
    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
    try:
        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
    except OSError, e:
        log.error("gnupg run failed, does gpg binary exist? : %s" % e)
        raise

    rx = re.compile("^gpg: (Good signature from|                aka) .*<([^>]+)>")
    emails = []
    for l in d_stderr.split('\n'):
        m = rx.match(l)
        if m:
            emails.append(m.group(2))
    if not emails:
        log.error("gnupg signature check failed: %s" % d_stderr)
    return (emails, d_stdout)

def sign(buf):
    if not os.path.isfile('/usr/bin/gpg'):
        log.error("missing gnupg binary: /usr/bin/gpg")
        raise OSError, 'Missing gnupg binary'

    d_stdout = None
    d_stderr = None
    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign']
    # TODO: check for gpg return code!
    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
    try:
        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
    except OSError, e:
        log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
        raise

    if len(d_stderr):
        log.error("gpg: %s" % d_stderr)

    return d_stdout
Commit	Line	Data
dfff8bd5 MM	1	# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
dfff8bd5 MM	2
c764c38b	3	import log
5180bf1f	4	import subprocess
f12b80ea	5	import re
94169186	6	import StringIO
f12b80ea	7
4d9b6f71	8	import util
69f57435	9	import os
3f446d8f	10	import pipeutil
4d9b6f71	11
b5e0afc4 ER	12	def get_keys(buf):
	13	"""Extract keys from gpg message
	14
	15	"""
	16
	17	if not os.path.isfile('/usr/bin/gpg'):
	18	log.error("missing gnupg binary: /usr/bin/gpg")
	19	raise OSError, 'Missing gnupg binary'
	20
5180bf1f AM	21	d_stdout = None
	22	d_stderr = None
	23	cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
	24	gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
b5e0afc4	25	try:
0c5ee9d0	26	d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
b5e0afc4	27	except OSError, e:
b5e0afc4 ER	28	log.error("gnupg run, does gpg binary exist? : %s" % e)
	29	raise
	30
	31	rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
	32	keys = []
e6376553	33
f49129cd	34	for l in d_stderr.split('\n'):
b5e0afc4 ER	35	m = rx.match(l)
	36	if m:
	37	keys.append(m.group(1))
	38
	39	return keys
	40
94169186	41	def verify_sig(buf):
dfff8bd5	42	"""Check signature.
b5e0afc4	43
dfff8bd5 MM	44	Given email as file-like object, return (signer-emails, signed-body).
	45	where signer-emails is lists of strings, and signed-body is StringIO
	46	object.
	47	"""
7af01e52	48
69f57435 ER	49	if not os.path.isfile('/usr/bin/gpg'):
	50	log.error("missing gnupg binary: /usr/bin/gpg")
	51	raise OSError, 'Missing gnupg binary'
	52
5180bf1f AM	53	d_stdout = None
	54	d_stderr = None
	55	cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
	56	gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
c764c38b	57	try:
0c5ee9d0	58	d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
cf75625b	59	except OSError, e:
b5e0afc4	60	log.error("gnupg run failed, does gpg binary exist? : %s" % e)
c764c38b AM	61	raise
c764c38b AM	62
8fe263f9	63	rx = re.compile("^gpg: (Good signature from\| aka) .*<([^>]+)>")
dfff8bd5	64	emails = []
5180bf1f	65	for l in d_stderr.split('\n'):
dfff8bd5 MM	66	m = rx.match(l)
dfff8bd5 MM	67	if m:
8fe263f9	68	emails.append(m.group(2))
49bb1bce AM	69	if not emails:
49bb1bce AM	70	log.error("gnupg signature check failed: %s" % d_stderr)
5180bf1f	71	return (emails, d_stdout)
94169186 MM	72
94169186 MM	73	def sign(buf):
69f57435 ER	74	if not os.path.isfile('/usr/bin/gpg'):
	75	log.error("missing gnupg binary: /usr/bin/gpg")
	76	raise OSError, 'Missing gnupg binary'
	77
5180bf1f AM	78	d_stdout = None
	79	d_stderr = None
	80	cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign']
cbcf9583	81	# TODO: check for gpg return code!
5180bf1f	82	gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
c764c38b	83	try:
0c5ee9d0	84	d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
cf75625b AM	85	except OSError, e:
cf75625b AM	86	log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
c764c38b AM	87	raise
c764c38b AM	88
cbcf9583 ER	89	if len(d_stderr):
	90	log.error("gpg: %s" % d_stderr)
	91
5180bf1f	92	return d_stdout