from common import checkdir
import ftpio
from config import sign_key
-import rpm
-import subprocess
+from sign import is_signed, signpkgs
if len(sys.argv) < 3:
print >>sys.stderr, "ERR: not enough parameters given"
print "ERR: %s tree already locked" % sys.argv[1]
sys.exit(1)
-def getSigInfo(hdr):
- """checks signature from an hdr hand back signature information and/or
- an error code"""
- # yum-3.2.22/rpmUtils/miscutils.py
-
- string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
- siginfo = hdr.sprintf(string)
- if siginfo == '(none)':
- return None
-
- return siginfo.split(',')[2].lstrip()
-
-
-def is_signed(rpm_file, key):
- """Returns rpm information is package signed by the same key"""
- # http://code.activestate.com/recipes/306705/
- ts = rpm.ts()
- ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
- fdno = os.open(rpm_file, os.O_RDONLY)
- hdr = ts.hdrFromFdno(fdno)
- os.close(fdno)
-
- sigid = getSigInfo(hdr)
- if sigid == None:
- return None
-
- return key == sigid[-len(key):]
-
-def signpkgs(files):
- if not os.path.isfile('/usr/bin/gpg'):
- raise OSError, 'Missing gnupg binary'
- if not os.path.isfile('/bin/rpm'):
- raise OSError, 'Missing rpm binary'
-
- cmd = ['/bin/rpm', '--resign']
- cmd += files
- rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
- if rc != 0:
- print >>sys.stderr, "package signing failed"
- sys.exit(rc)
-
+files = []
try:
- tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
+ tree = ftptree.FtpTree(sys.argv[1])
tree.mark4moving(sys.argv[2:])
files = tree.rpmfiles()
- print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
- sign = []
- for file in files:
- if not is_signed(file, sign_key):
- sign.append(file)
-
- if len(sign) > 0:
- print "Signing %d packages" % len(sign)
- signpkgs(sign)
- else:
- print "No packages to sign"
-
except ftptree.SomeError:
# In case of problems we need to unlock the tree before exiting
ftpio.unlock(sys.argv[1])
sys.exit(1)
ftpio.unlock(sys.argv[1])
+
+print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
+sign = []
+for file in files:
+ if not is_signed(file):
+ sign.append(file)
+
+if len(sign) == 0:
+ print "No packages to sign"
+ sys.exit(0)
+
+print "Signing %d files" % len(sign)
+signpkgs(sign)