blob: 1b2da4e51225d1bf0f3cee036f4015274196f291 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/usr/bin/env python
# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
import os
import sys
import rpm
import pexpect
from config import sign_key
def getSigInfo(hdr):
"""checks signature from an hdr hand back signature information and/or
an error code"""
# yum-3.2.22/rpmUtils/miscutils.py
string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
siginfo = hdr.sprintf(string)
if siginfo == '(none)':
return None
return siginfo.split(',')[2].lstrip()
def is_signed(rpm_file):
"""Returns rpm information is package signed by the same key"""
# http://code.activestate.com/recipes/306705/
if sign_key == None:
return None
ts = rpm.ts()
ts.setVSFlags(rpm.RPMVSF_NODSAHEADER)
fdno = os.open(rpm_file, os.O_RDONLY)
hdr = ts.hdrFromFdno(fdno)
os.close(fdno)
sigid = getSigInfo(hdr)
if sigid == None:
return None
return sign_key == sigid[-len(sign_key):]
def signpkgs(files, password):
if not os.path.isfile('/usr/bin/gpg'):
raise OSError('Missing gnupg binary')
if not os.path.isfile('/bin/rpm'):
raise OSError('Missing rpm binary')
os.putenv('LC_ALL', 'C')
args = ['--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
child = pexpect.spawn('/bin/rpm', args)
child.logfile_read = sys.stderr
child.expect('Enter pass phrase:', timeout=30)
child.sendline(password)
child.expect(pexpect.EOF, timeout=None)
child.close()
rc = child.exitstatus
if rc != 0:
raise OSError('package signing failed')
for rpm in files:
os.chmod(rpm, 0o644)
|
