def verify(self, data, sig): """ returns of the good and bad signatures""" sigfile = datafile = None try: # create temporary files fd, sigfile = tempfile.mkstemp(prefix="hg-gpg-", suffix=".sig") fp = os.fdopen(fd, 'wb') fp.write(sig) fp.close() fd, datafile = tempfile.mkstemp(prefix="hg-gpg-", suffix=".txt") fp = os.fdopen(fd, 'wb') fp.write(data) fp.close() gpgcmd = ("%s --logger-fd 1 --status-fd 1 --verify " "\"%s\" \"%s\"" % (self.path, sigfile, datafile)) ret = util.filter("", gpgcmd) finally: for f in (sigfile, datafile): try: if f: os.unlink(f) except: pass keys = [] key, fingerprint = None, None err = "" for l in ret.splitlines(): # see DETAILS in the gnupg documentation # filter the logger output if not l.startswith("[GNUPG:]"): continue l = l[9:] if l.startswith("ERRSIG"): err = _("error while verifying signature") break elif l.startswith("VALIDSIG"): # fingerprint of the primary key fingerprint = l.split()[10] elif (l.startswith("GOODSIG") or l.startswith("EXPSIG") or l.startswith("EXPKEYSIG") or l.startswith("BADSIG")): if key is not None: keys.append(key + [fingerprint]) key = l.split(" ", 2) fingerprint = None if err: return err, [] if key is not None: keys.append(key + [fingerprint]) return err, keys
def sign(self, data): gpgcmd = "%s --sign --detach-sign%s" % (self.path, self.key) return util.filter(data, gpgcmd)