def get_gpg_version(self, binary):
gpg = gpginterface.GnuPG()
if binary is not None:
gpg.call = binary
res = gpg.run(["--version"], create_fhs=["stdout"])
line = res.handles["stdout"].readline().rstrip()
m = self._version_re.search(line)
if m is not None:
return (int(m.group("maj")), int(m.group("min")),
int(m.group("bug")))
raise GPGError("failed to determine gpg version of %s from %s" %
(binary, line))
def get_gpg_version(self, binary):
gnupg = gpginterface.GnuPG()
if binary is not None:
gnupg.call = binary
# user supplied options
if globals.gpg_options:
for opt in globals.gpg_options.split():
gnupg.options.extra_args.append(opt)
# get gpg version
res = gnupg.run(["--version"], create_fhs=["stdout"])
line = res.handles["stdout"].readline().rstrip()
m = self._version_re.search(line)
if m is not None:
return (int(m.group("maj")), int(m.group("min")), int(m.group("bug")))
raise GPGError("failed to determine gnupg version of %s from %s" % (binary, line))
def __init__(self, methodName=None):
self.gnupg = gpginterface.GnuPG()
unittest.TestCase.__init__(self, methodName)
def __init__(self, encrypt, encrypt_path, profile):
u"""
GPGFile initializer
If recipients is set, use public key encryption and encrypt to
the given keys. Otherwise, use symmetric encryption.
encrypt_path is the Path of the gpg encrypted file. Right now
only symmetric encryption/decryption is supported.
If passphrase is false, do not set passphrase - GPG program
should prompt for it.
"""
self.status_fp = None # used to find signature
self.closed = None # set to true after file closed
self.logger_fp = tempfile.TemporaryFile(dir=tempdir.default().dir())
self.stderr_fp = tempfile.TemporaryFile(dir=tempdir.default().dir())
self.name = encrypt_path
self.byte_count = 0
# Start GPG process - copied from GnuPGInterface docstring.
gnupg = gpginterface.GnuPG()
# overrides default gpg binary 'gpg'
if config.gpg_binary is not None:
gnupg.call = config.gpg_binary
gnupg.options.meta_interactive = 0
gnupg.options.extra_args.append(u'--no-secmem-warning')
gnupg.options.extra_args.append(u'--ignore-mdc-error')
# Support three versions of gpg present 1.x, 2.0.x, 2.1.x
if profile.gpg_version[:1] == (1, ):
if config.use_agent:
# gpg1 agent use is optional
gnupg.options.extra_args.append(u'--use-agent')
elif profile.gpg_version[:2] == (2, 0):
pass
elif profile.gpg_version[:2] >= (2, 1):
if not config.use_agent:
# This forces gpg2 to ignore the agent.
# Necessary to enforce truly non-interactive operation.
gnupg.options.extra_args.append(u'--pinentry-mode=loopback')
else:
raise GPGError(u"Unsupported GNUPG version, %s" %
profile.gpg_version)
# user supplied options
if config.gpg_options:
for opt in config.gpg_options.split():
gnupg.options.extra_args.append(opt)
cmdlist = []
if profile.sign_key:
gnupg.options.default_key = profile.sign_key
cmdlist.append(u"--sign")
# encrypt: sign key needs passphrase
# decrypt: encrypt key needs passphrase
# special case: allow different symmetric pass with empty sign pass
if encrypt and profile.sign_key and profile.signing_passphrase:
passphrase = profile.signing_passphrase
else:
passphrase = profile.passphrase
# in case the passphrase is not set, pass an empty one to prevent
# TypeError: expected a character buffer object on .write()
if passphrase is None:
passphrase = u""
if encrypt:
if profile.recipients:
gnupg.options.recipients = profile.recipients
cmdlist.append(u'--encrypt')
if profile.hidden_recipients:
gnupg.options.hidden_recipients = profile.hidden_recipients
cmdlist.append(u'--encrypt')
if not (profile.recipients or profile.hidden_recipients):
cmdlist.append(u'--symmetric')
# use integrity protection
gnupg.options.extra_args.append(u'--force-mdc')
# Skip the passphrase if using the agent
if config.use_agent:
gnupg_fhs = [
u'stdin',
]
else:
gnupg_fhs = [u'stdin', u'passphrase']
p1 = gnupg.run(cmdlist,
create_fhs=gnupg_fhs,
attach_fhs={
u'stdout': encrypt_path.open(u"wb"),
u'stderr': self.stderr_fp,
u'logger': self.logger_fp
})
if not config.use_agent:
p1.handles[u'passphrase'].write(passphrase)
p1.handles[u'passphrase'].close()
self.gpg_input = p1.handles[u'stdin']
else:
if (profile.recipients
or profile.hidden_recipients) and profile.encrypt_secring:
cmdlist.append(u'--secret-keyring')
cmdlist.append(profile.encrypt_secring)
self.status_fp = tempfile.TemporaryFile(
dir=tempdir.default().dir())
# Skip the passphrase if using the agent
if config.use_agent:
gnupg_fhs = [
u'stdout',
]
else:
gnupg_fhs = [u'stdout', u'passphrase']
p1 = gnupg.run(
[u'--decrypt'],
create_fhs=gnupg_fhs,
attach_fhs={
u'stdin': encrypt_path.open(u"rb"),
u'status': self.status_fp,
u'stderr': self.stderr_fp,
u'logger': self.logger_fp
})
if not (config.use_agent):
p1.handles[u'passphrase'].write(passphrase)
p1.handles[u'passphrase'].close()
self.gpg_output = p1.handles[u'stdout']
self.gpg_process = p1
self.encrypt = encrypt
def __init__(self, encrypt, encrypt_path, profile):
"""
GPGFile initializer
If recipients is set, use public key encryption and encrypt to
the given keys. Otherwise, use symmetric encryption.
encrypt_path is the Path of the gpg encrypted file. Right now
only symmetric encryption/decryption is supported.
If passphrase is false, do not set passphrase - GPG program
should prompt for it.
"""
self.status_fp = None # used to find signature
self.closed = None # set to true after file closed
self.logger_fp = tempfile.TemporaryFile(dir=tempdir.default().dir())
self.stderr_fp = tempfile.TemporaryFile(dir=tempdir.default().dir())
self.name = encrypt_path
self.byte_count = 0
# Start GPG process - copied from GnuPGInterface docstring.
gnupg = gpginterface.GnuPG()
gnupg.options.meta_interactive = 0
gnupg.options.extra_args.append('--no-secmem-warning')
if globals.use_agent:
gnupg.options.extra_args.append('--use-agent')
if globals.gpg_options:
for opt in globals.gpg_options.split():
gnupg.options.extra_args.append(opt)
cmdlist = []
if profile.sign_key:
gnupg.options.default_key = profile.sign_key
cmdlist.append("--sign")
# encrypt: sign key needs passphrase
# decrypt: encrypt key needs passphrase
# special case: allow different symmetric pass with empty sign pass
if encrypt and profile.sign_key and profile.signing_passphrase:
passphrase = profile.signing_passphrase
else:
passphrase = profile.passphrase
# in case the passphrase is not set, pass an empty one to prevent
# TypeError: expected a character buffer object on .write()
if passphrase is None:
passphrase = ""
if encrypt:
if profile.recipients:
gnupg.options.recipients = profile.recipients
cmdlist.append('--encrypt')
if profile.hidden_recipients:
gnupg.options.hidden_recipients = profile.hidden_recipients
cmdlist.append('--encrypt')
if not (profile.recipients or profile.hidden_recipients):
cmdlist.append('--symmetric')
# use integrity protection
gnupg.options.extra_args.append('--force-mdc')
# Skip the passphrase if using the agent
if globals.use_agent:
gnupg_fhs = [
'stdin',
]
else:
gnupg_fhs = ['stdin', 'passphrase']
p1 = gnupg.run(cmdlist,
create_fhs=gnupg_fhs,
attach_fhs={
'stdout': encrypt_path.open("wb"),
'stderr': self.stderr_fp,
'logger': self.logger_fp
})
if not (globals.use_agent):
p1.handles['passphrase'].write(passphrase)
p1.handles['passphrase'].close()
self.gpg_input = p1.handles['stdin']
else:
if (profile.recipients
or profile.hidden_recipients) and profile.encrypt_secring:
cmdlist.append('--secret-keyring')
cmdlist.append(profile.encrypt_secring)
self.status_fp = tempfile.TemporaryFile(
dir=tempdir.default().dir())
# Skip the passphrase if using the agent
if globals.use_agent:
gnupg_fhs = [
'stdout',
]
else:
gnupg_fhs = ['stdout', 'passphrase']
p1 = gnupg.run(
['--decrypt'],
create_fhs=gnupg_fhs,
attach_fhs={
'stdin': encrypt_path.open("rb"),
'status': self.status_fp,
'stderr': self.stderr_fp,
'logger': self.logger_fp
})
if not (globals.use_agent):
p1.handles['passphrase'].write(passphrase)
p1.handles['passphrase'].close()
self.gpg_output = p1.handles['stdout']
self.gpg_process = p1
self.encrypt = encrypt
