def verify(name, *varargs, **kwargs):
'''
Verify a message or file.
source
The filename.asc to verify.
key-content
The text to verify.
data-source
The filename data to verify.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as 'salt' will set the GPG home directory to
/etc/salt/gpgkeys.
CLI Example:
.. code-block:: bash
qubesctl gnupg.verify source='/path/to/important.file.asc'
qubesctl gnupg.verify <source|key-content> [key-data] [user=]
'''
base = _GPGBase('gpg.verify', **kwargs)
base.parser.add_argument('name', help='The name id of state object')
group = base.parser.add_mutually_exclusive_group()
group.add_argument(
'source',
nargs='?',
help='The filename containing the key to import'
)
group.add_argument(
'--key-contents',
'--key_contents',
nargs=1,
help='The text containing import key to import'
)
base.parser.add_argument(
'--data-source',
'--data_source',
nargs='?',
help='Source file data path to verify (source)'
)
base.parser.add_argument(
'--user',
nargs=1,
default='salt',
help="Which user's keychain to access, defaults to user Salt is \
running as. Passing the user as 'salt' will set the GPG home \
directory to /etc/salt/gpgkeys."
)
args = base.parse_args(name, *varargs, **kwargs)
gnupg = _gpg._create_gpg(args.user) # pylint: disable=W0212
status = Status()
# Key source validation
if args.source:
key_source = _get_path(args.source)
if not key_source:
status.recode = 1
status.message = 'GPG validation failed: invalid key-source {0}'.format(
key_source
)
elif args.key_contents:
key_source = args.key_contents
else:
key_source = _get_path(args.name)
# Data source validation
data_source = _get_path(args.data_source)
if not data_source:
data_source, ext = os.path.splitext(key_source) # pylint: disable=W0612
if not os.path.exists(data_source):
status.retcode = 1
message = 'GPG validation failed: invalid data-source {0}'.format(
data_source
)
base.save_status(status, message=message)
return base.status()
# GPG verify
status = Status()
data = gnupg.verify_data(key_source, _get_data(data_source))
if not data.valid:
raise CommandExecutionError(data.stderr)
status.stdout = data.stderr
base.save_status(status)
# Returns the status 'data' dictionary
return base.status()
def import_key(*varargs, **kwargs):
'''
Import a key from text or file.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as 'salt' will set the GPG home directory to
/etc/salt/gpgkeys.
contents
The text containing import key to import.
contents-pillar
The pillar id containing import key to import.
source
The filename containing the key to import.
CLI Example:
.. code-block:: bash
qubesctl gnupg.import_key contents='-----BEGIN PGP PUBLIC KEY BLOCK-----
... -----END PGP PUBLIC KEY BLOCK-----'
qubesctl gnupg.import_key source='/path/to/public-key-file'
qubesctl gnupg.import_key contents-piller='gnupg:gpgkeys'
'''
base = _GPGBase('gpg.import_key', **kwargs)
base.parser.add_argument('name', nargs='?', help=argparse.SUPPRESS)
group = base.parser.add_mutually_exclusive_group()
group.add_argument(
'source',
nargs='?',
help='The filename containing the key to import'
)
group.add_argument(
'--contents',
nargs=1,
metavar='TEXT',
help='The text containing import key to import'
)
group.add_argument(
'--contents-pillar',
'--contents_pillar',
type=_coerce_to_string,
nargs=1,
metavar='PILLAR-ID',
help='The pillar id containing import key to import'
)
base.parser.add_argument(
'--user',
nargs=1,
default='salt',
help="Which user's keychain to access, defaults to user Salt is \
running as. Passing the user as 'salt' will set the GPG home \
directory to /etc/salt/gpgkeys."
)
args = base.parse_args(*varargs, **kwargs)
base.args.contents_pillar = _coerce_to_string(
base.args.contents_pillar
) if base.args.contents_pillar else base.args.contents_pillar
keywords = {'user': args.user, }
status = Status()
if args.source:
keywords['filename'] = _get_path(args.source)
if not keywords['filename']:
status.recode = 1
status.message = 'Invalid filename source {0}'.format(args.source)
elif args.contents:
keywords['text'] = args.contents
elif args.contents_pillar:
keywords['text'] = __pillar__.get(args.contents_pillar, None)
if not keywords['text']:
status.recode = 1
status.message = 'Invalid pillar id source {0}'.format(
args.contents_pillar
)
else:
status.recode = 1
status.message = 'Invalid options!'
if status.failed():
base.save_status(status)
if __opts__['test']:
base.save_status(message='Key will be imported')
else:
status = Status(**_import(**keywords))
base.save_status(status)
# Returns the status 'data' dictionary
return base.status()
