def __init__(self, repos, cs, *args, **kw): self.mirror = kw.get('mirror', False) self.requireSigs = kw.pop('requireSigs', False) self.callback = kw.get('callback', False) self.addTroveSetStart(repos, cs) ChangeSetJob.__init__(self, repos, cs, *args, **kw) repos.troveStore.addTroveSetDone(self.callback)
def checkTroveSignatures(self, trv, callback): assert(hasattr(callback, 'verifyTroveSignatures')) if callback.keyCache is None: callback.keyCache = openpgpkey.getKeyCache() for fingerprint, timestamp, sig in trv.troveInfo.sigs.digitalSigs.iter(): try: pubKey = callback.keyCache.getPublicKey(fingerprint) if pubKey.isRevoked(): raise openpgpfile.IncompatibleKey('Key %s is revoked' %pubKey.getFingerprint()) expirationTime = pubKey.getTimestamp() if expirationTime and expirationTime < timestamp: raise openpgpfile.IncompatibleKey('Key %s is expired' %pubKey.getFingerprint()) except openpgpfile.KeyNotFound: # missing keys could be okay; that depends on the threshold # we've set. it's the callbacks problem in any case. pass res = ChangeSetJob.checkTroveSignatures(self, trv, callback) if len(res[1]) and self.requireSigs: raise openpgpfile.KeyNotFound('Repository does not recognize ' 'key: %s'% res[1][0])