Exemplo n.º 1
0
def verify(filename, require_signature=True):
    with open(fixture(filename), mode='rb') as fh:
        data = fh.read()
    return SignedFile(data, [keyring], require_signature)
Exemplo n.º 2
0
def strip_pgp_signature(filename):
    with utils.open_file(filename) as f:
        data = f.read()
        signedfile = SignedFile(data, keyrings=(), require_signature=False)
        return signedfile.contents
Exemplo n.º 3
0
    def evaluate(self):
        """evaluate commands file

        @rtype:   bool
        @returns: C{True} if the file was processed sucessfully,
                  C{False} otherwise
        """
        result = True

        session = DBConn().session()

        keyrings = session.query(Keyring).filter_by(active=True).order_by(Keyring.priority)
        keyring_files = [ k.keyring_name for k in keyrings ]

        signed_file = SignedFile(self.data, keyring_files)
        if not signed_file.valid:
            self.log.log(['invalid signature', self.filename])
            return False

        self.fingerprint = session.query(Fingerprint).filter_by(fingerprint=signed_file.primary_fingerprint).one()
        if self.fingerprint.keyring is None:
            self.log.log(['singed by key in unknown keyring', self.filename])
            return False
        assert self.fingerprint.keyring.active

        self.log.log(['processing', self.filename, 'signed-by={0}'.format(self.fingerprint.fingerprint)])

        with tempfile.TemporaryFile() as fh:
            fh.write(signed_file.contents)
            fh.seek(0)
            sections = apt_pkg.TagFile(fh)

        self.uploader = None
        addresses = gpg_get_key_addresses(self.fingerprint.fingerprint)
        if len(addresses) > 0:
            self.uploader = addresses[0]

        try:
            sections.next()
            section = sections.section
            if 'Uploader' in section:
                self.uploader = section['Uploader']
            if 'Cc' in section:
                self.cc.append(section['Cc'])
            # TODO: Verify first section has valid Archive field
            if 'Archive' not in section:
                raise CommandError('No Archive field in first section.')

            # TODO: send mail when we detected a replay.
            self._check_replay(signed_file, session)

            self._evaluate_sections(sections, session)
            self.result.append('')
        except Exception as e:
            self.log.log(['ERROR', e])
            self.result.append("There was an error processing this section. No changes were committed.\nDetails:\n{0}".format(e))
            result = False

        self._notify_uploader()

        session.close()

        return result