def __init__(self, repos, cs, *args, **kw):
self.mirror = kw.get('mirror', False)
self.requireSigs = kw.pop('requireSigs', False)
self.callback = kw.get('callback', False)
self.addTroveSetStart(repos, cs)
ChangeSetJob.__init__(self, repos, cs, *args, **kw)
repos.troveStore.addTroveSetDone(self.callback)
def checkTroveSignatures(self, trv, callback):
assert(hasattr(callback, 'verifyTroveSignatures'))
if callback.keyCache is None:
callback.keyCache = openpgpkey.getKeyCache()
for fingerprint, timestamp, sig in trv.troveInfo.sigs.digitalSigs.iter():
try:
pubKey = callback.keyCache.getPublicKey(fingerprint)
if pubKey.isRevoked():
raise openpgpfile.IncompatibleKey('Key %s is revoked'
%pubKey.getFingerprint())
expirationTime = pubKey.getTimestamp()
if expirationTime and expirationTime < timestamp:
raise openpgpfile.IncompatibleKey('Key %s is expired'
%pubKey.getFingerprint())
except openpgpfile.KeyNotFound:
# missing keys could be okay; that depends on the threshold
# we've set. it's the callbacks problem in any case.
pass
res = ChangeSetJob.checkTroveSignatures(self, trv, callback)
if len(res[1]) and self.requireSigs:
raise openpgpfile.KeyNotFound('Repository does not recognize '
'key: %s'% res[1][0])
