def _run_hook(self, hook):
if hook in self._config and self._config[hook] != "":
cmd = self._config[hook]
(output, stderr, ret) = run_command(cmd)
if ret == -1:
if not os.path.exists(cmd):
logger.warning(
"Error: You've set a hook (%s) to run (`%s`), "
"but it can't be found (and doesn't appear to exist)."
" Please verify the path and correct it." % (
hook,
self._config[hook]
)
)
return
sys.stdout.write(output) # XXX: Fixme
if ret != 0:
raise DputError(
"Command `%s' returned an error: %s [err=%d]" % (
self._config[hook],
stderr,
ret
)
)
def sign_file(filename, keyid=None, profile=None, name=None, email=None):
logger.debug(
"Signing file %s - signature hints are key: %s, " "name: %s, email: %s" % (filename, keyid, name, email)
)
gpg_path = "gpg"
if keyid:
identity_hint = keyid
else:
# hard to see here, but name and email is guaranteed to be set in
# write_header()
if name:
identity_hint = name
if email:
identity_hint += " <%s>" % (email)
logger.trace("GPG identity hint: %s" % (identity_hint))
(gpg_output, gpg_output_stderr, exit_status) = run_command(
[gpg_path, "--default-key", identity_hint, "--status-fd", "1", "--sign", "--armor", "--clearsign", filename]
)
if exit_status == -1:
raise DcutError("Unknown problem while making cleartext signature")
if exit_status != 0:
raise DcutError("Failed to make cleartext signature " "to commands file:\n%s" % (gpg_output_stderr))
if gpg_output.count("[GNUPG:] SIG_CREATED"):
pass
else:
raise DcutError("Failed to make cleartext signature:\n%s" % (gpg_output_stderr))
os.unlink(filename)
shutil.move("%s.asc" % (filename), filename)
def _build_fnord():
popdir = os.path.abspath(os.getcwd())
os.chdir("tests/fake_package/fake-package-1.0")
stdout, stederr, ret = run_command("dpkg-buildpackage -us -uc -S")
if os.path.exists("../fnord_1.0_source.test.upload"):
os.unlink("../fnord_1.0_source.test.upload")
os.chdir(popdir)
return os.path.abspath("tests/fake_package/fnord_1.0_source.changes")
def upload_file(self, filename, upload_filename=None):
"""
See :meth:`dput.uploader.AbstractUploader.upload_file`
"""
if not upload_filename:
upload_filename = os.path.basename(filename)
incoming = self._config['incoming']
targetfile = "%s:%s" % (self._scp_host, os.path.join(incoming,
upload_filename))
scp = self._scp_base + [filename, targetfile]
#logger.debug("run: %s" % (scp))
(_, e, x) = run_command(scp)
if x != 0:
raise ScpUploadException("Failed to upload %s to %s: %s" % (
upload_filename, targetfile, e)
)
def validate_signature(self, check_signature=True):
"""
Validate the GPG signature of a .changes file.
Throws a :class:`dput.exceptions.ChangesFileException` if there's
an issue with the GPG signature. Returns the GPG key ID.
"""
gpg_path = "gpg"
(gpg_output, gpg_output_stderr, exit_status) = run_command(
[gpg_path, "--status-fd", "1", "--verify", "--batch", self.get_changes_file()]
)
if exit_status == -1:
raise ChangesFileException("Unknown problem while verifying signature")
# contains verbose human readable GPG information
if self.is_python3:
gpg_output_stderr = str(gpg_output_stderr, encoding="utf8")
print(gpg_output_stderr)
if self.is_python3:
gpg_output = gpg_output.decode(encoding="UTF-8")
if gpg_output.count("[GNUPG:] GOODSIG"):
pass
elif gpg_output.count("[GNUPG:] BADSIG"):
raise ChangesFileException("Bad signature")
elif gpg_output.count("[GNUPG:] ERRSIG"):
raise ChangesFileException("Error verifying signature")
elif gpg_output.count("[GNUPG:] NODATA"):
raise ChangesFileException("No signature on")
else:
raise ChangesFileException("Unknown problem while verifying signature")
key = None
for line in gpg_output.split("\n"):
if line.startswith("[GNUPG:] VALIDSIG"):
key = line.split()[2]
return key
def validate(self, args):
if args.force:
return
if not os.path.exists(DM_KEYRING):
raise DmCommandError(
"To manage DM permissions, the `debian-keyring' "
"keyring package must be installed. "
"File %s does not exist" % (DM_KEYRING)
)
return
# I HATE embedded functions. But OTOH this function is not usable
# somewhere else, so...
def pretty_print_list(tuples):
fingerprints = ""
for entry in tuples:
fingerprints += "\n- %s (%s)" % entry
return fingerprints
# TODO: Validate input. Packages must exist (i.e. be not NEW)
(out, err, exit_status) = run_command([
"gpg", "--no-options",
"--no-auto-check-trustdb", "--no-default-keyring",
"--list-key", "--with-colons", "--fingerprint",
"--keyring", DM_KEYRING, args.dm
])
if exit_status != 0:
logger.warning("")
logger.warning("There was an error looking up the DM's key")
logger.warning("")
logger.warning(" dput-ng uses the DM keyring in /usr/share/keyrings/")
logger.warning(" as the keyring to pull full fingerprints from.")
logger.warning("")
logger.warning(" Please ensure your keyring is up to date:")
logger.warning("")
logger.warning(" sudo apt-get install debian-keyring")
logger.warning("")
logger.warning(" Or, if you can not get the keyring, you may use their")
logger.warning(" full fingerprint (without spaces) and pass the --force")
logger.warning(" argument in. This goes to dak directly, so try to")
logger.warning(" pay attention to formatting.")
logger.warning("")
logger.warning("")
raise DmCommandError("DM fingerprint lookup "
"for argument %s failed. "
"GnuPG returned error: %s" %
(args.dm, err))
possible_fingerprints = []
current_uid = None
next_line_contains_fpr = False
gpg_out = out.split("\n")
for line in gpg_out:
if next_line_contains_fpr:
assert(line.startswith("fpr"))
parsed_fingerprint = line.split(":")
# fpr:::::::::CACE80AE01512F9AE8AB80D61C01F443C9C93C5A:
possible_fingerprints.append((current_uid,
parsed_fingerprint[9],))
next_line_contains_fpr = False
continue
elif not line.startswith("pub"):
continue
else:
# will give a line like:
# pub:-:4096:1:7B585B30807C2A87:2011-08-18:::-:
# Paul Tagliamonte <*****@*****.**>::scESC:
# without the newline
parsed_fingerprint = line.split(":")
current_uid = parsed_fingerprint[9]
next_line_contains_fpr = True
if len(possible_fingerprints) > 1:
raise DmCommandError("DM argument `%s' is ambiguous. "
"Possible choices:\n%s" %
(args.dm,
pretty_print_list(possible_fingerprints)))
possible_fingerprints = possible_fingerprints[0]
logger.info("Picking DM %s with fingerprint %s" %
possible_fingerprints)
args.dm = possible_fingerprints[1]
