def check(self, package): ''' run the check ''' verify = package.siginfo key = self._cache.key_cache.get(verify['key_id'], None) if key is None: raise LinterIssue('%s: no public key: %s', package, verify['key_id']) if key['expires']: expires = datetime.datetime.utcfromtimestamp(int(key['expires'])) if expires < datetime.datetime.now(): raise LinterIssue('%s: signing key expired (%s)', package, verify['key_id']) if not verify['valid']: if verify['key_status'] == 'signing key has expired' and verify[ 'status'] == 'signature valid': # host keyring is out of date, not an issue per se pass else: # catchall rule in case something is missing above logging.warning('%s: unknown gpg invalidity: %s', package, verify) raise LinterIssue('%s: invalid signature', package)
def check(self, pkgentry): ''' run the check ''' if not pkgentry.pkgfile: return key1 = pkgentry.pkgfile.siginfo['key_id'].upper() key2 = base64.b64decode(pkgentry.pgpsig) # quick & dirty gpg packet parser # https://tools.ietf.org/search/rfc4880 header = key2[0] assert header & 0x80 == 0x80 assert header & 0x40 == 0x00 assert header & 0x03 == 0x01 assert header & 0x1C == 0x08 version = key2[3] assert version == 0x04 hashed_len = key2[7] * 256 + key2[8] unhashed_len = key2[9 + hashed_len] * 256 + key2[10 + hashed_len] data = key2[11 + hashed_len:11 + hashed_len + unhashed_len] assert data[1] == 0x10 # issuer key2 = data[2:10].hex().upper() if key1 != key2: raise LinterIssue('%s: %s != %s', pkgentry, key1, key2)
def check(self, pkgfile): ''' run the check ''' if len(pkgfile.pkgbuilds) > 1: duplicates = [] for pkgbuild in pkgfile.pkgbuilds: duplicates.append(str(pkgbuild)) raise LinterIssue('%s (%s)', pkgfile, ','.join(duplicates))
def check(self, pkgbuild): ''' run the check ''' if not pkgbuild.valid: return unsup = {} unsup_base = set(pkgbuild.arches).difference(KNOWN_ARCHES, ['any']) if unsup_base: unsup['pkgbase'] = unsup_base for arch in pkgbuild.srcinfo: for pkgname, pkginfo in pkgbuild.srcinfo[arch].pkginfo.items(): if 'arch' not in pkginfo: continue unsup_pkg = set(pkginfo['arch']).difference( unsup_base, KNOWN_ARCHES, ['any']) if unsup_pkg: if pkgname not in unsup: unsup[pkgname] = set() unsup[pkgname] = unsup[pkgname].union(unsup_pkg) if unsup: unsup_str = '; '.join( ['%s: %s' % (p, ','.join(u)) for p, u in unsup.items()]) raise LinterIssue('%s (%s)', pkgbuild, unsup_str)
def check(self, pkgentry): ''' run the check ''' if not pkgentry.pkgfile: return pkgfile = pkgentry.pkgfile if not pkgfile.buildinfo: builddate = pkgfile.builddate.strftime("%Y-%m-%d %H:%M:%S") raise LinterIssue('%s (built %s)', pkgfile, builddate)
def check(self, pkgentry): ''' run the check ''' if pkgentry.repo.name != 'pcr': return for repo in self._cache.arch_repos.values(): if repo.pkgentries_cache.get(pkgentry.arch, []).get(pkgentry.pkgname, None): raise LinterIssue('%s (in %s)', pkgentry, repo.name)
def check(self, pkgbuild): ''' run the check ''' missing = [] for arch, info in pkgbuild.srcinfo.items(): for pkgname in info.pkginfo: if pkgname not in [ p.pkgname for p in pkgbuild.pkgfiles.get(arch, []) ]: missing.append('%s/%s' % (arch, pkgname)) if missing: raise LinterIssue('%s (%s)', pkgbuild, ','.join(missing))
def check(self, pkgbuild): ''' run the check ''' duplicate = [] for arch, info in pkgbuild.srcinfo.items(): for pkgname in info.pkginfo: pkgentries = pkgbuild.pkgentries.get(arch, []) pkgentries = [p for p in pkgentries if p.pkgname == pkgname] if len(pkgentries) > 1: duplicate.append('%s/%s: %s' % (arch, pkgname, ','.join(pkgentries))) if duplicate: raise LinterIssue('%s (%s)', pkgbuild, ','.join(duplicate))
def check(self, pkgentry): ''' run the check ''' repos = list(self._cache.repos.values()) + list( self._cache.arch_repos.values()) missing = [] for depend in pkgentry.depends: matches = _repos_contain_depends(depend, repos, pkgentry.arch) if not matches: missing.append(depend) if missing: raise LinterIssue('%s (%s)', pkgentry, ','.join(missing))
def check(self, key): ''' run the check ''' if not key['expires']: return expires = datetime.datetime.utcfromtimestamp(int(key['expires'])) time = expires.strftime("%Y-%m-%d") reason = None if expires < datetime.datetime.now(): reason = 'expired %s' % time elif expires <= datetime.datetime.now() + datetime.timedelta(days=90): reason = 'expires %s' % time if reason is not None: raise LinterIssue('%s: %s', key['keyid'], reason)
def check(self, pkgentry): ''' run the check ''' if not pkgentry.pkgfile: return pkgfile = pkgentry.pkgfile if not pkgfile.buildinfo: return if not pkgentry.pkgbuilds: return pkgbuild = pkgentry.pkgbuilds[0] with open(pkgbuild.path, 'rb') as infile: pkgbuild_sha = hashlib.sha256(infile.read()).hexdigest() if pkgfile.buildinfo['pkgbuild_sha256sum'] != pkgbuild_sha: builddate = pkgfile.builddate.strftime("%Y-%m-%d %H:%M:%S") raise LinterIssue('%s (built %s)', pkgfile, builddate)
def check(self, key): ''' run the check ''' if not key['packages']: return if not key['expires']: return expires = datetime.datetime.utcfromtimestamp(int(key['expires'])) time = expires.strftime("%Y-%m-%d") reason = None if expires < datetime.datetime.now(): reason = 'expired %s' % time elif expires <= datetime.datetime.now() + datetime.timedelta(days=90): reason = 'expires %s' % time if reason is not None: if 'master_key' in key: reason += ' (subkey of %s)' % key['master_key'] raise LinterIssue('%s: %s (signed %i)', key['keyid'], reason, len(key['packages']))
def check(self, pkgfile): ''' run the check ''' if len(pkgfile.pkgentries) > 1: raise LinterIssue('%s (%s)', pkgfile, ','.join(pkgfile.pkgentries))
def check(self, pkgfile): ''' run the check ''' if not pkgfile.pkgentries: builddate = pkgfile.builddate.strftime("%Y-%m-%d %H:%M:%S") raise LinterIssue('%s (built %s)', pkgfile, builddate)
def check(self, pkgentry): ''' run the check ''' if not pkgentry.pkgfile: raise LinterIssue('%s', pkgentry)
def check(self, pkgbuild): ''' run the check ''' if not pkgbuild.valid: raise LinterIssue('%s', pkgbuild)