def _import(user=None, text=None, filename=None):
'''
salt.module.gpg.import_key is broken, so implement it here for now.
'''
ret = {'result': False, 'message': 'Unable to import key.'}
gnupg = _gpg._create_gpg(user) # pylint: disable=W0212
if not text and not filename:
raise SaltInvocationError('filename or text must be passed.')
if filename:
try:
with salt.utils.flopen(filename, 'rb') as _fp:
lines = _fp.readlines()
text = ''.join(lines)
except IOError:
raise SaltInvocationError('filename does not exist.')
imported_data = gnupg.import_keys(text)
log.debug('imported_data {0}'.format(imported_data.__dict__.keys()))
log.debug('imported_data {0}'.format(imported_data.counts))
results = imported_data.results[-1]
if results.get('fingerprint', None) and 'ok' in results:
ret['result'] = True
ret['message'] = results.get('text', imported_data.summary())
ret['stdout'] = imported_data.stderr
return ret
def verify(name, *varargs, **kwargs):
'''
Verify a message or file.
source
The filename.asc to verify.
key-content
The text to verify.
data-source
The filename data to verify.
user
Which user's keychain to access, defaults to user Salt is running as.
Passing the user as 'salt' will set the GPG home directory to
/etc/salt/gpgkeys.
CLI Example:
.. code-block:: bash
qubesctl gnupg.verify source='/path/to/important.file.asc'
qubesctl gnupg.verify <source|key-content> [key-data] [user=]
'''
base = _GPGBase('gpg.verify', **kwargs)
base.parser.add_argument('name', help='The name id of state object')
group = base.parser.add_mutually_exclusive_group()
group.add_argument(
'source',
nargs='?',
help='The filename containing the key to import'
)
group.add_argument(
'--key-contents',
'--key_contents',
nargs=1,
help='The text containing import key to import'
)
base.parser.add_argument(
'--data-source',
'--data_source',
nargs='?',
help='Source file data path to verify (source)'
)
base.parser.add_argument(
'--user',
nargs=1,
default='salt',
help="Which user's keychain to access, defaults to user Salt is \
running as. Passing the user as 'salt' will set the GPG home \
directory to /etc/salt/gpgkeys."
)
args = base.parse_args(name, *varargs, **kwargs)
gnupg = _gpg._create_gpg(args.user) # pylint: disable=W0212
status = Status()
# Key source validation
if args.source:
key_source = _get_path(args.source)
if not key_source:
status.recode = 1
status.message = 'GPG validation failed: invalid key-source {0}'.format(
key_source
)
elif args.key_contents:
key_source = args.key_contents
else:
key_source = _get_path(args.name)
# Data source validation
data_source = _get_path(args.data_source)
if not data_source:
data_source, ext = os.path.splitext(key_source) # pylint: disable=W0612
if not os.path.exists(data_source):
status.retcode = 1
message = 'GPG validation failed: invalid data-source {0}'.format(
data_source
)
base.save_status(status, message=message)
return base.status()
# GPG verify
status = Status()
data = gnupg.verify_data(key_source, _get_data(data_source))
if not data.valid:
raise CommandExecutionError(data.stderr)
status.stdout = data.stderr
base.save_status(status)
# Returns the status 'data' dictionary
return base.status()
