def _import(user=None, text=None, filename=None): ''' salt.module.gpg.import_key is broken, so implement it here for now. ''' ret = {'result': False, 'message': 'Unable to import key.'} gnupg = _gpg._create_gpg(user) # pylint: disable=W0212 if not text and not filename: raise SaltInvocationError('filename or text must be passed.') if filename: try: with salt.utils.flopen(filename, 'rb') as _fp: lines = _fp.readlines() text = ''.join(lines) except IOError: raise SaltInvocationError('filename does not exist.') imported_data = gnupg.import_keys(text) log.debug('imported_data {0}'.format(imported_data.__dict__.keys())) log.debug('imported_data {0}'.format(imported_data.counts)) results = imported_data.results[-1] if results.get('fingerprint', None) and 'ok' in results: ret['result'] = True ret['message'] = results.get('text', imported_data.summary()) ret['stdout'] = imported_data.stderr return ret
def verify(name, *varargs, **kwargs): ''' Verify a message or file. source The filename.asc to verify. key-content The text to verify. data-source The filename data to verify. user Which user's keychain to access, defaults to user Salt is running as. Passing the user as 'salt' will set the GPG home directory to /etc/salt/gpgkeys. CLI Example: .. code-block:: bash qubesctl gnupg.verify source='/path/to/important.file.asc' qubesctl gnupg.verify <source|key-content> [key-data] [user=] ''' base = _GPGBase('gpg.verify', **kwargs) base.parser.add_argument('name', help='The name id of state object') group = base.parser.add_mutually_exclusive_group() group.add_argument( 'source', nargs='?', help='The filename containing the key to import' ) group.add_argument( '--key-contents', '--key_contents', nargs=1, help='The text containing import key to import' ) base.parser.add_argument( '--data-source', '--data_source', nargs='?', help='Source file data path to verify (source)' ) base.parser.add_argument( '--user', nargs=1, default='salt', help="Which user's keychain to access, defaults to user Salt is \ running as. Passing the user as 'salt' will set the GPG home \ directory to /etc/salt/gpgkeys." ) args = base.parse_args(name, *varargs, **kwargs) gnupg = _gpg._create_gpg(args.user) # pylint: disable=W0212 status = Status() # Key source validation if args.source: key_source = _get_path(args.source) if not key_source: status.recode = 1 status.message = 'GPG validation failed: invalid key-source {0}'.format( key_source ) elif args.key_contents: key_source = args.key_contents else: key_source = _get_path(args.name) # Data source validation data_source = _get_path(args.data_source) if not data_source: data_source, ext = os.path.splitext(key_source) # pylint: disable=W0612 if not os.path.exists(data_source): status.retcode = 1 message = 'GPG validation failed: invalid data-source {0}'.format( data_source ) base.save_status(status, message=message) return base.status() # GPG verify status = Status() data = gnupg.verify_data(key_source, _get_data(data_source)) if not data.valid: raise CommandExecutionError(data.stderr) status.stdout = data.stderr base.save_status(status) # Returns the status 'data' dictionary return base.status()