+++ /dev/null
-# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
-
-import log
-import subprocess
-import re
-import StringIO
-
-import util
-import os
-import pipeutil
-
-def get_keys(buf):
- """Extract keys from gpg message
-
- """
-
- if not os.path.isfile('/usr/bin/gpg'):
- log.error("missing gnupg binary: /usr/bin/gpg")
- raise OSError, 'Missing gnupg binary'
-
- d_stdout = None
- d_stderr = None
- cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
- gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
- try:
- d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
- except OSError, e:
- log.error("gnupg run, does gpg binary exist? : %s" % e)
- raise
-
- rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
- keys = []
-
- for l in d_stderr.split('\n'):
- m = rx.match(l)
- if m:
- keys.append(m.group(1))
-
- return keys
-
-def verify_sig(buf):
- """Check signature.
-
- Given email as file-like object, return (signer-emails, signed-body).
- where signer-emails is lists of strings, and signed-body is StringIO
- object.
- """
-
- if not os.path.isfile('/usr/bin/gpg'):
- log.error("missing gnupg binary: /usr/bin/gpg")
- raise OSError, 'Missing gnupg binary'
-
- d_stdout = None
- d_stderr = None
- cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
- gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
- try:
- d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
- except OSError, e:
- log.error("gnupg run failed, does gpg binary exist? : %s" % e)
- raise
-
- rx = re.compile("^gpg: (Good signature from| aka) .*<([^>]+)>")
- emails = []
- for l in d_stderr.split('\n'):
- m = rx.match(l)
- if m:
- emails.append(m.group(2))
- if not emails:
- log.error("gnupg signature check failed: %s" % d_stderr)
- return (emails, d_stdout)
-
-def sign(buf):
- if not os.path.isfile('/usr/bin/gpg'):
- log.error("missing gnupg binary: /usr/bin/gpg")
- raise OSError, 'Missing gnupg binary'
-
- d_stdout = None
- d_stderr = None
- cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign']
- gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
- try:
- d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
- except OSError, e:
- log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
- raise
-
- return d_stdout