X-Git-Url: https://git.tld-linux.org/?p=TLD.git;a=blobdiff_plain;f=pld-builder.new%2FPLD_Builder%2Fgpg.py;fp=pld-builder.new%2FPLD_Builder%2Fgpg.py;h=5c5dbecfc08853b55023abc74224358d1febb11b;hp=0000000000000000000000000000000000000000;hb=90809c8fec988489786ce00247d9a4150070748b;hpb=ab3934fab858112cd552359b18cb980ea07c310b

diff --git a/pld-builder.new/PLD_Builder/gpg.py b/pld-builder.new/PLD_Builder/gpg.py
new file mode 100644
index 0000000..5c5dbec
--- /dev/null
+++ b/pld-builder.new/PLD_Builder/gpg.py
@@ -0,0 +1,88 @@
+# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
+
+import log
+import subprocess
+import re
+import StringIO
+
+import util
+import os
+import pipeutil
+
+def get_keys(buf):
+    """Extract keys from gpg message
+
+    """
+
+    if not os.path.isfile('/usr/bin/gpg'):
+        log.error("missing gnupg binary: /usr/bin/gpg")
+        raise OSError, 'Missing gnupg binary'
+
+    d_stdout = None
+    d_stderr = None
+    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
+    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+    try:
+        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+    except OSError, e:
+        log.error("gnupg run, does gpg binary exist? : %s" % e)
+        raise
+
+    rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
+    keys = []
+
+    for l in d_stderr.split('\n'):
+        m = rx.match(l)
+        if m:
+            keys.append(m.group(1))
+
+    return keys
+
+def verify_sig(buf):
+    """Check signature.
+
+    Given email as file-like object, return (signer-emails, signed-body).
+    where signer-emails is lists of strings, and signed-body is StringIO
+    object.
+    """
+
+    if not os.path.isfile('/usr/bin/gpg'):
+        log.error("missing gnupg binary: /usr/bin/gpg")
+        raise OSError, 'Missing gnupg binary'
+
+    d_stdout = None
+    d_stderr = None
+    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
+    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+    try:
+        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+    except OSError, e:
+        log.error("gnupg run failed, does gpg binary exist? : %s" % e)
+        raise
+
+    rx = re.compile("^gpg: (Good signature from|                aka) .*<([^>]+)>")
+    emails = []
+    for l in d_stderr.split('\n'):
+        m = rx.match(l)
+        if m:
+            emails.append(m.group(2))
+    if not emails:
+        log.error("gnupg signature check failed: %s" % d_stderr)
+    return (emails, d_stdout)
+
+def sign(buf):
+    if not os.path.isfile('/usr/bin/gpg'):
+        log.error("missing gnupg binary: /usr/bin/gpg")
+        raise OSError, 'Missing gnupg binary'
+
+    d_stdout = None
+    d_stderr = None
+    cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign']
+    gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+    try:
+        d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+    except OSError, e:
+        log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
+        raise
+
+    return d_stdout