|
Packit Service |
21c75c |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
21c75c |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
21c75c |
# the Free Software Foundation; either version 2 of the License, or
|
|
Packit Service |
21c75c |
# (at your option) any later version.
|
|
Packit Service |
21c75c |
#
|
|
Packit Service |
21c75c |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
21c75c |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
21c75c |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
21c75c |
# GNU Library General Public License for more details.
|
|
Packit Service |
21c75c |
#
|
|
Packit Service |
21c75c |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
21c75c |
# along with this program; if not, write to the Free Software
|
|
Packit Service |
21c75c |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
Packit Service |
21c75c |
# Copyright 2003 Duke University
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
from __future__ import print_function, absolute_import
|
|
Packit Service |
21c75c |
from __future__ import unicode_literals
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
import rpm
|
|
Packit Service |
21c75c |
import os
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
from dnf.i18n import ucd
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
def checkSig(ts, package):
|
|
Packit Service |
21c75c |
"""Takes a transaction set and a package, check it's sigs,
|
|
Packit Service |
21c75c |
return 0 if they are all fine
|
|
Packit Service |
21c75c |
return 1 if the gpg key can't be found
|
|
Packit Service |
21c75c |
return 2 if the header is in someway damaged
|
|
Packit Service |
21c75c |
return 3 if the key is not trusted
|
|
Packit Service |
21c75c |
return 4 if the pkg is not gpg or pgp signed"""
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
value = 0
|
|
Packit Service |
21c75c |
currentflags = ts.setVSFlags(0)
|
|
Packit Service |
21c75c |
fdno = os.open(package, os.O_RDONLY)
|
|
Packit Service |
21c75c |
try:
|
|
Packit Service |
21c75c |
hdr = ts.hdrFromFdno(fdno)
|
|
Packit Service |
21c75c |
except rpm.error as e:
|
|
Packit Service |
21c75c |
if str(e) == "public key not available":
|
|
Packit Service |
21c75c |
value = 1
|
|
Packit Service |
21c75c |
if str(e) == "public key not trusted":
|
|
Packit Service |
21c75c |
value = 3
|
|
Packit Service |
21c75c |
if str(e) == "error reading package header":
|
|
Packit Service |
21c75c |
value = 2
|
|
Packit Service |
21c75c |
else:
|
|
Packit Service |
21c75c |
# checks signature from an hdr
|
|
Packit Service |
21c75c |
string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:' \
|
|
Packit Service |
21c75c |
'{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
|
|
Packit Service |
21c75c |
try:
|
|
Packit Service |
21c75c |
siginfo = hdr.sprintf(string)
|
|
Packit Service |
21c75c |
siginfo = ucd(siginfo)
|
|
Packit Service |
21c75c |
if siginfo == '(none)':
|
|
Packit Service |
21c75c |
value = 4
|
|
Packit Service |
21c75c |
except UnicodeDecodeError:
|
|
Packit Service |
21c75c |
pass
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
del hdr
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
try:
|
|
Packit Service |
21c75c |
os.close(fdno)
|
|
Packit Service |
21c75c |
except OSError as e: # if we're not opened, don't scream about it
|
|
Packit Service |
21c75c |
pass
|
|
Packit Service |
21c75c |
|
|
Packit Service |
21c75c |
ts.setVSFlags(currentflags) # put things back like they were before
|
|
Packit Service |
21c75c |
return value
|