[Collab-qa-commits] r1313 - upload-history
filippo at alioth.debian.org
filippo at alioth.debian.org
Sat Oct 4 14:18:48 UTC 2008
Author: filippo
Date: 2008-10-04 14:18:48 +0000 (Sat, 04 Oct 2008)
New Revision: 1313
Modified:
upload-history/munge_ddc.py
Log:
add output and parsing of key fingerprint
Modified: upload-history/munge_ddc.py
===================================================================
--- upload-history/munge_ddc.py 2008-10-04 13:27:05 UTC (rev 1312)
+++ upload-history/munge_ddc.py 2008-10-04 14:18:48 UTC (rev 1313)
@@ -35,8 +35,10 @@
]):
""" Verify given msg with gpgv using the given (list of) keyring(s)
- Return a tuple (key, key-id) or ("N/A", "N/A") if key not available"""
+ Return a dictionary with detected fields """
+ # note: gpgv emits VALIDSIG also for expired (sub)keys and we rely on this
+ # fact to get the fingerprint anyway, gpg --verify seems to act differently
cmd = ["/usr/bin/gpgv", "--status-fd", "1"]
if os.environ.has_key("KEYRING"):
@@ -61,28 +63,30 @@
(out, err) = p.communicate("\n".join(msg))
if not out:
- return ("N/A", "N/A")
+ return {}
-# XXX parse also VALIDSIG
-# [GNUPG:] VALIDSIG BAF13B92C79DE5C486779404FE9A8DD84054AB08 2007-12-22 1198286037 0 3 0 17 2 01 6583A11F1428FCDD65FCC7B5E0CD3CDC59B2D9A0
-# last field is the fingerprint
- m = keyid_RE.search(out)
- if m:
- # see /usr/share/doc/gnupg/DETAILS.gz
- # fields with <longuid> <username> format
- if m.group(1) in ("GOOD", "EXP", "EXPKEY", "REVKEY", "BAD"):
- return (m.group(2), m.group(3))
- # ERRSIG <long keyid> <pubkey_algo> <hash_algo> <sig_class> <timestamp> <rc>
- elif m.group(1) == "ERR":
- #sys.stderr.write(repr(out) + "\n")
- return (m.group(2), "N/A")
- else:
- if out.startswith("[GNUPG:] NODATA 1"):
- return ("N/A", "N/A")
- else:
- raise ValueError, repr(out) + repr(err)
- #return ("N/A", "N/A")
+ retval = {}
+ for l in out.split('\n'):
+ if l.startswith("[GNUPG:] NODATA 1"):
+ return {}
+ # VALIDSIG <space-separated fields> fingerprint
+ if l.startswith("[GNUPG:] VALIDSIG"):
+ retval['Fingerprint'] = l.split(' ')[-1]
+
+ m = keyid_RE.search(l)
+ if m:
+ # see /usr/share/doc/gnupg/DETAILS.gz
+ # fields with <longuid> <username> format
+ if m.group(1) in ("GOOD", "EXP", "EXPKEY", "REVKEY", "BAD"):
+ retval['Key'] = m.group(2)
+ retval['Signed-By'] = m.group(3)
+ # ERRSIG <long keyid> <pubkey_algo> <hash_algo> <sig_class> <timestamp> <rc>
+ elif m.group(1) == "ERR":
+ retval['Key'] = m.group(2)
+
+ return retval
+
get_key_info = get_key_info_gpgv
def normalize_date(date):
@@ -103,7 +107,6 @@
for root, dirs, files in os.walk(dir):
keyrings.extend([os.path.join(root, x) for x in files if x.endswith(".gpg") or x.endswith(".pgp")])
- sys.stderr.write("using keyrings " + repr(keyrings))
return keyrings
# XXX factor this to work with plain .changes
@@ -139,7 +142,7 @@
c = deb822.Changes(body[i:])
required_fields = set(['Source', 'Architecture', 'Version', 'Changes'])
- output_fields = ['Source', 'Architecture', 'Version', 'Date', 'Changed-By', 'Maintainer', 'NMU', 'Closes', 'Key', 'Signed-By']
+ output_fields = ['Source', 'Architecture', 'Version', 'Date', 'Changed-By', 'Maintainer', 'NMU', 'Closes', 'Key', 'Signed-By', 'Fingerprint']
found_fields = set(c.keys())
if not required_fields.issubset(found_fields):
@@ -157,9 +160,9 @@
c['NMU'] = ((nmu_version is not None) and (nmu_changes is not None))
if os.environ.has_key("KEYRING_DIR"):
- (c['Key'], c['Signed-By']) = get_key_info(body, keyring = build_keyring_list(os.environ['KEYRING_DIR']) )
+ c.update(get_key_info(body, keyring = build_keyring_list(os.environ['KEYRING_DIR']) ))
else:
- (c['Key'], c['Signed-By']) = get_key_info(body)
+ c.update(get_key_info(body))
### Fields sanitization
More information about the Collab-qa-commits
mailing list