[Pkg-bazaar-commits] ./bzr-gtk/unstable r515: Merge patch for checking signatures.
Jelmer Vernooij
jelmer at samba.org
Fri Apr 10 07:50:37 UTC 2009
------------------------------------------------------------
revno: 515
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: trunk
timestamp: Mon 2008-06-30 00:29:03 +0200
message:
Merge patch for checking signatures.
modified:
NEWS
revisionview.py
seahorse.py
------------------------------------------------------------
revno: 511.1.1
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: trunk
timestamp: Sun 2008-06-29 21:04:44 +0200
message:
Re-enable signature showing.
modified:
revisionview.py
------------------------------------------------------------
revno: 511.1.2
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: trunk
timestamp: Sun 2008-06-29 21:07:23 +0200
message:
Return cleartext from seahorse module
modified:
revisionview.py
seahorse.py
------------------------------------------------------------
revno: 511.1.3
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: trunk
timestamp: Sun 2008-06-29 21:18:34 +0200
message:
Make sure signed testament matches repository data.
modified:
revisionview.py
-------------- next part --------------
=== modified file 'NEWS'
--- a/NEWS 2008-06-29 22:27:57 +0000
+++ b/NEWS 2008-06-29 22:29:03 +0000
@@ -18,6 +18,9 @@
* Moved notify icon code to separate script. (Jelmer Vernooij)
+ * Verify testaments when showing signatures on revisions and
+ re-enable signature display. (Jelmer Vernooij)
+
INTERNALS
* All i18n calls should now go through _i18n which must be imported from
=== modified file 'revisionview.py'
--- a/revisionview.py 2008-06-24 10:34:38 +0000
+++ b/revisionview.py 2008-06-29 19:18:34 +0000
@@ -22,9 +22,11 @@
import gobject
import webbrowser
-from bzrlib.plugins.gtk import icon_path
from bzrlib.osutils import format_date
from bzrlib.util.bencode import bdecode
+from bzrlib.testament import Testament
+
+from bzrlib.plugins.gtk import icon_path
try:
from bzrlib.plugins.gtk import seahorse
@@ -220,7 +222,17 @@
"This revision has not been signed.")
def show_signature(self, crypttext):
- key = seahorse.verify(crypttext)
+ (cleartext, key) = seahorse.verify(crypttext)
+
+ assert cleartext is not None
+
+ inv = self.repository.get_inventory(self.revision.revision_id)
+ expected_testament = Testament(self.revision, inv).as_short_text()
+ if expected_testament != cleartext:
+ self.signature_image.set_from_file(icon_path("sign-bad.png"))
+ self.signature_label.set_markup("<b>Signature does not match repository data</b>\n" +
+ "The signature plaintext is different from the expected testament plaintext.")
+ return
if key and key.is_available():
if key.is_trusted():
@@ -322,8 +334,8 @@
self._create_general()
self._create_relations()
# Disabled because testaments aren't verified yet:
- # if has_seahorse:
- # self._create_signature()
+ if has_seahorse:
+ self._create_signature()
self._create_file_info_view()
self._create_bugs()
=== modified file 'seahorse.py'
--- a/seahorse.py 2008-06-20 03:33:17 +0000
+++ b/seahorse.py 2008-06-29 19:07:23 +0000
@@ -85,7 +85,10 @@
if key not in keyset:
keyset[key] = Key(key)
- return keyset[key]
+ return (cleartext, keyset[key])
+
+ return (cleartext, None)
+
class Key:
More information about the Pkg-bazaar-commits
mailing list