pld-ftp-admin: scripts/sign.py - find unsigned packages with rpm-python

Wed May 27 18:52:07 CEST 2009

Author: glen                         Date: Wed May 27 16:52:07 2009 GMT
Module: pld-ftp-admin                 Tag: HEAD
---- Log message:
- find unsigned packages with rpm-python

---- Files affected:
pld-ftp-admin/scripts:
   sign.py (1.1 -> 1.2) 

---- Diffs:

================================================================
Index: pld-ftp-admin/scripts/sign.py
diff -u pld-ftp-admin/scripts/sign.py:1.1 pld-ftp-admin/scripts/sign.py:1.2

--- pld-ftp-admin/scripts/sign.py:1.1	Tue Oct 23 08:22:00 2007
+++ pld-ftp-admin/scripts/sign.py	Wed May 27 18:52:02 2009
@@ -6,10 +6,16 @@
 import ftptree
 from common import checkdir
 import ftpio
+from config import sign_key
+import rpm
 
 if len(sys.argv) < 3:
-    print "ERR: not enough parameters given"
-    print "sign.py tree package1 [package2...]"
+    print >>sys.stderr, "ERR: not enough parameters given"
+    print >>sys.stderr, "sign.py tree package1 [package2...]"
+    sys.exit(1)
+
+if sign_key == None:
+    print >>sys.stderr, "ERR: sign_key not defined in config"
     sys.exit(1)
 
 checkdir(sys.argv[1])
@@ -20,17 +26,55 @@
     print "ERR: %s tree already locked" % sys.argv[1]
     sys.exit(1)
 
-# TODO: implement signpkg() from:
-# http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-ftp-admin/shell/bashrc
+def getSigInfo(hdr):
+    """checks signature from an hdr hand back signature information and/or
+       an error code"""
+    # yum-3.2.22/rpmUtils/miscutils.py
+
+    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
+    siginfo = hdr.sprintf(string)
+    if siginfo == '(none)':
+        return None
+   
+    return siginfo.split(',')[2].lstrip()
+
+
+def is_signed(rpm_file, key):
+    """Returns rpm information is package signed by the same key"""
+    # http://code.activestate.com/recipes/306705/
+    ts = rpm.ts()
+    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+    fdno = os.open(rpm_file, os.O_RDONLY)
+    hdr = ts.hdrFromFdno(fdno)
+    os.close(fdno)
+
+    sigid = getSigInfo(hdr)
+    if sigid == None:
+        return None
+
+    return key == sigid[-len(key):]
 
 try:
-    tree=ftptree.FtpTree(sys.argv[1])
-#    tree.mark4removal(sys.argv[2:])
-#    tree.removepkgs()
+    tree = ftptree.FtpTree(sys.argv[1]) #, loadall=True)
+    tree.mark4moving(sys.argv[2:])
+    files = tree.rpmfiles()
+
+    from pprint import pprint
+
+    print "Checking signatures of %d files from %d packages" % (len(files), len(tree.loadedpkgs))
+    sign = []
+    for file in files:
+        if not is_signed(file, sign_key):
+            sign.append(file)
+
+    if len(sign) > 0:
+        print "Signing %d packages" % len(sign)
+    else:
+        print "No packages to sign"
+
 except ftptree.SomeError:
     # In case of problems we need to unlock the tree before exiting
     ftpio.unlock(sys.argv[1])
     sys.exit(1)
 
 ftpio.unlock(sys.argv[1])
-
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-ftp-admin/scripts/sign.py?r1=1.1&r2=1.2&f=u

