pld-ftp-admin: modules/sign.py (NEW) - add as module

glen glen at pld-linux.org
Wed May 27 21:23:55 CEST 2009 

Author: glen                         Date: Wed May 27 19:23:52 2009 GMT
Module: pld-ftp-admin                 Tag: HEAD
---- Log message:
- add as module

---- Files affected:
pld-ftp-admin/modules:
   sign.py (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: pld-ftp-admin/modules/sign.py
diff -u /dev/null pld-ftp-admin/modules/sign.py:1.1
--- /dev/null	Wed May 27 21:23:52 2009
+++ pld-ftp-admin/modules/sign.py	Wed May 27 21:23:46 2009
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
+
+import os
+import rpm
+import subprocess
+from config import sign_key
+
+def getSigInfo(hdr):
+    """checks signature from an hdr hand back signature information and/or
+       an error code"""
+    # yum-3.2.22/rpmUtils/miscutils.py
+
+    string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
+    siginfo = hdr.sprintf(string)
+    if siginfo == '(none)':
+        return None
+   
+    return siginfo.split(',')[2].lstrip()
+
+def is_signed(rpm_file):
+    """Returns rpm information is package signed by the same key"""
+    # http://code.activestate.com/recipes/306705/
+
+    if sign_key == None:
+        return None
+
+    ts = rpm.ts()
+    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+    fdno = os.open(rpm_file, os.O_RDONLY)
+    hdr = ts.hdrFromFdno(fdno)
+    os.close(fdno)
+
+    sigid = getSigInfo(hdr)
+    if sigid == None:
+        return None
+
+    return sign_key == sigid[-len(sign_key):]
+
+def signpkgs(files):
+    if not os.path.isfile('/usr/bin/gpg'):
+        raise OSError, 'Missing gnupg binary'
+    if not os.path.isfile('/bin/rpm'):
+        raise OSError, 'Missing rpm binary'
+
+    cmd = ['/bin/rpm', '--resign', '--define', '_signature gpg', '--define', '_gpg_name ' + sign_key] + files
+    rc = subprocess.call(cmd, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, close_fds = True)
+    if rc != 0:
+        raise OSError, 'package signing failed'
================================================================

More information about the pld-cvs-commit mailing list