/brz/remove-bazaar

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to breezy/gpg.py

  • Committer: Jelmer Vernooij
  • Date: 2018-11-16 23:19:12 UTC
  • mfrom: (7180 work)
  • mto: This revision was merged to the branch mainline in revision 7294.
  • Revision ID: jelmer@jelmer.uk-20181116231912-e043vpq22bdkxa6q
Merge trunk.

Show diffs side-by-side

added added

removed removed

Lines of Context:
breezy/gpg.py
41
41
    text_type,
42
42
    )
43
43
 
44
 
#verification results
 
44
# verification results
45
45
SIGNATURE_VALID = 0
46
46
SIGNATURE_KEY_MISSING = 1
47
47
SIGNATURE_NOT_VALID = 2
78
78
 
79
79
 
80
80
def bulk_verify_signatures(repository, revids, strategy,
81
 
        process_events_callback=None):
 
81
                           process_events_callback=None):
82
82
    """Do verifications on a set of revisions
83
83
 
84
84
    :param repository: repository object
147
147
        """Real strategies take a configuration."""
148
148
 
149
149
    def sign(self, content, mode):
150
 
        return (b"-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content +
151
 
                b"-----END PSEUDO-SIGNED CONTENT-----\n")
 
150
        return (b"-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content
 
151
                + b"-----END PSEUDO-SIGNED CONTENT-----\n")
152
152
 
153
153
    def verify(self, signed_data, signature=None):
154
 
        plain_text = signed_data.replace(b"-----BEGIN PSEUDO-SIGNED CONTENT-----\n", b"")
155
 
        plain_text = plain_text.replace(b"-----END PSEUDO-SIGNED CONTENT-----\n", b"")
 
154
        plain_text = signed_data.replace(
 
155
            b"-----BEGIN PSEUDO-SIGNED CONTENT-----\n", b"")
 
156
        plain_text = plain_text.replace(
 
157
            b"-----END PSEUDO-SIGNED CONTENT-----\n", b"")
156
158
        return SIGNATURE_VALID, None, plain_text
157
159
 
158
160
    def set_acceptable_keys(self, command_line_input):
191
193
            self.context = gpg.Context()
192
194
            self.context.armor = True
193
195
            self.context.signers = self._get_signing_keys()
194
 
        except ImportError as error:
195
 
            pass # can't use verify()
 
196
        except ImportError:
 
197
            pass  # can't use verify()
196
198
 
197
199
    def _get_signing_keys(self):
198
200
        import gpg
206
208
        if keyname is None or keyname == 'default':
207
209
            # 'default' or not setting gpg_signing_key at all means we should
208
210
            # use the user email address
209
 
            keyname = config.extract_email_address(self._config_stack.get('email'))
 
211
            keyname = config.extract_email_address(
 
212
                self._config_stack.get('email'))
210
213
        possible_keys = self.context.keylist(keyname, secret=True)
211
214
        try:
212
215
            return [next(possible_keys)]
223
226
        try:
224
227
            import gpg  # noqa: F401
225
228
            return True
226
 
        except ImportError as error:
 
229
        except ImportError:
227
230
            return False
228
231
 
229
232
    def sign(self, content, mode):
265
268
        except gpg.errors.BadSignatures as error:
266
269
            fingerprint = error.result.signatures[0].fpr
267
270
            if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_EXPIRED:
268
 
                expires = self.context.get_key(error.result.signatures[0].fpr).subkeys[0].expires
 
271
                expires = self.context.get_key(
 
272
                    error.result.signatures[0].fpr).subkeys[0].expires
269
273
                if expires > error.result.signatures[0].timestamp:
270
274
                    # The expired key was not expired at time of signing.
271
275
                    # test_verify_expired_but_valid()
277
281
 
278
282
            # GPG does not know this key.
279
283
            # test_verify_unknown_key()
280
 
            if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_MISSING:
 
284
            if (error.result.signatures[0].summary &
 
285
                    gpg.constants.SIGSUM_KEY_MISSING):
281
286
                return SIGNATURE_KEY_MISSING, fingerprint[-8:], None
282
287
 
283
288
            return SIGNATURE_NOT_VALID, None, None
293
298
        # it.  test_verify_unacceptable_key()
294
299
        fingerprint = result.signatures[0].fpr
295
300
        if self.acceptable_keys is not None:
296
 
            if not fingerprint in self.acceptable_keys:
 
301
            if fingerprint not in self.acceptable_keys:
297
302
                return SIGNATURE_KEY_MISSING, fingerprint[-8:], plain_output
298
303
        # Yay gpg set the valid bit.
299
304
        # Can't write a test for this one as you can't set a key to be
302
307
            key = self.context.get_key(fingerprint)
303
308
            name = key.uids[0].name
304
309
            email = key.uids[0].email
305
 
            return SIGNATURE_VALID, name.decode('utf-8') + u" <" + email.decode('utf-8') + u">", plain_output
 
310
            return (
 
311
                SIGNATURE_VALID,
 
312
                name.decode('utf-8') + u" <" + email.decode('utf-8') + u">",
 
313
                plain_output)
306
314
        # Sigsum_red indicates a problem, unfortunatly I have not been able
307
315
        # to write any tests which actually set this.
308
316
        if result.signatures[0].summary & gpg.constants.SIGSUM_RED:
309
317
            return SIGNATURE_NOT_VALID, None, plain_output
310
318
        # Summary isn't set if sig is valid but key is untrusted but if user
311
319
        # has explicity set the key as acceptable we can validate it.
312
 
        if result.signatures[0].summary == 0 and self.acceptable_keys is not None:
 
320
        if (result.signatures[0].summary == 0 and
 
321
                self.acceptable_keys is not None):
313
322
            if fingerprint in self.acceptable_keys:
314
323
                # test_verify_untrusted_but_accepted()
315
324
                return SIGNATURE_VALID, None, plain_output
332
341
        acceptable_keys_config = self._config_stack.get('acceptable_keys')
333
342
        if acceptable_keys_config is not None:
334
343
            patterns = acceptable_keys_config
335
 
        if command_line_input is not None: # command line overrides config
 
344
        if command_line_input is not None:  # command line overrides config
336
345
            patterns = command_line_input.split(',')
337
346
 
338
347
        if patterns:
346
355
                    trace.mutter("Added acceptable key: " + key.subkeys[0].fpr)
347
356
                if not found_key:
348
357
                    trace.note(gettext(
349
 
                            "No GnuPG key results for pattern: {0}"
350
 
                                ).format(pattern))
 
358
                        "No GnuPG key results for pattern: {0}"
 
359
                        ).format(pattern))
351
360
 
352
361
 
353
362
def valid_commits_message(count):
354
363
    """returns message for number of commits"""
355
364
    return gettext(u"{0} commits with valid signatures").format(
356
 
                                    count[SIGNATURE_VALID])
 
365
        count[SIGNATURE_VALID])
357
366
 
358
367
 
359
368
def unknown_key_message(count):
361
370
    return ngettext(u"{0} commit with unknown key",
362
371
                    u"{0} commits with unknown keys",
363
372
                    count[SIGNATURE_KEY_MISSING]).format(
364
 
                                    count[SIGNATURE_KEY_MISSING])
 
373
        count[SIGNATURE_KEY_MISSING])
365
374
 
366
375
 
367
376
def commit_not_valid_message(count):
369
378
    return ngettext(u"{0} commit not valid",
370
379
                    u"{0} commits not valid",
371
380
                    count[SIGNATURE_NOT_VALID]).format(
372
 
                                        count[SIGNATURE_NOT_VALID])
 
381
        count[SIGNATURE_NOT_VALID])
373
382
 
374
383
 
375
384
def commit_not_signed_message(count):
377
386
    return ngettext(u"{0} commit not signed",
378
387
                    u"{0} commits not signed",
379
388
                    count[SIGNATURE_NOT_SIGNED]).format(
380
 
                                    count[SIGNATURE_NOT_SIGNED])
 
389
        count[SIGNATURE_NOT_SIGNED])
381
390
 
382
391
 
383
392
def expired_commit_message(count):
385
394
    return ngettext(u"{0} commit with key now expired",
386
395
                    u"{0} commits with key now expired",
387
396
                    count[SIGNATURE_EXPIRED]).format(
388
 
                                count[SIGNATURE_EXPIRED])
 
397
        count[SIGNATURE_EXPIRED])
389
398
 
390
399
 
391
400
def verbose_expired_key_message(result, repo):
418
427
            signers[uid] += 1
419
428
    result = []
420
429
    for uid, number in signers.items():
421
 
         result.append(ngettext(u"{0} signed {1} commit",
422
 
                                u"{0} signed {1} commits",
423
 
                                number).format(uid, number))
 
430
        result.append(ngettext(u"{0} signed {1} commit",
 
431
                               u"{0} signed {1} commits",
 
432
                               number).format(uid, number))
424
433
    return result
425
434
 
426
435