]>
git.ipfire.org Git - pakfire.git/blob - python/pakfire/keyring.py
2 ###############################################################################
4 # Pakfire - The IPFire package management system #
5 # Copyright (C) 2012 Pakfire development team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
28 log
= logging
.getLogger("pakfire")
30 from constants
import *
32 from system
import system
34 class Keyring(object):
35 def __init__(self
, pakfire
):
36 self
.pakfire
= pakfire
38 # Configure the environment.
39 os
.environ
["GNUPGHOME"] = self
.path
43 self
.ctx
= gpgme
.Context()
47 del os
.environ
["GNUPGHOME"]
53 def create_path(self
):
54 if os
.path
.exists(self
.path
):
55 os
.chmod(self
.path
, 700)
57 os
.makedirs(self
.path
, 700)
59 filename
= os
.path
.join(self
.path
, "gnupg.conf")
61 if os
.path
.exists(filename
):
62 os
.chmod(filename
, 600)
65 # Create a default gnupg.conf.
66 f
= open(filename
, "w")
67 f
.write("# This is a default gnupg configuration file created by\n")
68 f
.write("# Pakfire %s.\n" % PAKFIRE_VERSION
)
71 os
.chmod(filename
, 600)
73 def dump_key(self
, keyfp
):
74 key
= self
.get_key(keyfp
, secret
=False)
76 return [" " + _("Not in key store: %s") % keyfp
, ""]
82 ret
.append(" " + _("Fingerprint: %s") % keyfp
)
84 key_priv
= self
.get_key(keyfp
, secret
=True)
86 ret
.append(" " + _("Private key available!"))
89 for subkey
in key
.subkeys
:
90 ret
.append(" " + _("Subkey: %s") % subkey
.keyid
)
92 ret
.append(" %s" % _("This key has expired!"))
95 ret
.append(" %s" % _("This is a secret key."))
97 created
= datetime
.datetime
.fromtimestamp(subkey
.timestamp
)
98 ret
.append(" %s" % _("Created: %s") % created
)
100 expires
= datetime
.datetime
.fromtimestamp(subkey
.expires
)
101 ret
.append(" %s" % _("Expires: %s") % expires
)
103 ret
.append(" %s" % _("This key does not expire."))
105 if subkey
.pubkey_algo
== gpgme
.PK_RSA
:
106 ret
.append(" RSA/%s" % subkey
.length
)
114 Returns all keys that are known to the system.
116 return [k
.subkeys
[0].keyid
for k
in self
.ctx
.keylist(None, False)]
118 def get_key(self
, keyid
, secret
=False):
120 return self
.ctx
.get_key(keyid
, secret
)
121 except gpgme
.GpgmeError
:
124 def get_host_key_id(self
):
125 return self
.pakfire
.config
.get("signatures", "host_key", None)
127 def get_host_key(self
, secret
=False):
128 key_id
= self
.get_host_key_id()
131 key
= self
.get_key(key_id
, secret
=secret
)
134 def gen_key(self
, realname
, email
):
136 "realname" : realname
,
141 <GnupgKeyParms format="internal">
145 Name-Real: %(realname)s
146 Name-Email: %(email)s
151 log
.info(_("Generating new key for %(realname)s <%(email)s>...") % args
)
152 log
.info(_("This may take a while..."))
155 result
= self
.ctx
.genkey(params
)
157 # Dump the recently generated key.
158 for line
in self
.dump_key(result
.fpr
):
161 # Return the fingerprint of the generated key.
164 def import_key(self
, keyfile
):
167 f
= open(keyfile
, "rb")
168 res
= self
.ctx
.import_(f
)
171 log
.info(_("Successfully imported %s.") % keyfile
)
173 def export_key(self
, keyid
, keyfile
):
174 keydata
= io
.BytesIO()
175 self
.ctx
.export(keyid
, keydata
)
177 f
= open(keyfile
, "wb")
178 f
.write(keydata
.getvalue())
181 def delete_key(self
, keyid
):
182 key
= self
.ctx
.get_key(keyid
)
183 self
.ctx
.delete(key
, True)
188 # Search for the host key and show it.
189 host_key
= self
.get_host_key(secret
=True)
191 ret
.append(_("Host key:"))
192 ret
+= [" %s" % l
for l
in self
.dump_key(host_key
)]
194 host_key_id
= self
.get_host_key_id()
196 host_key
= self
.get_host_key(secret
=False)
198 ret
.append(_("WARNING! Host key with ID %s configured, but the secret key is missing!") \
201 ret
.append(_("WARNING! Host key with ID %s configured, but not found!") % host_key_id
)
203 ret
.append(_("No host key available or configured."))
205 # List all other keys.
206 for key
in self
.get_keys():
211 ret
+= self
.dump_key(key
)
215 def sign(self
, keyid
, cleartext
):
216 key
= self
.ctx
.get_key(keyid
, True)
217 assert key
, "Key was not found or no secret key installed."
219 self
.ctx
.signers
= [key
,]
221 cleartext
= io
.BytesIO(cleartext
)
222 signature
= io
.BytesIO()
224 self
.ctx
.sign(cleartext
, signature
, gpgme
.SIG_MODE_DETACH
)
226 return signature
.getvalue()
228 def verify(self
, signature
, cleartext
):
229 assert signature
, "Empty signature?"
231 signature
= io
.BytesIO(signature
)
232 cleartext
= io
.BytesIO(cleartext
)
235 sigs
= self
.ctx
.verify(signature
, cleartext
, None)