[Pkg-privacy-commits] [torbrowser-launcher] 85/476: removed bash script for verifying, and started checking gnupg exit codes instead of output. finished #3.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 13:21:25 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository torbrowser-launcher.
commit 5ba77c1483be31b82b00b782885412e70070a431
Author: Micah Lee <micahflee at riseup.net>
Date: Sat Mar 2 23:34:38 2013 -0800
removed bash script for verifying, and started checking gnupg exit codes instead of output. finished #3.
---
gnupg_homedir/pubring.gpg | Bin 0 -> 65576 bytes
gnupg_homedir/pubring.gpg~ | Bin 0 -> 65576 bytes
gnupg_homedir/secring.gpg | 0
gnupg_homedir/trustdb.gpg | Bin 0 -> 1200 bytes
keys/README | 3 --
setup.py | 2 +-
torbrowser-launcher | 52 +++++++++++++++++++++++-----------
keys/torproject.pem => torproject.pem | 0
verify.sh | 17 -----------
9 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/gnupg_homedir/pubring.gpg b/gnupg_homedir/pubring.gpg
new file mode 100644
index 0000000..a68174c
Binary files /dev/null and b/gnupg_homedir/pubring.gpg differ
diff --git a/gnupg_homedir/pubring.gpg~ b/gnupg_homedir/pubring.gpg~
new file mode 100644
index 0000000..87fd67d
Binary files /dev/null and b/gnupg_homedir/pubring.gpg~ differ
diff --git a/gnupg_homedir/secring.gpg b/gnupg_homedir/secring.gpg
new file mode 100644
index 0000000..e69de29
diff --git a/gnupg_homedir/trustdb.gpg b/gnupg_homedir/trustdb.gpg
new file mode 100644
index 0000000..f344359
Binary files /dev/null and b/gnupg_homedir/trustdb.gpg differ
diff --git a/keys/README b/keys/README
index bb5ecdf..2f2777c 100644
--- a/keys/README
+++ b/keys/README
@@ -4,6 +4,3 @@ Please visit the Tor web page about verifying signatures:
All of the keys in this directory are believed to be verified for
releasing and signing the TBB releases.
-
-torproject.pem is the https://www.torproject.org cert used for
-certificate pinning.
diff --git a/setup.py b/setup.py
index 0caee77..7cbcf37 100644
--- a/setup.py
+++ b/setup.py
@@ -20,5 +20,5 @@ Tor Browser Launcher will get updated each time a new version of TBB is released
scripts=['torbrowser-launcher'],
data_files=[('/usr/share/applications', ['torbrowser.desktop']),
('/usr/share/pixmaps', ['img/torbrowser32.xpm', 'img/torbrowser80.xpm']),
- ('/usr/share/torbrowser-launcher', ['keys/erinn.asc', 'keys/sebastian.asc', 'keys/torproject.pem', 'verify.sh'])]
+ ('/usr/share/torbrowser-launcher', ['keys/erinn.asc', 'keys/sebastian.asc', 'torproject.pem'])]
)
diff --git a/torbrowser-launcher b/torbrowser-launcher
index 2cf264c..53dcf4a 100755
--- a/torbrowser-launcher
+++ b/torbrowser-launcher
@@ -40,6 +40,7 @@ class TorBrowserLauncher:
self.build_paths()
self.mkdir(self.paths['dir']['download'])
self.mkdir(self.paths['dir']['tbb'])
+ self.init_gnupg()
# allow buttons to have icons
try:
@@ -85,7 +86,6 @@ class TorBrowserLauncher:
# build the rest of the UI
self.build_ui()
- reactor.run()
# download or run TBB
def start_launcher(self):
@@ -179,15 +179,16 @@ class TorBrowserLauncher:
'data': tbb_data,
'download': tbb_data+'/download',
'tbb': tbb_data+'/tbb/'+self.architecture,
- 'gpg': tbb_data+'/gpgtmp'
+ 'gnupg_homedir': tbb_data+'/gnupg_homedir'
},
'file': {
'settings': tbb_data+'/settings',
'version': tbb_data+'/version',
'start': tbb_data+'/tbb/'+self.architecture+'/tor-browser_'+self.language+'/start-tor-browser',
'update_check': tbb_data+'/download/RecommendedTBBVersions',
- 'verify': '/usr/share/torbrowser-launcher/verify.sh',
- 'torproject_pem': '/usr/share/torbrowser-launcher/torproject.pem'
+ 'torproject_pem': '/usr/share/torbrowser-launcher/torproject.pem',
+ 'erinn_key': '/usr/share/torbrowser-launcher/erinn.asc',
+ 'sebastian_key': '/usr/share/torbrowser-launcher/sebastian.asc'
},
'url': {
'update_check': 'https://check.torproject.org/RecommendedTBBVersions'
@@ -200,10 +201,27 @@ class TorBrowserLauncher:
try:
if os.path.exists(path) == False:
os.makedirs(path, 0700)
+ return True
except:
self.set_gui('error', "Cannot create directory %s" % path, [], False)
+ return False
if not os.access(path, os.W_OK):
self.set_gui('error', "%s is not writable" % path, [], False)
+ return False
+ return True
+
+ # if gnupg_homedir isn't set up, set it up
+ def init_gnupg(self):
+ if not os.path.exists(self.paths['dir']['gnupg_homedir']):
+ print 'Creating GnuPG homedir', self.paths['dir']['gnupg_homedir']
+ if self.mkdir(self.paths['dir']['gnupg_homedir']):
+ # import keys
+ print 'Importing keys'
+ p1 = subprocess.Popen(['/usr/bin/gpg', '--homedir', self.paths['dir']['gnupg_homedir'], '--import', self.paths['file']['erinn_key']])
+ p2 = subprocess.Popen(['/usr/bin/gpg', '--homedir', self.paths['dir']['gnupg_homedir'], '--import', self.paths['file']['sebastian_key']])
+ # wait for keys to import before moving on
+ p1.wait()
+ p2.wait()
# there are different GUIs that might appear, this sets which one we want
def set_gui(self, gui, message, tasks, autostart=True):
@@ -293,7 +311,7 @@ class TorBrowserLauncher:
self.window.show()
if self.gui_autostart:
- self.start(None)
+ self.start(None)
# start button clicked, begin tasks
def start(self, widget, data=None):
@@ -410,6 +428,9 @@ class TorBrowserLauncher:
self.file_download = open(path, 'w')
d.addCallback(self.response_received).addErrback(self.download_error)
+
+ if not reactor.running:
+ reactor.run()
def attempt_update(self):
# load the update check file
@@ -447,20 +468,18 @@ class TorBrowserLauncher:
self.progressbar.set_text('Verifying Signature')
self.progressbar.show()
- p = subprocess.Popen([self.paths['file']['verify'], self.paths['dir']['gpg'], self.paths['file']['tarball_sig']], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ p = subprocess.Popen(['/usr/bin/gpg', '--homedir', self.paths['dir']['gnupg_homedir'], '--verify', self.paths['file']['tarball_sig']])
self.pulse_until_process_exits(p)
-
- output = p.stdout.read()
- if 'Good signature' in output:
+ if p.returncode == 0:
self.run_task()
else:
- self.progressbar.hide()
- self.label.set_text("SIGNATURE VERIFICATION FAILED!\n\nYou might be under attack, or there might just be a networking problem. Click Start try the download again.")
- self.gui_tasks = ['start_over']
- self.gui_task_i = 0
- self.start_button.show()
- self.start_button.set_sensitive(True)
+ self.set_gui('task', "SIGNATURE VERIFICATION FAILED!\n\nYou might be under attack, or there might just be a networking problem. Click Start try the download again.", ['start_over'], False)
+ self.clear_ui()
+ self.build_ui()
+
+ if not reactor.running:
+ reactor.run()
def extract(self):
# initialize the progress bar
@@ -532,7 +551,8 @@ class TorBrowserLauncher:
def destroy(self, widget, data=None):
if hasattr(self, 'file_download'):
self.file_download.close()
- reactor.stop()
+ if reactor.running:
+ reactor.stop()
if __name__ == "__main__":
tor_browser_launcher_version = '0.1'
diff --git a/keys/torproject.pem b/torproject.pem
similarity index 100%
rename from keys/torproject.pem
rename to torproject.pem
diff --git a/verify.sh b/verify.sh
deleted file mode 100755
index e8f7ded..0000000
--- a/verify.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-# usage: verify.sh [temporary gpg directory] [tor-browser-gnu-linux-xxx.tar.gz.asc]
-
-GPG_TMP_DIR=$1
-TBB_SIG=$2
-
-# clean the temp gpg dir
-rm -rf $GPG_TMP_DIR
-mkdir -p $GPG_TMP_DIR
-chmod 700 $GPG_TMP_DIR
-
-# import erinn's public key
-gpg --homedir $GPG_TMP_DIR --import /usr/share/torbrowser-launcher/erinn.asc
-gpg --homedir $GPG_TMP_DIR --import /usr/share/torbrowser-launcher/sebastian.asc
-
-# verify the signature
-gpg --homedir $GPG_TMP_DIR --verify $TBB_SIG
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list