[Pkg-privacy-commits] [torbrowser-launcher] 22/48: Add logic to shell out for verify/import if gpgme lib not present
Roger Shimizu
rosh at moszumanska.debian.org
Mon Sep 4 16:42:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit 44ceaf647e107a0cabaac9cb2b98a89b1a5149b2
Author: Dan Snider <dan at dephekt.net>
Date: Wed Mar 22 11:57:10 2017 -0500
Add logic to shell out for verify/import if gpgme lib not present
---
BUILD.md | 2 +-
stdeb.cfg | 2 +-
torbrowser_launcher/common.py | 59 ++++++++++++++++++++++++++++-------------
torbrowser_launcher/launcher.py | 56 +++++++++++++++++++++++---------------
4 files changed, 78 insertions(+), 41 deletions(-)
diff --git a/BUILD.md b/BUILD.md
index a098e5b..35d0aef 100644
--- a/BUILD.md
+++ b/BUILD.md
@@ -12,7 +12,7 @@ Then install dependencies, build a package, and install:
### Debian, Ubuntu, Linux Mint, etc.
```sh
-sudo apt-get install build-essential dh-python python-all python-stdeb python-gtk2 python-twisted python-lzma python-txsocksx gnupg fakeroot xz-utils tor python-gpgme
+sudo apt-get install build-essential dh-python python-all python-stdeb python-gtk2 python-twisted python-lzma python-txsocksx gnupg fakeroot xz-utils tor python-gpg
./build_deb.sh
sudo dpkg -i deb_dist/torbrowser-launcher_*.deb
```
diff --git a/stdeb.cfg b/stdeb.cfg
index ef66458..1bb0605 100644
--- a/stdeb.cfg
+++ b/stdeb.cfg
@@ -1,6 +1,6 @@
[DEFAULT]
Package: torbrowser-launcher
-Depends: python-gtk2, python-twisted, python-lzma, python-gpgme, gnupg, xz-utils
+Depends: python-gtk2, python-twisted, python-lzma, gnupg, xz-utils
Build-Depends: dh-python
Recommends: python-pygame, python-txsocksx, tor
Suite: trusty
diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 62d9e48..52703bd 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -38,11 +38,7 @@ import re
try:
import gpg
except ImportError:
- try:
- import gpgme as gpg
- except ImportError:
- gpg_support = False
- print('You need the gpgme Python bindings installed to verify integrity of downloaded archives.')
+ gpgme_support = False
import pygtk
pygtk.require('2.0')
@@ -56,6 +52,15 @@ gettext.install('torbrowser-launcher')
from twisted.internet import gtk2reactor
gtk2reactor.install()
+# We're looking for output which:
+#
+# 1. The first portion must be `[GNUPG:] IMPORT_OK`
+# 2. The second must be an integer between [0, 15], inclusive
+# 3. The third must be an uppercased hex-encoded 160-bit fingerprint
+gnupg_import_ok_pattern = re.compile(
+ "(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})")
+
+
class Common:
def __init__(self, tbl_version):
@@ -208,20 +213,38 @@ class Common:
:returns: ``True`` if the key is now within the keyring (or was
previously and hasn't changed). ``False`` otherwise.
"""
- with gpg.Context() as c:
- c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
-
- impkey = self.paths['signing_keys'][key]
- try:
- c.op_import(gpg.Data(file=impkey))
- except:
- return False
- else:
- result = c.op_import_result()
- if result and self.fingerprints[key] in result.imports[0].fpr:
- return True
- else:
+ if gpgme_support:
+ with gpg.Context() as c:
+ c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
+
+ impkey = self.paths['signing_keys'][key]
+ try:
+ c.op_import(gpg.Data(file=impkey))
+ except:
return False
+ else:
+ result = c.op_import_result()
+ if result and self.fingerprints[key] in result.imports[0].fpr:
+ return True
+ else:
+ return False
+ else:
+ success = False
+
+ p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
+ '--homedir', self.paths['gnupg_homedir'],
+ '--import', self.paths['signing_keys'][key]],
+ stderr=subprocess.PIPE)
+ p.wait()
+
+ for output in p.stderr.readlines():
+ match = gnupg_import_ok_pattern.match(output)
+ if match:
+ if match.group().find(self.fingerprints[key]) >= 0:
+ success = True
+ break
+
+ return success
# import gpg keys
def import_keys(self):
diff --git a/torbrowser_launcher/launcher.py b/torbrowser_launcher/launcher.py
index cb2e2b1..2c70b61 100644
--- a/torbrowser_launcher/launcher.py
+++ b/torbrowser_launcher/launcher.py
@@ -46,11 +46,7 @@ from twisted.internet.error import DNSLookupError, ConnectionRefusedError
try:
import gpg
except ImportError:
- try:
- import gpgme as gpg
- except ImportError:
- gpg_support = False
- print('You need the gpgme Python bindings installed to verify integrity of downloaded archives.')
+ gpgme_support = False
import xml.etree.ElementTree as ET
@@ -60,18 +56,23 @@ import pygtk
pygtk.require('2.0')
import gtk
+
class TryStableException(Exception):
pass
+
class TryDefaultMirrorException(Exception):
pass
+
class TryForcingEnglishException(Exception):
pass
+
class DownloadErrorException(Exception):
pass
+
class Launcher:
def __init__(self, common, url_list):
self.common = common
@@ -529,23 +530,36 @@ class Launcher:
self.set_gui('task', sigerror, ['start_over'], False)
self.clear_ui()
self.build_ui()
-
- with gpg.Context() as c:
- c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.common.paths['gnupg_homedir'])
-
- sig = gpg.Data(file=self.common.paths['sig_file'])
- signed = gpg.Data(file=self.common.paths['tarball_file'])
-
- try:
- c.verify(signature=sig, signed_data=signed)
- except gpg.errors.BadSignatures as e:
- result = str(e).split(": ")
- if result[1] == 'Bad signature':
- gui_raise_sigerror(self, str(e))
- elif result[1] == 'No public key':
- gui_raise_sigerror(self, str(e))
- else:
+
+ if gpgme_support:
+ with gpg.Context() as c:
+ c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.common.paths['gnupg_homedir'])
+
+ sig = gpg.Data(file=self.common.paths['sig_file'])
+ signed = gpg.Data(file=self.common.paths['tarball_file'])
+
+ try:
+ c.verify(signature=sig, signed_data=signed)
+ except gpg.errors.BadSignatures as e:
+ result = str(e).split(": ")
+ if result[1] == 'Bad signature':
+ gui_raise_sigerror(self, str(e))
+ elif result[1] == 'No public key':
+ gui_raise_sigerror(self, str(e))
+ else:
+ self.run_task()
+ else:
+ FNULL = open(os.devnull, 'w')
+ p = subprocess.Popen(['/usr/bin/gpg', '--homedir', self.common.paths['gnupg_homedir'], '--verify',
+ self.common.paths['sig_file'], self.common.paths['tarball_file']], stdout=FNULL,
+ stderr=subprocess.STDOUT)
+ self.pulse_until_process_exits(p)
+ if p.returncode == 0:
self.run_task()
+ else:
+ gui_raise_sigerror(self, 'VERIFY_FAIL_NO_GPGME')
+ if not reactor.running:
+ reactor.run()
def extract(self):
# initialize the progress bar
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list