[Pkg-privacy-commits] [torbrowser-launcher] 24/39: Only try refreshing the keyring when necessary

Tue Mar 27 15:41:52 UTC 2018

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch rosh/experimental
in repository torbrowser-launcher.

commit a7f166953c0ec1cb12e51f817bdb0d46b1f57106
Author: Micah Lee <micah at micahflee.com>
Date:   Fri Mar 23 13:45:33 2018 -0700

    Only try refreshing the keyring when necessary
---
 torbrowser_launcher/common.py   |  1 -
 torbrowser_launcher/launcher.py | 37 +++++++++++++++++++++++--------------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 4f579ee..bb3b3f1 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -258,7 +258,6 @@ class Common(object):
         if not all_imports_succeeded:
             print(_('Not all keys were imported successfully!'))
 
-        self.refresh_keyring()
         return all_imports_succeeded
 
     # load mirrors
diff --git a/torbrowser_launcher/launcher.py b/torbrowser_launcher/launcher.py
index 37fff94..cc6778d 100644
--- a/torbrowser_launcher/launcher.py
+++ b/torbrowser_launcher/launcher.py
@@ -568,21 +568,30 @@ class VerifyThread(QtCore.QThread):
         self.common = common
 
     def run(self):
-        with gpg.Context() as c:
-            c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.common.paths['gnupg_homedir'])
-
-            sig = gpg.Data(file=self.common.paths['sig_file'])
-            signed = gpg.Data(file=self.common.paths['tarball_file'])
+        def verify(second_try=False):
+            with gpg.Context() as c:
+                c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.common.paths['gnupg_homedir'])
+
+                sig = gpg.Data(file=self.common.paths['sig_file'])
+                signed = gpg.Data(file=self.common.paths['tarball_file'])
+
+                try:
+                    c.verify(signature=sig, signed_data=signed)
+                except gpg.errors.BadSignatures as e:
+                    result = str(e).split(": ")
+                    if result[1] == 'No public key' and not second_try:
+                        raise Exception
+                    self.error.emit(str(e))
+                else:
+                    self.success.emit()
 
-            try:
-                c.verify(signature=sig, signed_data=signed)
-            except gpg.errors.BadSignatures as e:
-                result = str(e).split(": ")
-                if result[1] == 'No public key':
-                    self.common.refresh_keyring(result[0])
-                self.error.emit(str(e))
-            else:
-                self.success.emit()
+        try:
+            # Try verifying
+            verify()
+        except:
+            # If it fails, refresh the keyring and try again
+            self.common.refresh_keyring()
+            verify(True)
 
 
 class ExtractThread(QtCore.QThread):

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git

