commit: fe3dd834e90b3aed6751767edcab1f6fb8db28c4 Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org> AuthorDate: Thu Jul 24 02:02:38 2014 +0000 Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org> CommitDate: Thu Jul 24 02:02:38 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/layman.git;a=commit;h=fe3dd834
remotedb.py: Internally disables GPG functionality --- etc/layman.cfg | 5 +-- layman/remotedb.py | 92 ------------------------------------------------------ 2 files changed, 3 insertions(+), 94 deletions(-) diff --git a/etc/layman.cfg b/etc/layman.cfg index 6b94c68..10e5d94 100644 --- a/etc/layman.cfg +++ b/etc/layman.cfg @@ -62,6 +62,7 @@ conf_type : make.conf # file:///var/lib/layman/my-list.xml # #### GPG signed lists #### COMING SOON TO A DOWNLOAD SITE NEAR YOU ##### +# GPG config options are internally disabled for this release. # # gpg_signed_lists : # These can be clearsigned or signed (compressed) overlay lists @@ -73,7 +74,7 @@ conf_type : make.conf # gpg_signed_lists : # http://someserver.somewhere.com/someoverlays.xml.asc # -gpg_signed_lists : +#gpg_signed_lists : # # gpg_detached_lists: @@ -88,7 +89,7 @@ gpg_signed_lists : # http://distfiles.gentoo.org/overlays.xml http://distfiles.gentoo.org/overlays.xml.asc # http://someserver.somewhere.com/someoverlays.xml http://someserver.somewhere.com/someoverlays.xml.gpg -gpg_detached_lists : +#gpg_detached_lists : # https://api.gentoo.org/overlays/repositories.xml https://api.gentoo.org/overlays/repositories.xml.asc # original unsigned lists and definitions diff --git a/layman/remotedb.py b/layman/remotedb.py index 79f4ec6..7d20e8d 100644 --- a/layman/remotedb.py +++ b/layman/remotedb.py @@ -30,15 +30,6 @@ import os, os.path import sys import hashlib -GPG_ENABLED = False -try: - from pygpg.config import GPGConfig - from pygpg.gpg import GPG - GPG_ENABLED = True -except ImportError: - pass - - from layman.utils import encoder from layman.dbbase import DbBase from layman.version import VERSION @@ -61,12 +52,6 @@ class RemoteDB(DbBase): self.urls = [i.strip() for i in config['overlays'].split('\n') if len(i)] - if GPG_ENABLED: - self.get_gpg_urls() - else: - self.output.debug('RemoteDB.__init__(), NOT GPG_ENABLED, ' - 'bypassing...', 2) - # add up the lists to load for display, etc. # unsigned overlay lists paths = [self.filepath(i) + '.xml' for i in self.urls] @@ -92,9 +77,6 @@ class RemoteDB(DbBase): DbBase.__init__(self, config, paths=paths, ignore=ignore, ignore_init_read_errors=ignore_init_read_errors) - self.gpg = None - self.gpg_config = None - # overrider def _broken_catalog_hint(self): @@ -138,7 +120,6 @@ class RemoteDB(DbBase): # succeeded reset when a failure is detected succeeded = True url_lists = [self.urls, self.detached_urls, self.signed_urls] - need_gpg = [False, True, True] # setup the ssl-fetch output map connector_output = { 'info': self.output.debug, @@ -151,9 +132,6 @@ class RemoteDB(DbBase): for index in range(0, 3): self.output.debug("RemoteDB.cache() index = %s" %str(index), 2) urls = url_lists[index] - if need_gpg[index] and len(urls) and self.gpg is None: - #initialize our gpg instance - self.init_gpg() # main working loop for url in urls: sig = '' @@ -175,17 +153,6 @@ class RemoteDB(DbBase): self.output.debug("RemoteDB.cache() len(olist) = %s" % str(len(olist)), 2) - # GPG handling - if need_gpg[index]: - olist, verified = self.verify_gpg(url, sig, olist) - if not verified: - self.output.debug("RemoteDB.cache() gpg returned " - "verified = %s" %str(verified), 2) - succeeded = False - filename = os.path.join(self.config['storage'], - "Failed-to-verify-sig") - self.write_cache(olist, filename) - continue # Before we overwrite the old cache, check that the downloaded # file is intact and can be parsed @@ -338,37 +305,6 @@ class RemoteDB(DbBase): ' ' + mpath + '\nError was:\n' + str(error)) return has_updates - def verify_gpg(self, url, sig, olist): - '''Verify and decode it.''' - self.output.debug("RemoteDB: verify_gpg(), verify & decrypt olist: " - " %s, type(olist)=%s" % (str(url),str(type(olist))), 2) - #self.output.debug(olist, 2) - - # detached sig - if sig: - self.output.debug("RemoteDB.verify_gpg(), detached sig", 2) - self.dl_sig(url[1], sig) - gpg_result = self.gpg.verify( - inputtxt=olist, - inputfile=sig) - # armoured signed file, compressed or clearsigned - else: - self.output.debug("RemoteDB.verify_gpg(), single signed file", 2) - gpg_result = self.gpg.decrypt( - inputtxt=olist) - olist = gpg_result.output - # verify and report - self.output.debug("gpg_result, verified=%s, len(olist)=%s" - % (gpg_result.verified[0], str(len(olist))), 1) - if gpg_result.verified[0]: - self.output.info("GPG verification succeeded for gpg-signed url.", 4) - self.output.info('\tSignature result:' + str(gpg_result.verified), 4) - else: - self.output.error("GPG verification failed for gpg-signed url.") - self.output.error('\tSignature result:' + str(gpg_result.verified)) - olist = '' - return olist, gpg_result.verified[0] - def dl_sig(self, url, sig): self.output.debug("RemoteDB.dl_sig() url=%s, sig=%s" % (url, sig), 2) @@ -378,34 +314,6 @@ class RemoteDB(DbBase): return success - def init_gpg(self): - self.output.debug("RemoteDB.init_gpg(), initializing", 2) - if not self.gpg_config: - self.gpg_config = GPGConfig() - - if not self.gpg: - self.gpg = GPG(self.gpg_config) - self.output.debug("RemoteDB.init_gpg(), initialized :D", 2) - - def get_gpg_urls(self): - '''Extend paths with gpg signed url listings from the config - - @param paths: list or urls to fetch - ''' - #pair up the list url and detached sig url - d_urls = [i.strip() - for i in self.config['gpg_detached_lists'].split('\n') if len(i)] - - #for index in range(0, len(d_urls), 2): - # self.detached_urls.append((d_urls[index], d_urls[index+1])) - for i in d_urls: - u = i.split() - self.detached_urls.append((u[0], u[1])) - - self.signed_urls = [i.strip() - for i in self.config['gpg_signed_lists'].split('\n') if len(i)] - - if __name__ == '__main__': import doctest
