1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# (c) Copyright 2015 HP Development Company, L.P.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Author: Amarnath Chitumalla, Sanjay Kumar
#
#Global imports
import os
import stat
import datetime
#Local imports
from base.codes import *
from base.strings import *
from base import utils
from base import os_utils
from base.g import *
from subprocess import Popen, PIPE
class DigiSign_Verification(object):
def __init__(self):
pass
def validate(self):
pass
class GPG_Verification(DigiSign_Verification):
def __init__(self):
self.__gpg = utils.which('gpg',True)
sts, self.__hplipdir = os_utils.getHPLIPDir()
self.__gpg_dir = os.path.join(self.__hplipdir, ".gnupg")
#Make sure gpg directory is present. GPG keys will be retrieved here from the key server
if not os.path.exists(self.__gpg_dir):
try:
os.mkdir(self.__gpg_dir, 0o755)
except OSError:
log.error("Failed to create %s" % self.__gpg_dir)
self.__change_owner()
def __change_owner(self, Recursive = False):
try:
os.umask(0)
s = os.stat(self.__hplipdir)
os_utils.changeOwner(self.__gpg_dir, s[stat.ST_UID], s[stat.ST_GID], Recursive)
except OSError:
log.error("Failed to Change ownership of %s" %self.__gpg_dir)
def __gpg_check(self, hplip_package, hplip_digsig):
cmd = '%s --homedir %s -no-permission-warning --verify %s %s' % (self.__gpg, self.__gpg_dir, hplip_digsig, hplip_package)
log.debug("Verifying file %s : cmd = [%s]" % (hplip_package,cmd))
status, output = utils.run(cmd)
log.debug("%s status: %d output:%s" % (self.__gpg, status,output))
return status
def __acquire_gpg_key(self):
cmd = '%s --homedir %s --no-permission-warning --import %s' \
% (self.__gpg, self.__gpg_dir, "/usr/share/hplip/signing-key.asc")
log.info("Importing digital key")
status, output = utils.run(cmd)
log.debug(output)
self.__change_owner(True)
return status
def validate(self, hplip_package, hplip_digsig):
log.debug("Validating %s with %s signature file" %(hplip_package, hplip_digsig))
if not self.__gpg:
return ERROR_GPG_CMD_NOT_FOUND, queryString(ERROR_GPG_CMD_NOT_FOUND)
if not os.path.exists(hplip_package):
return ERROR_FILE_NOT_FOUND, queryString(ERROR_FILE_NOT_FOUND, 0, hplip_package)
if not os.path.exists(hplip_digsig):
return ERROR_DIGITAL_SIGN_NOT_FOUND, queryString(ERROR_DIGITAL_SIGN_NOT_FOUND, 0, hplip_digsig)
status = self.__acquire_gpg_key()
if status != 0:
return ERROR_UNABLE_TO_RECV_KEYS, queryString(ERROR_UNABLE_TO_RECV_KEYS)
status = self.__gpg_check(hplip_package, hplip_digsig)
if status != 0:
return ERROR_DIGITAL_SIGN_BAD, queryString(ERROR_DIGITAL_SIGN_BAD, 0, hplip_package)
else:
return ERROR_SUCCESS, ""
|
