diff options
author | Michał Masłowski <mtjm@mtjm.eu> | 2014-10-26 20:22:07 +0100 |
---|---|---|
committer | Michał Masłowski <mtjm@mtjm.eu> | 2014-10-26 20:22:07 +0100 |
commit | 548dad674dd2e2e59402981522676284eee6cee5 (patch) | |
tree | e65dd0d9605d97cbfa80c4dc7ce8dd930078d72d /db-list-unsigned-packages.py | |
parent | 2c72fef7bd097105e57e05a4a49d0eda060735ba (diff) |
db-list-unsigned-packages.py: support listing keys that signed the packages.
Diffstat (limited to 'db-list-unsigned-packages.py')
-rwxr-xr-x | db-list-unsigned-packages.py | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py index 36be93a..80cff51 100755 --- a/db-list-unsigned-packages.py +++ b/db-list-unsigned-packages.py @@ -21,23 +21,35 @@ unsigned packages in the database at standard input of repo named in the first argument and specified for architectures listed in the following arguments (usually the one of the database or any, default is to list all). + +If the --keyset argument is passed, print the key fingerprint of every +signed package. """ +import base64 +import subprocess import sys import tarfile def main(): """Do the job.""" + check_keys = False + if "--keyset" in sys.argv: + sys.argv.remove("--keyset") + check_keys = True repo = sys.argv[1] pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) + packages = [] + keys = [] with tarfile.open(fileobj=sys.stdin.buffer) as archive: for entry in archive: if entry.name.endswith("/desc"): content = archive.extractfile(entry) skip = False is_arch = False + key = None for line in content: if is_arch: is_arch = False @@ -46,12 +58,38 @@ def main(): break if line == b"%PGPSIG%\n": skip = True # signed - break + key = b"" + if check_keys: + continue + else: + break if line == b"%ARCH%\n": is_arch = True + continue + if key is not None: + if line.strip(): + key += line.strip() + else: + break + if check_keys and key: + key_binary = base64.b64decode(key) + keys.append(key_binary) + packages.append(repo + "/" + entry.name[:-5]) if skip: continue print(repo + "/" + entry.name[:-5]) + if check_keys and keys: + # We have collected all signed package names in packages and + # all keys in keys. Let's now ask gpg to list all signatures + # and find which keys made them. + packets = subprocess.check_output(("gpg", "--list-packets"), + input=b"".join(keys)) + i = 0 + for line in packets.decode("latin1").split("\n"): + if line.startswith(":signature packet:"): + keyid = line[line.index("keyid ") + len("keyid "):] + print(packages[i], keyid) + i += 1 if __name__ == "__main__": |