summaryrefslogtreecommitdiff
path: root/db-list-unsigned-packages.py
diff options
context:
space:
mode:
authorMichał Masłowski <mtjm@mtjm.eu>2014-10-26 20:22:07 +0100
committerMichał Masłowski <mtjm@mtjm.eu>2014-10-26 20:22:07 +0100
commit548dad674dd2e2e59402981522676284eee6cee5 (patch)
treee65dd0d9605d97cbfa80c4dc7ce8dd930078d72d /db-list-unsigned-packages.py
parent2c72fef7bd097105e57e05a4a49d0eda060735ba (diff)
db-list-unsigned-packages.py: support listing keys that signed the packages.
Diffstat (limited to 'db-list-unsigned-packages.py')
-rwxr-xr-xdb-list-unsigned-packages.py40
1 files changed, 39 insertions, 1 deletions
diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py
index 36be93a..80cff51 100755
--- a/db-list-unsigned-packages.py
+++ b/db-list-unsigned-packages.py
@@ -21,23 +21,35 @@ unsigned packages in the database at standard input of repo named in
the first argument and specified for architectures listed in the
following arguments (usually the one of the database or any, default
is to list all).
+
+If the --keyset argument is passed, print the key fingerprint of every
+signed package.
"""
+import base64
+import subprocess
import sys
import tarfile
def main():
"""Do the job."""
+ check_keys = False
+ if "--keyset" in sys.argv:
+ sys.argv.remove("--keyset")
+ check_keys = True
repo = sys.argv[1]
pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:])
+ packages = []
+ keys = []
with tarfile.open(fileobj=sys.stdin.buffer) as archive:
for entry in archive:
if entry.name.endswith("/desc"):
content = archive.extractfile(entry)
skip = False
is_arch = False
+ key = None
for line in content:
if is_arch:
is_arch = False
@@ -46,12 +58,38 @@ def main():
break
if line == b"%PGPSIG%\n":
skip = True # signed
- break
+ key = b""
+ if check_keys:
+ continue
+ else:
+ break
if line == b"%ARCH%\n":
is_arch = True
+ continue
+ if key is not None:
+ if line.strip():
+ key += line.strip()
+ else:
+ break
+ if check_keys and key:
+ key_binary = base64.b64decode(key)
+ keys.append(key_binary)
+ packages.append(repo + "/" + entry.name[:-5])
if skip:
continue
print(repo + "/" + entry.name[:-5])
+ if check_keys and keys:
+ # We have collected all signed package names in packages and
+ # all keys in keys. Let's now ask gpg to list all signatures
+ # and find which keys made them.
+ packets = subprocess.check_output(("gpg", "--list-packets"),
+ input=b"".join(keys))
+ i = 0
+ for line in packets.decode("latin1").split("\n"):
+ if line.startswith(":signature packet:"):
+ keyid = line[line.index("keyid ") + len("keyid "):]
+ print(packages[i], keyid)
+ i += 1
if __name__ == "__main__":