From d716bf39b475030c5b0ba798f01172a33c305f37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?coadde=20=5BM=C3=A1rcio=20Alexandre=20Silva=20Delgado=5D?= Date: Sat, 29 Aug 2015 18:14:02 -0300 Subject: xbs: add db-list-unsigned-packages.py support --- extra/xbs-lukeshu/db-list-unsigned-packages.py | 96 -------------------------- src/bin/db-list-unsigned-packages.py | 96 ++++++++++++++++++++++++++ src/bin/xbs | 6 +- 3 files changed, 100 insertions(+), 98 deletions(-) delete mode 100755 extra/xbs-lukeshu/db-list-unsigned-packages.py create mode 100755 src/bin/db-list-unsigned-packages.py diff --git a/extra/xbs-lukeshu/db-list-unsigned-packages.py b/extra/xbs-lukeshu/db-list-unsigned-packages.py deleted file mode 100755 index 80cff51..0000000 --- a/extra/xbs-lukeshu/db-list-unsigned-packages.py +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env python3 -# Copyright (C) 2012 Michał Masłowski -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -""" -Output a list of repo/package-name-and-version pairs representing -unsigned packages in the database at standard input of repo named in -the first argument and specified for architectures listed in the -following arguments (usually the one of the database or any, default -is to list all). - -If the --keyset argument is passed, print the key fingerprint of every -signed package. -""" - - -import base64 -import subprocess -import sys -import tarfile - - -def main(): - """Do the job.""" - check_keys = False - if "--keyset" in sys.argv: - sys.argv.remove("--keyset") - check_keys = True - repo = sys.argv[1] - pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) - packages = [] - keys = [] - with tarfile.open(fileobj=sys.stdin.buffer) as archive: - for entry in archive: - if entry.name.endswith("/desc"): - content = archive.extractfile(entry) - skip = False - is_arch = False - key = None - for line in content: - if is_arch: - is_arch = False - if pkgarches and line.strip() not in pkgarches: - skip = True # different architecture - break - if line == b"%PGPSIG%\n": - skip = True # signed - key = b"" - if check_keys: - continue - else: - break - if line == b"%ARCH%\n": - is_arch = True - continue - if key is not None: - if line.strip(): - key += line.strip() - else: - break - if check_keys and key: - key_binary = base64.b64decode(key) - keys.append(key_binary) - packages.append(repo + "/" + entry.name[:-5]) - if skip: - continue - print(repo + "/" + entry.name[:-5]) - if check_keys and keys: - # We have collected all signed package names in packages and - # all keys in keys. Let's now ask gpg to list all signatures - # and find which keys made them. - packets = subprocess.check_output(("gpg", "--list-packets"), - input=b"".join(keys)) - i = 0 - for line in packets.decode("latin1").split("\n"): - if line.startswith(":signature packet:"): - keyid = line[line.index("keyid ") + len("keyid "):] - print(packages[i], keyid) - i += 1 - - -if __name__ == "__main__": - main() diff --git a/src/bin/db-list-unsigned-packages.py b/src/bin/db-list-unsigned-packages.py new file mode 100755 index 0000000..80cff51 --- /dev/null +++ b/src/bin/db-list-unsigned-packages.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python3 +# Copyright (C) 2012 Michał Masłowski +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +""" +Output a list of repo/package-name-and-version pairs representing +unsigned packages in the database at standard input of repo named in +the first argument and specified for architectures listed in the +following arguments (usually the one of the database or any, default +is to list all). + +If the --keyset argument is passed, print the key fingerprint of every +signed package. +""" + + +import base64 +import subprocess +import sys +import tarfile + + +def main(): + """Do the job.""" + check_keys = False + if "--keyset" in sys.argv: + sys.argv.remove("--keyset") + check_keys = True + repo = sys.argv[1] + pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) + packages = [] + keys = [] + with tarfile.open(fileobj=sys.stdin.buffer) as archive: + for entry in archive: + if entry.name.endswith("/desc"): + content = archive.extractfile(entry) + skip = False + is_arch = False + key = None + for line in content: + if is_arch: + is_arch = False + if pkgarches and line.strip() not in pkgarches: + skip = True # different architecture + break + if line == b"%PGPSIG%\n": + skip = True # signed + key = b"" + if check_keys: + continue + else: + break + if line == b"%ARCH%\n": + is_arch = True + continue + if key is not None: + if line.strip(): + key += line.strip() + else: + break + if check_keys and key: + key_binary = base64.b64decode(key) + keys.append(key_binary) + packages.append(repo + "/" + entry.name[:-5]) + if skip: + continue + print(repo + "/" + entry.name[:-5]) + if check_keys and keys: + # We have collected all signed package names in packages and + # all keys in keys. Let's now ask gpg to list all signatures + # and find which keys made them. + packets = subprocess.check_output(("gpg", "--list-packets"), + input=b"".join(keys)) + i = 0 + for line in packets.decode("latin1").split("\n"): + if line.startswith(":signature packet:"): + keyid = line[line.index("keyid ") + len("keyid "):] + print(packages[i], keyid) + i += 1 + + +if __name__ == "__main__": + main() diff --git a/src/bin/xbs b/src/bin/xbs index f1d3193..862ddab 100644 --- a/src/bin/xbs +++ b/src/bin/xbs @@ -263,9 +263,11 @@ case "${rules}" in fi done ;; - check-libraries|check-libs|chl) + check-libraries|check-libs|chl|list-unsigned-packages|list-unsigd-pkgs|lup) if [ "${rules}" == 'check-libraries' || "${rules}" == 'check-libs' || "${rules}" == 'chl' ]; then - "${BIN_DIR}/db-check-package-libraries.py" + "${BIN_DIR}/db-check-package-libraries.py ${@}" + elif [ "${rules}" == 'list-unsigned-packages' || "${rules}" == 'list-unsigd-pkgs' || "${rules}" == 'lup' ]; then + "${BIN_DIR}/db-list-unsigned-packages.py ${@}" fi ;; init|sync|import) -- cgit v1.2.3