[yum-git] Branch 'yum-3_2_X' - 2 commits - yum/__init__.py yum/misc.py yum/pgpmsg.py
Seth Vidal
skvidal at linux.duke.edu
Mon Jun 9 17:10:20 UTC 2008
yum/__init__.py | 99 ++++++++++++++++++++++++++++----------------------------
yum/misc.py | 63 +++++++++++++++++++----------------
yum/pgpmsg.py | 27 +++++++++++++++
3 files changed, 113 insertions(+), 76 deletions(-)
New commits:
commit 4038faebc5a62c6e18833a4fedad793e6aa85b2e
Merge: 7628d5d... b23f24b...
Author: Seth Vidal <skvidal at fedoraproject.org>
Date: Mon Jun 9 13:09:43 2008 -0400
Merge branch 'yum-3_2_X' of ssh://login1.linux.duke.edu/home/groups/yum/git/yum into yum-3_2_X
* 'yum-3_2_X' of ssh://login1.linux.duke.edu/home/groups/yum/git/yum:
Fix provides output, to have highlights and make it always "verbose".
updated de translation by Jochen Schmitt
The postresolve hook should run after the installonlyn magic.
commit 7628d5d02636857bfa5b28c137c402857f677cc1
Author: Seth Vidal <skvidal at fedoraproject.org>
Date: Mon Jun 9 13:08:14 2008 -0400
make gpg key importing support muleiple keys per file
diff --git a/yum/__init__.py b/yum/__init__.py
index ee096c6..23c755b 100644
--- a/yum/__init__.py
+++ b/yum/__init__.py
@@ -2658,7 +2658,6 @@ class YumBase(depsolve.Depsolve):
of a key. Differs from askcb in that it gets passed
a dictionary so that we can expand the values passed.
"""
-
repo = self.repos.getRepo(po.repoid)
keyurls = repo.gpgkey
key_installed = False
@@ -2676,61 +2675,65 @@ class YumBase(depsolve.Depsolve):
unicode(str(e), 'UTF-8', 'replace'))
# Parse the key
- try:
- keyinfo = misc.getgpgkeyinfo(rawkey)
- keyid = keyinfo['keyid']
- hexkeyid = misc.keyIdToRPMVer(keyid).upper()
- timestamp = keyinfo['timestamp']
- userid = keyinfo['userid']
- fingerprint = keyinfo['fingerprint']
- except ValueError, e:
- raise Errors.YumBaseError, \
- _('GPG key parsing failed: ') + str(e)
-
- # Check if key is already installed
- if misc.keyInstalled(ts, keyid, timestamp) >= 0:
- self.logger.info(_('GPG key at %s (0x%s) is already installed') % (
- keyurl, hexkeyid))
- continue
-
- # Try installing/updating GPG key
- self.logger.critical(_('Importing GPG key 0x%s "%s" from %s') % (hexkeyid, userid, keyurl.replace("file://","")))
- rc = False
- if self.conf.assumeyes:
- rc = True
- elif fullaskcb:
- rc = fullaskcb({"po": po, "userid": userid,
- "hexkeyid": hexkeyid, "keyurl": keyurl,
- "fingerprint": fingerprint, "timestamp": timestamp})
- elif askcb:
- rc = askcb(po, userid, hexkeyid)
-
- if not rc:
- raise Errors.YumBaseError, _("Not installing key")
-
- # Import the key
- result = ts.pgpImportPubkey(misc.procgpgkey(rawkey))
- if result != 0:
- raise Errors.YumBaseError, \
- _('Key import failed (code %d)') % result
- misc.import_key_to_pubring(rawkey, po.repo.cachedir)
+ keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
- self.logger.info(_('Key imported successfully'))
- key_installed = True
+ for keyinfo in keys_info:
+ try:
+ keyid = keyinfo['keyid']
+ hexkeyid = misc.keyIdToRPMVer(keyid).upper()
+ timestamp = keyinfo['timestamp']
+ userid = keyinfo['userid']
+ fingerprint = keyinfo['fingerprint']
+ raw_key = keyinfo['raw_key']
+ except ValueError, e:
+ raise Errors.YumBaseError, \
+ _('GPG key parsing failed: ') + str(e)
- if not key_installed:
- raise Errors.YumBaseError, \
- _('The GPG keys listed for the "%s" repository are ' \
- 'already installed but they are not correct for this ' \
- 'package.\n' \
- 'Check that the correct key URLs are configured for ' \
- 'this repository.') % (repo.name)
+ # Check if key is already installed
+ if misc.keyInstalled(ts, keyid, timestamp) >= 0:
+ self.logger.info(_('GPG key at %s (0x%s) is already installed') % (
+ keyurl, hexkeyid))
+ continue
+
+ # Try installing/updating GPG key
+ self.logger.critical(_('Importing GPG key 0x%s "%s" from %s') % (hexkeyid, userid, keyurl.replace("file://","")))
+ rc = False
+ if self.conf.assumeyes:
+ rc = True
+ elif fullaskcb:
+ rc = fullaskcb({"po": po, "userid": userid,
+ "hexkeyid": hexkeyid, "keyurl": keyurl,
+ "fingerprint": fingerprint, "timestamp": timestamp})
+ elif askcb:
+ rc = askcb(po, userid, hexkeyid)
+
+ if not rc:
+ raise Errors.YumBaseError, _("Not installing key")
+
+ # Import the key
+ result = ts.pgpImportPubkey(misc.procgpgkey(raw_key))
+ if result != 0:
+ raise Errors.YumBaseError, \
+ _('Key import failed (code %d)') % result
+ misc.import_key_to_pubring(rawkey, po.repo.cachedir)
+
+ self.logger.info(_('Key imported successfully'))
+ key_installed = True
+
+ if not key_installed:
+ raise Errors.YumBaseError, \
+ _('The GPG keys listed for the "%s" repository are ' \
+ 'already installed but they are not correct for this ' \
+ 'package.\n' \
+ 'Check that the correct key URLs are configured for ' \
+ 'this repository.') % (repo.name)
# Check if the newly installed keys helped
result, errmsg = self.sigCheckPkg(po)
if result != 0:
self.logger.info(_("Import of key(s) didn't help, wrong key(s)?"))
raise Errors.YumBaseError, errmsg
+
def _limit_installonly_pkgs(self):
if self.conf.installonly_limit < 1 :
return
diff --git a/yum/misc.py b/yum/misc.py
index 67b9171..cc7221b 100644
--- a/yum/misc.py
+++ b/yum/misc.py
@@ -233,7 +233,7 @@ def procgpgkey(rawkey):
# Decode and return
return base64.decodestring(block.getvalue())
-def getgpgkeyinfo(rawkey):
+def getgpgkeyinfo(rawkey, multiple=False):
'''Return a dict of info for the given ASCII armoured key text
Returned dict will have the following keys: 'userid', 'keyid', 'timestamp'
@@ -241,38 +241,45 @@ def getgpgkeyinfo(rawkey):
Will raise ValueError if there was a problem decoding the key.
'''
# Catch all exceptions as there can be quite a variety raised by this call
+ key_info_objs = []
try:
- key = pgpmsg.decode_msg(rawkey)
+ keys = pgpmsg.decode_multiple_keys(rawkey)
except Exception, e:
raise ValueError(str(e))
- if key is None:
+ if len(keys) == 0:
raise ValueError('No key found in given key data')
-
- keyid_blob = key.public_key.key_id()
-
- info = {
- 'userid': key.user_id,
- 'keyid': struct.unpack('>Q', keyid_blob)[0],
- 'timestamp': key.public_key.timestamp,
- 'fingerprint' : key.public_key.fingerprint,
- }
-
- # Retrieve the timestamp from the matching signature packet
- # (this is what RPM appears to do)
- for userid in key.user_ids[0]:
- if not isinstance(userid, pgpmsg.signature):
- continue
-
- if userid.key_id() == keyid_blob:
- # Get the creation time sub-packet if available
- if hasattr(userid, 'hashed_subpaks'):
- tspkt = \
- userid.get_hashed_subpak(pgpmsg.SIG_SUB_TYPE_CREATE_TIME)
- if tspkt != None:
- info['timestamp'] = int(tspkt[1])
- break
+
+ for key in keys:
+ keyid_blob = key.public_key.key_id()
+
+ info = {
+ 'userid': key.user_id,
+ 'keyid': struct.unpack('>Q', keyid_blob)[0],
+ 'timestamp': key.public_key.timestamp,
+ 'fingerprint' : key.public_key.fingerprint,
+ 'raw_key' : key.raw_key,
+ }
+
+ # Retrieve the timestamp from the matching signature packet
+ # (this is what RPM appears to do)
+ for userid in key.user_ids[0]:
+ if not isinstance(userid, pgpmsg.signature):
+ continue
+
+ if userid.key_id() == keyid_blob:
+ # Get the creation time sub-packet if available
+ if hasattr(userid, 'hashed_subpaks'):
+ tspkt = \
+ userid.get_hashed_subpak(pgpmsg.SIG_SUB_TYPE_CREATE_TIME)
+ if tspkt != None:
+ info['timestamp'] = int(tspkt[1])
+ break
+ key_info_objs.append(info)
+ if multiple:
+ return key_info_objs
+ else:
+ return key_info_objs[0]
- return info
def keyIdToRPMVer(keyid):
'''Convert an integer representing a GPG key ID to the hex version string
diff --git a/yum/pgpmsg.py b/yum/pgpmsg.py
index 72d3480..35a7801 100644
--- a/yum/pgpmsg.py
+++ b/yum/pgpmsg.py
@@ -1110,9 +1110,36 @@ def decode_msg(msg) :
# turn it into a real cert
cert = pgp_certificate()
cert.load(pkt_list)
+ cert.raw_key = msg
return cert
# add the data to our buffer then
block_buf.write(l)
return None
+
+
+def decode_multiple_keys(msg):
+ #ditto of above - but handling multiple certs/keys per file
+ certs = []
+
+ pgpkey_lines = map(lambda x : x.rstrip(), msg.split('\n'))
+ in_block = 0
+ block = ''
+ for l in pgpkey_lines :
+ if not in_block :
+ if l == '-----BEGIN PGP PUBLIC KEY BLOCK-----' :
+ in_block = 1
+ block += '%s\n' % l
+ continue
+
+ block += '%s\n' % l
+ if l == '-----END PGP PUBLIC KEY BLOCK-----':
+ in_block = 0
+ cert = decode_msg(block)
+ if cert:
+ certs.append(cert)
+ block = ''
+ continue
+
+ return certs
More information about the Yum-cvs-commits
mailing list