auto importing rpm gpg public keys from keyserver

Andrea Arcangeli andrea at suse.de
Wed Jun 28 11:27:36 PDT 2006


On Thu, Jun 15, 2006 at 09:15:06PM +0200, Andrea Arcangeli wrote:
> -                fd = os.open(path, os.O_RDONLY)
> -                try:
> -                    h = ts.hdrFromFdno(fd)
> -                except rpm.error, e:
> -                    os.close(fd)
> -                    raise Error, "%s: %s" % (os.path.basename(path), e)
> +                for _pass in xrange(2):
> +                    fd = os.open(path, os.O_RDONLY)
> +                    try:
> +                        h = ts.hdrFromFdno(fd)
> +                    except rpm.error, e:
> +                        os.close(fd)
> +
> +                        # in the slow path we trap the case of a gpg public key not in rpmdb
> +                        # and we try to fetch it from the keyserver and we ask the user
> +                        # if he wants to trust this key to continue the installation
> +                        if not _pass and e.args[0] == 'public key not available':
> +                            keyserver = sysconf.get('keyserver')
> +                            if not keyserver:
> +                                iface.error('To enable the keyserver run: '
> +                                            '"smart config --set keyserver=pgp.mit.edu"')
> +                            else:
> +                                iface.info('We are importing an unknown key please wait...')
> +                                key = get_rpm_public_key(path)
> +                                popen = popen2.Popen4('gpg --keyserver %s --recv-keys %s' % (keyserver, key))
> +                                popen_out = popen.fromchild.read()
> +                                if popen.wait():
> +                                    iface.error('gpg failed to import keyid %s, '
> +                                                'please make sure that gpg is installed, '
> +                                                'that the keyserver %s is working '
> +                                                'and that the package %s has a valid signature.' % (key,
> +                                                                                                    keyserver,
> +                                                                                                    path))
> +                                else:
> +                                    popen_out += '\nThe above GPG key has been imported successfully.\n' \
> +                                                 'It is required to install this package:\n\n\t' \
> +                                                 + os.path.basename(path) + \
> +                                                 '\n\nAre you sure that you want to trust this key forever?\n\n' \
> +                                                 'You must verify the below fingerprint before answering.\n' \
> +                                                 + os.popen('gpg --fingerprint %s' % key).read() + \
> +                                                 '\nIf you answer "Yes" all other packages signed with this key ' \
> +                                                 'will be installed automatically.'
> +                                    if iface.askYesNo(popen_out):
> +                                        key_armor = os.popen('gpg --export %s' % key, 'r').read()
> +                                        if ts.pgpImportPubkey(key_armor):
> +                                            iface.error('rpm failed to import the public key id %s' % key)
> +                                        else:
> +                                            # try one more time with the pub key on
> +                                            continue
> +
> +                        raise Error, "%s: %s" % (os.path.basename(path), e)
> +                    else:
> +                        break

So what do you think about the above patch and the rest in previous
email? Should I clean it up? Is is this is the right direction to go
w.r.t. signatures? Is it too quick and dirty to be applied? Note that by
default this changes nothing except a dialog window notifying the user
that he signature check has failed and that he can run "smart config
--set keyserver=pgp.mit.edu" if he wants. So it's not very intrusive.

I'm currently running this on top of 0.42 and it works fine here, much
easier to deal with than doing things by hand (which is generally
unbearable) and certainly more secure than no checking at all ;).



More information about the Smart mailing list