diff options
author | Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org> | 2020-07-21 11:25:37 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2020-07-21 15:15:43 +0200 |
commit | 20350ab1c1f7536ffed08ba2d96020e54a3e4ef9 (patch) | |
tree | 279c3813e7947b1bdf165a6d6eb0c823b5eae8fc | |
parent | 3a76746cbfff438a22ce541145d7f9df1db21572 (diff) | |
download | gemato-20350ab1c1f7536ffed08ba2d96020e54a3e4ef9.tar.gz |
Allow to override default 'gpg' client
The usecase here is to allow using qubes-gpg-client for signing manifest
Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
-rw-r--r-- | gemato/openpgp.py | 34 | ||||
-rwxr-xr-x | utils/gen_fast_metamanifest.py | 3 |
2 files changed, 21 insertions, 16 deletions
diff --git a/gemato/openpgp.py b/gemato/openpgp.py index 285a783..56c543d 100644 --- a/gemato/openpgp.py +++ b/gemato/openpgp.py @@ -16,6 +16,10 @@ import tempfile import gemato.exceptions +GNUPG = os.environ.get('GNUPG', 'gpg') +GNUPGCONF = os.environ.get('GNUPGCONF', 'gpgconf') + + class OpenPGPSignatureData(object): __slots__ = ['fingerprint', 'timestamp', 'expire_timestamp', 'primary_key_fingerprint'] @@ -97,7 +101,7 @@ class OpenPGPSystemEnvironment(object): """ exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--status-fd', '1', '--verify'], + [GNUPG, '--batch', '--status-fd', '1', '--verify'], f.read().encode('utf8')) if exitst != 0: raise gemato.exceptions.OpenPGPVerificationFailure(err.decode('utf8')) @@ -143,7 +147,7 @@ class OpenPGPSystemEnvironment(object): if keyid is not None: args += ['--local-user', keyid] exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--clearsign'] + args, + [GNUPG, '--batch', '--clearsign'] + args, f.read().encode('utf8')) if exitst != 0: raise gemato.exceptions.OpenPGPSigningFailure(err.decode('utf8')) @@ -235,10 +239,10 @@ debug-level guru def close(self): if self._home is not None: ret, sout, serr = self._spawn_gpg( - ['gpgconf', '--kill', 'all']) + [GNUPGCONF, '--kill', 'all']) if ret != 0: - logging.warning('gpgconf --kill failed: {}' - .format(serr)) + logging.warning('{} --kill failed: {}' + .format(GNUPGCONF, serr)) if not self.debug: # we need to loop due to ENOTEMPTY potential while os.path.isdir(self._home): @@ -251,7 +255,7 @@ debug-level guru def import_key(self, keyfile): exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--import'], keyfile.read()) + [GNUPG, '--batch', '--import'], keyfile.read()) if exitst != 0: raise gemato.exceptions.OpenPGPKeyImportError(err.decode('utf8')) @@ -262,7 +266,7 @@ debug-level guru """ # list all keys in the keyring exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--with-colons', '--list-keys']) + [GNUPG, '--batch', '--with-colons', '--list-keys']) if exitst != 0: raise gemato.exceptions.OpenPGPKeyRefreshError(err.decode('utf8')) @@ -320,23 +324,23 @@ debug-level guru with self.clone() as subenv: # use --locate-keys to fetch keys via WKD exitst, out, err = subenv._spawn_gpg( - ['gpg', '--batch', '--locate-keys'] + list(addrs)) + [GNUPG, '--batch', '--locate-keys'] + list(addrs)) # if at least one fetch failed, gpg returns unsuccessfully if exitst != 0: - logging.debug('refresh_keys_wkd(): gpg --locate-keys failed: {}' - .format(err.decode('utf8'))) + logging.debug('refresh_keys_wkd(): {} --locate-keys failed: {}' + .format(GNUPG, err.decode('utf8'))) return False # otherwise, xfer the keys exitst, out, err = subenv._spawn_gpg( - ['gpg', '--batch', '--export'] + list(keys)) + [GNUPG, '--batch', '--export'] + list(keys)) if exitst != 0: - logging.debug('refresh_keys_wkd(): gpg --export failed: {}' - .format(err.decode('utf8'))) + logging.debug('refresh_keys_wkd(): {} --export failed: {}' + .format(GNUPG, err.decode('utf8'))) return False exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--import', '--status-fd', '1'], out) + [GNUPG, '--batch', '--import', '--status-fd', '1'], out) if exitst != 0: # there's no valid reason for import to fail here raise gemato.exceptions.OpenPGPKeyRefreshError(err.decode('utf8')) @@ -361,7 +365,7 @@ debug-level guru ks_args = ['--keyserver', keyserver] exitst, out, err = self._spawn_gpg( - ['gpg', '--batch', '--refresh-keys'] + ks_args) + [GNUPG, '--batch', '--refresh-keys'] + ks_args) if exitst != 0: raise gemato.exceptions.OpenPGPKeyRefreshError(err.decode('utf8')) diff --git a/utils/gen_fast_metamanifest.py b/utils/gen_fast_metamanifest.py index 6ae9c07..0c4e43e 100755 --- a/utils/gen_fast_metamanifest.py +++ b/utils/gen_fast_metamanifest.py @@ -72,7 +72,8 @@ def make_toplevel(d, ts, pgp_key): if pgp_key is not None: cmd = [] - p = subprocess.Popen(['gpg', '--batch', '-u', pgp_key, + gpg = os.environ.get('GNUPG', 'gpg') + p = subprocess.Popen([gpg, '--batch', '-u', pgp_key, '--armor', '--clearsign'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, |