diff options
| author | Michał Górny <mgorny@gentoo.org> | 2023-01-22 19:47:30 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2023-01-22 19:47:30 +0100 |
| commit | 2d998654c691be83c3796192d97a308c506e5848 (patch) | |
| tree | 7600c7fda1a25495f2dcbed8ee3eee25a670ba4f | |
| parent | d15a7ac47588ad604a79a8b811f324443fd8a7da (diff) | |
| download | gemato-2d998654c691be83c3796192d97a308c506e5848.tar.gz | |
openpgp: Move gpg output processing into a dedicated function
Signed-off-by: Michał Górny <mgorny@gentoo.org>
| -rw-r--r-- | gemato/openpgp.py | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/gemato/openpgp.py b/gemato/openpgp.py index 16a369e..1150f59 100644 --- a/gemato/openpgp.py +++ b/gemato/openpgp.py @@ -165,27 +165,13 @@ class SystemGPGEnvironment: else: return datetime.datetime.utcfromtimestamp(int(ts)) - def verify_file(self, - f: typing.IO[str], - require_all_good: bool = True, - ) -> OpenPGPSignatureList: - """ - Perform an OpenPGP verification of Manifest data in open file @f. - The file should be open in text mode and set at the beginning - (or start of signed part). Raises an exception if the verification - fails. - - If require_all_good is True and the file contains multiple OpenPGP - signatures, all signatures have to be good and trusted in order - for the verificatin to succeed. Otherwise, a single good signature - is considered sufficient. - """ + def _process_gpg_verify_output(self, + out: bytes, + err: bytes, + require_all_good: bool, + ) -> OpenPGPSignatureList: + """Process the output of gpg --verify and return a siglist""" - exitst, out, err = self._spawn_gpg( - [GNUPG, '--batch', '--status-fd', '1', '--verify'], - f.read().encode('utf8')) - - # process the output of gpg to find the exact result sig_list = OpenPGPSignatureList() for line in out.splitlines(): if line.startswith(b'[GNUPG:] NEWSIG'): @@ -276,6 +262,27 @@ class SystemGPGEnvironment: return sig_list + def verify_file(self, + f: typing.IO[str], + require_all_good: bool = True, + ) -> OpenPGPSignatureList: + """ + Perform an OpenPGP verification of Manifest data in open file @f. + The file should be open in text mode and set at the beginning + (or start of signed part). Raises an exception if the verification + fails. + + If require_all_good is True and the file contains multiple OpenPGP + signatures, all signatures have to be good and trusted in order + for the verificatin to succeed. Otherwise, a single good signature + is considered sufficient. + """ + + exitst, out, err = self._spawn_gpg( + [GNUPG, '--batch', '--status-fd', '1', '--verify'], + f.read().encode('utf8')) + return self._process_gpg_verify_output(out, err, require_all_good) + def clear_sign_file(self, f, outf, keyid=None): """ Create an OpenPGP cleartext signed message containing the data |