diff options
| -rw-r--r-- | gemato/openpgp.py | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/gemato/openpgp.py b/gemato/openpgp.py index 2329482..d14c718 100644 --- a/gemato/openpgp.py +++ b/gemato/openpgp.py @@ -1,11 +1,12 @@ # gemato: OpenPGP verification support # vim:fileencoding=utf-8 -# (c) 2017-2018 Michał Górny +# (c) 2017-2019 Michał Górny # Licensed under the terms of 2-clause BSD license import datetime import email.utils import errno +import logging import os import os.path import shutil @@ -259,30 +260,42 @@ disable-scdaemon if l.startswith(b'fpr:'): fpr = l.split(b':')[9].decode('ASCII') assert fpr.endswith(prev_pub) + logging.debug('refresh_keys_wkd(): fingerprint: {}' + .format(fpr)) keys.add(fpr) prev_pub = None else: # old GnuPG doesn't give fingerprints by default # (but it doesn't support WKD either) + logging.debug('refresh_keys_wkd(): failing due to old gpg') return False elif l.startswith(b'pub:'): if keys: # every key must have at least one UID if not addrs_key: + logging.debug('refresh_keys_wkd(): failing due to no UIDs') return False addrs.update(addrs_key) addrs_key = set() # wait for the fingerprint prev_pub = l.split(b':')[4].decode('ASCII') + logging.debug('refresh_keys_wkd(): keyid: {}' + .format(prev_pub)) elif l.startswith(b'uid:'): uid = l.split(b':')[9] name, addr = email.utils.parseaddr(uid.decode('utf8')) if '@' in addr: + logging.debug('refresh_keys_wkd(): UID: {}' + .format(addr)) addrs_key.add(addr) + else: + logging.debug('refresh_keys_wkd(): ignoring UID without mail: {}' + .format(uid)) # grab the final set (also aborts when there are no keys) if not addrs_key: + logging.debug('refresh_keys_wkd(): failing due to no UIDs') return False addrs.update(addrs_key) @@ -293,11 +306,15 @@ disable-scdaemon + list(addrs), '') # if at least one fetch failed, gpg returns unsuccessfully if exitst != 0: + logging.debug('refresh_keys_wkd(): gpg --locate-keys failed: {}' + .format(err)) return False # otherwise, xfer the keys exitst, out, err = subenv._spawn_gpg(['--export'] + list(keys), '') if exitst != 0: + logging.debug('refresh_keys_wkd(): gpg --export failed: {}' + .format(err)) return False exitst, out, err = self._spawn_gpg(['--import', @@ -310,8 +327,12 @@ disable-scdaemon for l in out.splitlines(): if l.startswith(b'[GNUPG:] IMPORT_OK'): fpr = l.split(b' ')[3].decode('ASCII') + logging.debug('refresh_keys_wkd(): import successful for key: {}' + .format(fpr)) keys.remove(fpr) if keys: + logging.debug('refresh_keys_wkd(): failing due to non-updated keys: {}' + .format(keys)) return False return True @@ -326,6 +347,9 @@ disable-scdaemon raise gemato.exceptions.OpenPGPKeyRefreshError(err.decode('utf8')) def refresh_keys(self, allow_wkd=True, keyserver=None): + logging.debug('refresh_keys(allow_wkd={}, keyserver={}) called' + .format(allow_wkd, keyserver)) + if allow_wkd and self.refresh_keys_wkd(): return |