1
# Copyright (C) 2005, 2011 Canonical Ltd
2
# Authors: Robert Collins <robert.collins@canonical.com>
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18
"""GPG signing and checking logic."""
22
from StringIO import StringIO
24
from bzrlib.lazy_import import lazy_import
25
lazy_import(globals(), """
37
"""this class is ready to use bzrlib.i18n but bzrlib.i18n is not ready to
38
use so here is a stub until it is"""
44
def ngettext(single, plural, number):
52
SIGNATURE_KEY_MISSING = 1
53
SIGNATURE_NOT_VALID = 2
54
SIGNATURE_NOT_SIGNED = 3
57
class DisabledGPGStrategy(object):
58
"""A GPG Strategy that makes everything fail."""
61
def verify_signatures_available():
64
def __init__(self, ignored):
65
"""Real strategies take a configuration."""
67
def sign(self, content):
68
raise errors.SigningFailed('Signing is disabled.')
70
def verify(self, content, testament):
71
raise errors.SignatureVerificationFailed('Signature verification is \
74
def set_acceptable_keys(self, command_line_input):
78
class LoopbackGPGStrategy(object):
79
"""A GPG Strategy that acts like 'cat' - data is just passed through.
84
def verify_signatures_available():
87
def __init__(self, ignored):
88
"""Real strategies take a configuration."""
90
def sign(self, content):
91
return ("-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content +
92
"-----END PSEUDO-SIGNED CONTENT-----\n")
94
def verify(self, content, testament):
95
return SIGNATURE_VALID, None
97
def set_acceptable_keys(self, command_line_input):
98
if command_line_input is not None:
99
patterns = command_line_input.split(",")
100
self.acceptable_keys = []
101
for pattern in patterns:
102
if pattern == "unknown":
105
self.acceptable_keys.append(pattern)
107
def do_verifications(self, revisions, repository):
108
count = {SIGNATURE_VALID: 0,
109
SIGNATURE_KEY_MISSING: 0,
110
SIGNATURE_NOT_VALID: 0,
111
SIGNATURE_NOT_SIGNED: 0}
113
all_verifiable = True
114
for rev_id in revisions:
115
verification_result, uid =\
116
repository.verify_revision(rev_id,self)
117
result.append([rev_id, verification_result, uid])
118
count[verification_result] += 1
119
if verification_result != SIGNATURE_VALID:
120
all_verifiable = False
121
return (count, result, all_verifiable)
123
def valid_commits_message(self, count):
124
return i18n.gettext(u"{0} commits with valid signatures").format(
125
count[SIGNATURE_VALID])
127
def unknown_key_message(self, count):
128
return i18n.ngettext(u"{0} commit with unknown key",
129
u"{0} commits with unknown keys",
130
count[SIGNATURE_KEY_MISSING]).format(
131
count[SIGNATURE_KEY_MISSING])
133
def commit_not_valid_message(self, count):
134
return i18n.ngettext(u"{0} commit not valid",
135
u"{0} commits not valid",
136
count[SIGNATURE_NOT_VALID]).format(
137
count[SIGNATURE_NOT_VALID])
139
def commit_not_signed_message(self, count):
140
return i18n.ngettext(u"{0} commit not signed",
141
u"{0} commits not signed",
142
count[SIGNATURE_NOT_SIGNED]).format(
143
count[SIGNATURE_NOT_SIGNED])
147
tty = os.environ.get('TTY')
149
os.environ['GPG_TTY'] = tty
150
trace.mutter('setting GPG_TTY=%s', tty)
152
# This is not quite worthy of a warning, because some people
153
# don't need GPG_TTY to be set. But it is worthy of a big mark
154
# in ~/.bzr.log, so that people can debug it if it happens to them
155
trace.mutter('** Env var TTY empty, cannot set GPG_TTY.'
159
class GPGStrategy(object):
160
"""GPG Signing and checking facilities."""
162
acceptable_keys = None
165
def verify_signatures_available():
167
check if this strategy can verify signatures
169
:return: boolean if this strategy can verify signatures
174
except ImportError, error:
177
def _command_line(self):
179
return [self._config.gpg_signing_command(), '--clearsign', '-u',
180
self._config.gpg_signing_key()]
182
def __init__(self, config):
183
self._config = config
186
self.context = gpgme.Context()
187
except ImportError, error:
188
pass # can't use verify()
190
def sign(self, content):
191
if isinstance(content, unicode):
192
raise errors.BzrBadParameterUnicode('content')
193
ui.ui_factory.clear_term()
195
preexec_fn = _set_gpg_tty
196
if sys.platform == 'win32':
197
# Win32 doesn't support preexec_fn, but wouldn't support TTY anyway.
200
process = subprocess.Popen(self._command_line(),
201
stdin=subprocess.PIPE,
202
stdout=subprocess.PIPE,
203
preexec_fn=preexec_fn)
205
result = process.communicate(content)[0]
206
if process.returncode is None:
208
if process.returncode != 0:
209
raise errors.SigningFailed(self._command_line())
212
if e.errno == errno.EPIPE:
213
raise errors.SigningFailed(self._command_line())
217
# bad subprocess parameters, should never happen.
220
if e.errno == errno.ENOENT:
221
# gpg is not installed
222
raise errors.SigningFailed(self._command_line())
226
def verify(self, content, testament):
227
"""Check content has a valid signature.
229
:param content: the commit signature
230
:param testament: the valid testament string for the commit
232
:return: SIGNATURE_VALID or a failed SIGNATURE_ value, key uid if valid
236
except ImportError, error:
237
raise errors.GpgmeNotInstalled(error)
239
signature = StringIO(content)
240
plain_output = StringIO()
243
result = self.context.verify(signature, None, plain_output)
244
except gpgme.GpgmeError,error:
245
raise errors.SignatureVerificationFailed(error[2])
248
return SIGNATURE_NOT_VALID, None
249
fingerprint = result[0].fpr
250
if self.acceptable_keys is not None:
251
if not fingerprint in self.acceptable_keys:
252
return SIGNATURE_KEY_MISSING, fingerprint[-8:]
253
if testament != plain_output.getvalue():
254
return SIGNATURE_NOT_VALID, None
255
if result[0].summary & gpgme.SIGSUM_VALID:
256
key = self.context.get_key(fingerprint)
257
name = key.uids[0].name
258
email = key.uids[0].email
259
return SIGNATURE_VALID, name + " <" + email + ">"
260
if result[0].summary & gpgme.SIGSUM_RED:
261
return SIGNATURE_NOT_VALID, None
262
if result[0].summary & gpgme.SIGSUM_KEY_MISSING:
263
return SIGNATURE_KEY_MISSING, fingerprint[-8:]
264
#summary isn't set if sig is valid but key is untrusted
265
if result[0].summary == 0 and self.acceptable_keys is not None:
266
if fingerprint in self.acceptable_keys:
267
return SIGNATURE_VALID, None
269
return SIGNATURE_KEY_MISSING, None
270
raise errors.SignatureVerificationFailed("Unknown GnuPG key "\
271
"verification result")
273
def set_acceptable_keys(self, command_line_input):
274
"""sets the acceptable keys for verifying with this GPGStrategy
276
:param command_line_input: comma separated list of patterns from
281
acceptable_keys_config = self._config.acceptable_keys()
283
if isinstance(acceptable_keys_config, unicode):
284
acceptable_keys_config = str(acceptable_keys_config)
285
except UnicodeEncodeError:
286
#gpg Context.keylist(pattern) does not like unicode
287
raise errors.BzrCommandError('Only ASCII permitted in option names')
289
if acceptable_keys_config is not None:
290
key_patterns = acceptable_keys_config
291
if command_line_input is not None: #command line overrides config
292
key_patterns = command_line_input
293
if key_patterns is not None:
294
patterns = key_patterns.split(",")
296
self.acceptable_keys = []
297
for pattern in patterns:
298
result = self.context.keylist(pattern)
302
self.acceptable_keys.append(key.subkeys[0].fpr)
303
trace.mutter("Added acceptable key: " + key.subkeys[0].fpr)
305
trace.note(i18n.gettext(
306
"No GnuPG key results for pattern: {}"
309
def do_verifications(self, revisions, repository,
310
process_events_callback=None):
311
"""do verifications on a set of revisions
313
:param revisions: list of revision ids to verify
314
:param repository: repository object
315
:param process_events_callback: method to call for GUI frontends that
316
want to keep their UI refreshed
318
:return: count dictionary of results of each type,
319
result list for each revision,
320
boolean True if all results are verified successfully
322
count = {SIGNATURE_VALID: 0,
323
SIGNATURE_KEY_MISSING: 0,
324
SIGNATURE_NOT_VALID: 0,
325
SIGNATURE_NOT_SIGNED: 0}
327
all_verifiable = True
328
for rev_id in revisions:
329
verification_result, uid =\
330
repository.verify_revision(rev_id,self)
331
result.append([rev_id, verification_result, uid])
332
count[verification_result] += 1
333
if verification_result != SIGNATURE_VALID:
334
all_verifiable = False
335
if process_events_callback is not None:
336
process_events_callback()
337
return (count, result, all_verifiable)
339
def verbose_valid_message(self, result):
340
"""takes a verify result and returns list of signed commits strings"""
342
for rev_id, validity, uid in result:
343
if validity == SIGNATURE_VALID:
344
signers.setdefault(uid, 0)
347
for uid, number in signers.items():
348
result.append( i18n.ngettext(u"{0} signed {1} commit",
349
u"{0} signed {1} commits",
350
number).format(uid, number) )
354
def verbose_not_valid_message(self, result, repo):
355
"""takes a verify result and returns list of not valid commit info"""
357
for rev_id, validity, empty in result:
358
if validity == SIGNATURE_NOT_VALID:
359
revision = repo.get_revision(rev_id)
360
authors = ', '.join(revision.get_apparent_authors())
361
signers.setdefault(authors, 0)
362
signers[authors] += 1
364
for authors, number in signers.items():
365
result.append( i18n.ngettext(u"{0} commit by author {1}",
366
u"{0} commits by author {1}",
367
number).format(number, authors) )
370
def verbose_not_signed_message(self, result, repo):
371
"""takes a verify result and returns list of not signed commit info"""
373
for rev_id, validity, empty in result:
374
if validity == SIGNATURE_NOT_SIGNED:
375
revision = repo.get_revision(rev_id)
376
authors = ', '.join(revision.get_apparent_authors())
377
signers.setdefault(authors, 0)
378
signers[authors] += 1
380
for authors, number in signers.items():
381
result.append( i18n.ngettext(u"{0} commit by author {1}",
382
u"{0} commits by author {1}",
383
number).format(number, authors) )
386
def verbose_missing_key_message(self, result):
387
"""takes a verify result and returns list of missing key info"""
389
for rev_id, validity, fingerprint in result:
390
if validity == SIGNATURE_KEY_MISSING:
391
signers.setdefault(fingerprint, 0)
392
signers[fingerprint] += 1
394
for fingerprint, number in signers.items():
395
result.append( i18n.ngettext(u"Unknown key {0} signed {1} commit",
396
u"Unknown key {0} signed {1} commits",
397
number).format(fingerprint, number) )
400
def valid_commits_message(self, count):
401
"""returns message for number of commits"""
402
return i18n.gettext(u"{0} commits with valid signatures").format(
403
count[SIGNATURE_VALID])
405
def unknown_key_message(self, count):
406
"""returns message for number of commits"""
407
return i18n.ngettext(u"{0} commit with unknown key",
408
u"{0} commits with unknown keys",
409
count[SIGNATURE_KEY_MISSING]).format(
410
count[SIGNATURE_KEY_MISSING])
412
def commit_not_valid_message(self, count):
413
"""returns message for number of commits"""
414
return i18n.ngettext(u"{0} commit not valid",
415
u"{0} commits not valid",
416
count[SIGNATURE_NOT_VALID]).format(
417
count[SIGNATURE_NOT_VALID])
419
def commit_not_signed_message(self, count):
420
"""returns message for number of commits"""
421
return i18n.ngettext(u"{0} commit not signed",
422
u"{0} commits not signed",
423
count[SIGNATURE_NOT_SIGNED]).format(
424
count[SIGNATURE_NOT_SIGNED])
added
removed
bzrlib/gpg.py
