← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/commit_signature_commands.py

  • Committer: Canonical.com Patch Queue Manager
  • Date: 2011-06-30 16:06:19 UTC
  • mfrom: (5971.1.80 bzr-gpgme)
  • Revision ID: pqm@pqm.ubuntu.com-20110630160619-3022zmfchft893nt
(jr) A new command ``bzr verify-signatures`` has been added to check that
 commits
 are correctly signed with trusted keys by GPG. This requires python-gpgme to
 be installed. ``bzr log`` has gained a ``--signatures`` option to list the
 validity of signatures for each commit. New config options
 ``acceptable_keys``
 and ``validate_signatures_in_log`` can be set to control options to these
 commands. (Jonathan Riddell)

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/commit_signature_commands.py
28
28
""")
29
29
from bzrlib.commands import Command
30
30
from bzrlib.option import Option
31
 
 
 
31
from bzrlib.i18n import gettext, ngettext
32
32
 
33
33
class cmd_sign_my_commits(Command):
34
34
    __doc__ = """Sign all commits by a given committer.
97
97
        print 'Signed %d revisions' % (count,)
98
98
 
99
99
 
 
100
class cmd_verify_signatures(Command):
 
101
    __doc__ = """Verify all commit signatures.
 
102
 
 
103
    Verifies that all commits in the branch are signed by known GnuPG keys.
 
104
    """
 
105
 
 
106
    takes_options = [
 
107
            Option('acceptable-keys',
 
108
                   help='Comma separated list of GPG key patterns which are'
 
109
                        ' acceptable for verification.',
 
110
                   short_name='k',
 
111
                   type=str,),
 
112
            'revision', 
 
113
            'verbose',
 
114
          ]
 
115
    takes_args = ['location?']
 
116
 
 
117
    def run(self, acceptable_keys=None, revision=None, verbose=None,
 
118
                                                            location=u'.'):
 
119
        bzrdir = _mod_bzrdir.BzrDir.open_containing(location)[0]
 
120
        branch = bzrdir.open_branch()
 
121
        repo = branch.repository
 
122
        branch_config = branch.get_config()
 
123
        gpg_strategy = gpg.GPGStrategy(branch_config)
 
124
 
 
125
        gpg_strategy.set_acceptable_keys(acceptable_keys)
 
126
 
 
127
        def write(string):
 
128
            self.outf.write(string + "\n")
 
129
        def write_verbose(string):
 
130
            self.outf.write("  " + string + "\n")
 
131
 
 
132
        #get our list of revisions
 
133
        revisions = []
 
134
        if revision is not None:
 
135
            if len(revision) == 1:
 
136
                revno, rev_id = revision[0].in_history(branch)
 
137
                revisions.append(rev_id)
 
138
            elif len(revision) == 2:
 
139
                from_revno, from_revid = revision[0].in_history(branch)
 
140
                to_revno, to_revid = revision[1].in_history(branch)
 
141
                if to_revid is None:
 
142
                    to_revno = branch.revno()
 
143
                if from_revno is None or to_revno is None:
 
144
                    raise errors.BzrCommandError('Cannot verify a range of '\
 
145
                                               'non-revision-history revisions')
 
146
                for revno in range(from_revno, to_revno + 1):
 
147
                    revisions.append(branch.get_rev_id(revno))
 
148
        else:
 
149
            #all revisions by default including merges
 
150
            graph = repo.get_graph()
 
151
            revisions = []
 
152
            repo.lock_read()
 
153
            for rev_id, parents in graph.iter_ancestry(
 
154
                    [branch.last_revision()]):
 
155
                if _mod_revision.is_null(rev_id):
 
156
                    continue
 
157
                if parents is None:
 
158
                    # Ignore ghosts
 
159
                    continue
 
160
                revisions.append(rev_id)
 
161
            repo.unlock()
 
162
        count, result, all_verifiable =\
 
163
                                gpg_strategy.do_verifications(revisions, repo)
 
164
        if all_verifiable:
 
165
               write(gettext(
 
166
                            "All commits signed with verifiable keys"))
 
167
               if verbose:
 
168
                   write(gpg_strategy.verbose_valid_message(result))
 
169
               return 0
 
170
        else:
 
171
            write(gpg_strategy.valid_commits_message(count))
 
172
            if verbose:
 
173
               for message in gpg_strategy.verbose_valid_message(result):
 
174
                   write_verbose(message)
 
175
            write(gpg_strategy.unknown_key_message(count))
 
176
            if verbose:
 
177
                for message in gpg_strategy.verbose_missing_key_message(result):
 
178
                    write_verbose(message)
 
179
            write(gpg_strategy.commit_not_valid_message(count))
 
180
            if verbose:
 
181
                for message in gpg_strategy.verbose_not_valid_message(result,
 
182
                                                                        repo):
 
183
                   write_verbose(message)
 
184
            write(gpg_strategy.commit_not_signed_message(count))
 
185
            if verbose:
 
186
                for message in gpg_strategy.verbose_not_signed_message(result,
 
187
                                                                          repo):
 
188
                    write_verbose(message)
 
189
            return 1