1
# Copyright (C) 2005, 2011 Canonical Ltd
2
# Authors: Robert Collins <robert.collins@canonical.com>
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18
"""GPG signing and checking logic."""
22
from StringIO import StringIO
24
from bzrlib.lazy_import import lazy_import
25
lazy_import(globals(), """
37
"""this class is ready to use bzrlib.i18n but bzrlib.i18n is not ready to
38
use so here is a stub until it is"""
44
def ngettext(single, plural, number):
52
SIGNATURE_KEY_MISSING = 1
53
SIGNATURE_NOT_VALID = 2
54
SIGNATURE_NOT_SIGNED = 3
57
class DisabledGPGStrategy(object):
58
"""A GPG Strategy that makes everything fail."""
61
def verify_signatures_available():
64
def __init__(self, ignored):
65
"""Real strategies take a configuration."""
67
def sign(self, content):
68
raise errors.SigningFailed('Signing is disabled.')
70
def verify(self, content, testament):
71
raise errors.SignatureVerificationFailed('Signature verification is \
74
def set_acceptable_keys(self, command_line_input):
78
class LoopbackGPGStrategy(object):
79
"""A GPG Strategy that acts like 'cat' - data is just passed through.
84
def verify_signatures_available():
87
def __init__(self, ignored):
88
"""Real strategies take a configuration."""
90
def sign(self, content):
91
return ("-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content +
92
"-----END PSEUDO-SIGNED CONTENT-----\n")
94
def verify(self, content, testament):
95
return SIGNATURE_VALID, None
97
def set_acceptable_keys(self, command_line_input):
98
if command_line_input is not None:
99
patterns = command_line_input.split(",")
100
self.acceptable_keys = []
101
for pattern in patterns:
102
if pattern == "unknown":
105
self.acceptable_keys.append(pattern)
107
def do_verifications(self, revisions, repository):
108
count = {SIGNATURE_VALID: 0,
109
SIGNATURE_KEY_MISSING: 0,
110
SIGNATURE_NOT_VALID: 0,
111
SIGNATURE_NOT_SIGNED: 0}
113
all_verifiable = True
114
for rev_id in revisions:
115
verification_result, uid =\
116
repository.verify_revision(rev_id,self)
117
result.append([rev_id, verification_result, uid])
118
count[verification_result] += 1
119
if verification_result != SIGNATURE_VALID:
120
all_verifiable = False
121
return (count, result, all_verifiable)
123
def valid_commits_message(self, count):
124
return i18n.gettext(u"{0} commits with valid signatures").format(
125
count[SIGNATURE_VALID])
127
def unknown_key_message(self, count):
128
return i18n.ngettext(u"{0} commit with unknown key",
129
u"{0} commits with unknown keys",
130
count[SIGNATURE_KEY_MISSING]).format(
131
count[SIGNATURE_KEY_MISSING])
133
def commit_not_valid_message(self, count):
134
return i18n.ngettext(u"{0} commit not valid",
135
u"{0} commits not valid",
136
count[SIGNATURE_NOT_VALID]).format(
137
count[SIGNATURE_NOT_VALID])
139
def commit_not_signed_message(self, count):
140
return i18n.ngettext(u"{0} commit not signed",
141
u"{0} commits not signed",
142
count[SIGNATURE_NOT_SIGNED]).format(
143
count[SIGNATURE_NOT_SIGNED])
147
tty = os.environ.get('TTY')
149
os.environ['GPG_TTY'] = tty
150
trace.mutter('setting GPG_TTY=%s', tty)
152
# This is not quite worthy of a warning, because some people
153
# don't need GPG_TTY to be set. But it is worthy of a big mark
154
# in ~/.bzr.log, so that people can debug it if it happens to them
155
trace.mutter('** Env var TTY empty, cannot set GPG_TTY.'
159
class GPGStrategy(object):
160
"""GPG Signing and checking facilities."""
162
acceptable_keys = None
165
def verify_signatures_available():
167
check if this strategy can verify signatures
169
:return: boolean if this strategy can verify signatures
174
except ImportError, error:
177
def _command_line(self):
178
return [self._config.gpg_signing_command(), '--clearsign']
180
def __init__(self, config):
181
self._config = config
184
self.context = gpgme.Context()
185
except ImportError, error:
186
pass # can't use verify()
188
def sign(self, content):
189
if isinstance(content, unicode):
190
raise errors.BzrBadParameterUnicode('content')
191
ui.ui_factory.clear_term()
193
preexec_fn = _set_gpg_tty
194
if sys.platform == 'win32':
195
# Win32 doesn't support preexec_fn, but wouldn't support TTY anyway.
198
process = subprocess.Popen(self._command_line(),
199
stdin=subprocess.PIPE,
200
stdout=subprocess.PIPE,
201
preexec_fn=preexec_fn)
203
result = process.communicate(content)[0]
204
if process.returncode is None:
206
if process.returncode != 0:
207
raise errors.SigningFailed(self._command_line())
210
if e.errno == errno.EPIPE:
211
raise errors.SigningFailed(self._command_line())
215
# bad subprocess parameters, should never happen.
218
if e.errno == errno.ENOENT:
219
# gpg is not installed
220
raise errors.SigningFailed(self._command_line())
224
def verify(self, content, testament):
225
"""Check content has a valid signature.
227
:param content: the commit signature
228
:param testament: the valid testament string for the commit
230
:return: SIGNATURE_VALID or a failed SIGNATURE_ value, key uid if valid
234
except ImportError, error:
235
raise errors.GpgmeNotInstalled(error)
237
signature = StringIO(content)
238
plain_output = StringIO()
241
result = self.context.verify(signature, None, plain_output)
242
except gpgme.GpgmeError,error:
243
raise errors.SignatureVerificationFailed(error[2])
246
return SIGNATURE_NOT_VALID, None
247
fingerprint = result[0].fpr
248
if self.acceptable_keys is not None:
249
if not fingerprint in self.acceptable_keys:
250
return SIGNATURE_KEY_MISSING, fingerprint[-8:]
251
if testament != plain_output.getvalue():
252
return SIGNATURE_NOT_VALID, None
253
if result[0].summary & gpgme.SIGSUM_VALID:
254
key = self.context.get_key(fingerprint)
255
name = key.uids[0].name
256
email = key.uids[0].email
257
return SIGNATURE_VALID, name + " <" + email + ">"
258
if result[0].summary & gpgme.SIGSUM_RED:
259
return SIGNATURE_NOT_VALID, None
260
if result[0].summary & gpgme.SIGSUM_KEY_MISSING:
261
return SIGNATURE_KEY_MISSING, fingerprint[-8:]
262
#summary isn't set if sig is valid but key is untrusted
263
if result[0].summary == 0 and self.acceptable_keys is not None:
264
if fingerprint in self.acceptable_keys:
265
return SIGNATURE_VALID, None
267
return SIGNATURE_KEY_MISSING, None
268
raise errors.SignatureVerificationFailed("Unknown GnuPG key "\
269
"verification result")
271
def set_acceptable_keys(self, command_line_input):
272
"""sets the acceptable keys for verifying with this GPGStrategy
274
:param command_line_input: comma separated list of patterns from
279
acceptable_keys_config = self._config.acceptable_keys()
281
if isinstance(acceptable_keys_config, unicode):
282
acceptable_keys_config = str(acceptable_keys_config)
283
except UnicodeEncodeError:
284
#gpg Context.keylist(pattern) does not like unicode
285
raise errors.BzrCommandError('Only ASCII permitted in option names')
287
if acceptable_keys_config is not None:
288
key_patterns = acceptable_keys_config
289
if command_line_input is not None: #command line overrides config
290
key_patterns = command_line_input
291
if key_patterns is not None:
292
patterns = key_patterns.split(",")
294
self.acceptable_keys = []
295
for pattern in patterns:
296
result = self.context.keylist(pattern)
300
self.acceptable_keys.append(key.subkeys[0].fpr)
301
trace.mutter("Added acceptable key: " + key.subkeys[0].fpr)
303
trace.note(i18n.gettext(
304
"No GnuPG key results for pattern: {}"
307
def do_verifications(self, revisions, repository,
308
process_events_callback=None):
309
"""do verifications on a set of revisions
311
:param revisions: list of revision ids to verify
312
:param repository: repository object
313
:param process_events_callback: method to call for GUI frontends that
314
want to keep their UI refreshed
316
:return: count dictionary of results of each type,
317
result list for each revision,
318
boolean True if all results are verified successfully
320
count = {SIGNATURE_VALID: 0,
321
SIGNATURE_KEY_MISSING: 0,
322
SIGNATURE_NOT_VALID: 0,
323
SIGNATURE_NOT_SIGNED: 0}
325
all_verifiable = True
326
for rev_id in revisions:
327
verification_result, uid =\
328
repository.verify_revision(rev_id,self)
329
result.append([rev_id, verification_result, uid])
330
count[verification_result] += 1
331
if verification_result != SIGNATURE_VALID:
332
all_verifiable = False
333
if process_events_callback is not None:
334
process_events_callback()
335
return (count, result, all_verifiable)
337
def verbose_valid_message(self, result):
338
"""takes a verify result and returns list of signed commits strings"""
340
for rev_id, validity, uid in result:
341
if validity == SIGNATURE_VALID:
342
signers.setdefault(uid, 0)
345
for uid, number in signers.items():
346
result.append( i18n.ngettext(u"{0} signed {1} commit",
347
u"{0} signed {1} commits",
348
number).format(uid, number) )
352
def verbose_not_valid_message(self, result, repo):
353
"""takes a verify result and returns list of not valid commit info"""
355
for rev_id, validity, empty in result:
356
if validity == SIGNATURE_NOT_VALID:
357
revision = repo.get_revision(rev_id)
358
authors = ', '.join(revision.get_apparent_authors())
359
signers.setdefault(authors, 0)
360
signers[authors] += 1
362
for authors, number in signers.items():
363
result.append( i18n.ngettext(u"{0} commit by author {1}",
364
u"{0} commits by author {1}",
365
number).format(number, authors) )
368
def verbose_not_signed_message(self, result, repo):
369
"""takes a verify result and returns list of not signed commit info"""
371
for rev_id, validity, empty in result:
372
if validity == SIGNATURE_NOT_SIGNED:
373
revision = repo.get_revision(rev_id)
374
authors = ', '.join(revision.get_apparent_authors())
375
signers.setdefault(authors, 0)
376
signers[authors] += 1
378
for authors, number in signers.items():
379
result.append( i18n.ngettext(u"{0} commit by author {1}",
380
u"{0} commits by author {1}",
381
number).format(number, authors) )
384
def verbose_missing_key_message(self, result):
385
"""takes a verify result and returns list of missing key info"""
387
for rev_id, validity, fingerprint in result:
388
if validity == SIGNATURE_KEY_MISSING:
389
signers.setdefault(fingerprint, 0)
390
signers[fingerprint] += 1
392
for fingerprint, number in signers.items():
393
result.append( i18n.ngettext(u"Unknown key {0} signed {1} commit",
394
u"Unknown key {0} signed {1} commits",
395
number).format(fingerprint, number) )
398
def valid_commits_message(self, count):
399
"""returns message for number of commits"""
400
return i18n.gettext(u"{0} commits with valid signatures").format(
401
count[SIGNATURE_VALID])
403
def unknown_key_message(self, count):
404
"""returns message for number of commits"""
405
return i18n.ngettext(u"{0} commit with unknown key",
406
u"{0} commits with unknown keys",
407
count[SIGNATURE_KEY_MISSING]).format(
408
count[SIGNATURE_KEY_MISSING])
410
def commit_not_valid_message(self, count):
411
"""returns message for number of commits"""
412
return i18n.ngettext(u"{0} commit not valid",
413
u"{0} commits not valid",
414
count[SIGNATURE_NOT_VALID]).format(
415
count[SIGNATURE_NOT_VALID])
417
def commit_not_signed_message(self, count):
418
"""returns message for number of commits"""
419
return i18n.ngettext(u"{0} commit not signed",
420
u"{0} commits not signed",
421
count[SIGNATURE_NOT_SIGNED]).format(
422
count[SIGNATURE_NOT_SIGNED])
added
removed
bzrlib/gpg.py
