← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/gpg.py

  • Committer: Patch Queue Manager
  • Date: 2011-10-09 13:52:06 UTC
  • mfrom: (6202.1.3 revno-revision)
  • Revision ID: pqm@pqm.ubuntu.com-20111009135206-t3utsln6mtzv9eut
(jelmer) Add a --revision argument to 'bzr revno'. (Jelmer Vernooij)

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/gpg.py
31
31
    trace,
32
32
    ui,
33
33
    )
 
34
from bzrlib.i18n import (
 
35
    gettext, 
 
36
    ngettext,
 
37
    )
34
38
""")
35
39
 
36
 
class i18n:
37
 
    """this class is ready to use bzrlib.i18n but bzrlib.i18n is not ready to
38
 
    use so here is a stub until it is"""
39
 
    @staticmethod
40
 
    def gettext(string):
41
 
        return string
42
 
        
43
 
    @staticmethod
44
 
    def ngettext(single, plural, number):
45
 
        if number == 1:
46
 
            return single
47
 
        else:
48
 
            return plural
49
 
 
50
40
#verification results
51
41
SIGNATURE_VALID = 0
52
42
SIGNATURE_KEY_MISSING = 1
53
43
SIGNATURE_NOT_VALID = 2
54
44
SIGNATURE_NOT_SIGNED = 3
 
45
SIGNATURE_EXPIRED = 4
55
46
 
56
47
 
57
48
class DisabledGPGStrategy(object):
108
99
        count = {SIGNATURE_VALID: 0,
109
100
                 SIGNATURE_KEY_MISSING: 0,
110
101
                 SIGNATURE_NOT_VALID: 0,
111
 
                 SIGNATURE_NOT_SIGNED: 0}
 
102
                 SIGNATURE_NOT_SIGNED: 0,
 
103
                 SIGNATURE_EXPIRED: 0}
112
104
        result = []
113
105
        all_verifiable = True
114
106
        for rev_id in revisions:
121
113
        return (count, result, all_verifiable)
122
114
 
123
115
    def valid_commits_message(self, count):
124
 
        return i18n.gettext(u"{0} commits with valid signatures").format(
 
116
        return gettext(u"{0} commits with valid signatures").format(
125
117
                                        count[SIGNATURE_VALID])            
126
118
 
127
119
    def unknown_key_message(self, count):
128
 
        return i18n.ngettext(u"{0} commit with unknown key",
 
120
        return ngettext(u"{0} commit with unknown key",
129
121
                             u"{0} commits with unknown keys",
130
122
                             count[SIGNATURE_KEY_MISSING]).format(
131
123
                                        count[SIGNATURE_KEY_MISSING])
132
124
 
133
125
    def commit_not_valid_message(self, count):
134
 
        return i18n.ngettext(u"{0} commit not valid",
 
126
        return ngettext(u"{0} commit not valid",
135
127
                             u"{0} commits not valid",
136
128
                             count[SIGNATURE_NOT_VALID]).format(
137
129
                                            count[SIGNATURE_NOT_VALID])
138
130
 
139
131
    def commit_not_signed_message(self, count):
140
 
        return i18n.ngettext(u"{0} commit not signed",
 
132
        return ngettext(u"{0} commit not signed",
141
133
                             u"{0} commits not signed",
142
134
                             count[SIGNATURE_NOT_SIGNED]).format(
143
135
                                        count[SIGNATURE_NOT_SIGNED])
144
136
 
 
137
    def expired_commit_message(self, count):
 
138
        return ngettext(u"{0} commit with key now expired",
 
139
                        u"{0} commits with key now expired",
 
140
                        count[SIGNATURE_EXPIRED]).format(
 
141
                                        count[SIGNATURE_EXPIRED])
 
142
 
145
143
 
146
144
def _set_gpg_tty():
147
145
    tty = os.environ.get('TTY')
175
173
            return False
176
174
 
177
175
    def _command_line(self):
178
 
        return [self._config.gpg_signing_command(), '--clearsign']
 
176
        
 
177
        return [self._config.gpg_signing_command(), '--clearsign', '-u',
 
178
                                                self._config.gpg_signing_key()]
179
179
 
180
180
    def __init__(self, config):
181
181
        self._config = config
242
242
        except gpgme.GpgmeError,error:
243
243
            raise errors.SignatureVerificationFailed(error[2])
244
244
 
 
245
        # No result if input is invalid.
 
246
        # test_verify_invalid()
245
247
        if len(result) == 0:
246
248
            return SIGNATURE_NOT_VALID, None
 
249
        # User has specified a list of acceptable keys, check our result is in it.
 
250
        # test_verify_unacceptable_key()
247
251
        fingerprint = result[0].fpr
248
252
        if self.acceptable_keys is not None:
249
 
            if not fingerprint in self.acceptable_keys:
 
253
            if not fingerprint in self.acceptable_keys:                
250
254
                return SIGNATURE_KEY_MISSING, fingerprint[-8:]
 
255
        # Check the signature actually matches the testament.
 
256
        # test_verify_bad_testament()
251
257
        if testament != plain_output.getvalue():
252
 
            return SIGNATURE_NOT_VALID, None
 
258
            return SIGNATURE_NOT_VALID, None 
 
259
        # Yay gpgme set the valid bit.
 
260
        # Can't write a test for this one as you can't set a key to be
 
261
        # trusted using gpgme.
253
262
        if result[0].summary & gpgme.SIGSUM_VALID:
254
263
            key = self.context.get_key(fingerprint)
255
264
            name = key.uids[0].name
256
265
            email = key.uids[0].email
257
266
            return SIGNATURE_VALID, name + " <" + email + ">"
 
267
        # Sigsum_red indicates a problem, unfortunatly I have not been able
 
268
        # to write any tests which actually set this.
258
269
        if result[0].summary & gpgme.SIGSUM_RED:
259
270
            return SIGNATURE_NOT_VALID, None
 
271
        # GPG does not know this key.
 
272
        # test_verify_unknown_key()
260
273
        if result[0].summary & gpgme.SIGSUM_KEY_MISSING:
261
274
            return SIGNATURE_KEY_MISSING, fingerprint[-8:]
262
 
        #summary isn't set if sig is valid but key is untrusted
 
275
        # Summary isn't set if sig is valid but key is untrusted
 
276
        # but if user has explicity set the key as acceptable we can validate it.
263
277
        if result[0].summary == 0 and self.acceptable_keys is not None:
264
278
            if fingerprint in self.acceptable_keys:
265
 
                return SIGNATURE_VALID, None
266
 
        else:
267
 
            return SIGNATURE_KEY_MISSING, None
 
279
                # test_verify_untrusted_but_accepted()
 
280
                return SIGNATURE_VALID, None 
 
281
        # test_verify_valid_but_untrusted()
 
282
        if result[0].summary == 0 and self.acceptable_keys is None:
 
283
            return SIGNATURE_NOT_VALID, None
 
284
        if result[0].summary & gpgme.SIGSUM_KEY_EXPIRED:
 
285
            expires = self.context.get_key(result[0].fpr).subkeys[0].expires
 
286
            if expires > result[0].timestamp:
 
287
                # The expired key was not expired at time of signing.
 
288
                # test_verify_expired_but_valid()
 
289
                return SIGNATURE_EXPIRED, fingerprint[-8:]
 
290
            else:
 
291
                # I can't work out how to create a test where the signature
 
292
                # was expired at the time of signing.
 
293
                return SIGNATURE_NOT_VALID, None
 
294
        # A signature from a revoked key gets this.
 
295
        # test_verify_revoked_signature()
 
296
        if result[0].summary & gpgme.SIGSUM_SYS_ERROR:
 
297
            return SIGNATURE_NOT_VALID, None
 
298
        # Other error types such as revoked keys should (I think) be caught by
 
299
        # SIGSUM_RED so anything else means something is buggy.
268
300
        raise errors.SignatureVerificationFailed("Unknown GnuPG key "\
269
301
                                                 "verification result")
270
302
 
282
314
                acceptable_keys_config = str(acceptable_keys_config)
283
315
        except UnicodeEncodeError:
284
316
            #gpg Context.keylist(pattern) does not like unicode
285
 
            raise errors.BzrCommandError('Only ASCII permitted in option names')
 
317
            raise errors.BzrCommandError(gettext('Only ASCII permitted in option names'))
286
318
 
287
319
        if acceptable_keys_config is not None:
288
320
            key_patterns = acceptable_keys_config
300
332
                    self.acceptable_keys.append(key.subkeys[0].fpr)
301
333
                    trace.mutter("Added acceptable key: " + key.subkeys[0].fpr)
302
334
                if not found_key:
303
 
                    trace.note(i18n.gettext(
304
 
                            "No GnuPG key results for pattern: {}"
 
335
                    trace.note(gettext(
 
336
                            "No GnuPG key results for pattern: {0}"
305
337
                                ).format(pattern))
306
338
 
307
339
    def do_verifications(self, revisions, repository,
320
352
        count = {SIGNATURE_VALID: 0,
321
353
                 SIGNATURE_KEY_MISSING: 0,
322
354
                 SIGNATURE_NOT_VALID: 0,
323
 
                 SIGNATURE_NOT_SIGNED: 0}
 
355
                 SIGNATURE_NOT_SIGNED: 0,
 
356
                 SIGNATURE_EXPIRED: 0}
324
357
        result = []
325
358
        all_verifiable = True
326
359
        for rev_id in revisions:
343
376
                signers[uid] += 1
344
377
        result = []
345
378
        for uid, number in signers.items():
346
 
             result.append( i18n.ngettext(u"{0} signed {1} commit", 
 
379
             result.append( ngettext(u"{0} signed {1} commit", 
347
380
                             u"{0} signed {1} commits",
348
381
                             number).format(uid, number) )
349
382
        return result
360
393
                signers[authors] += 1
361
394
        result = []
362
395
        for authors, number in signers.items():
363
 
            result.append( i18n.ngettext(u"{0} commit by author {1}", 
 
396
            result.append( ngettext(u"{0} commit by author {1}", 
364
397
                                 u"{0} commits by author {1}",
365
398
                                 number).format(number, authors) )
366
399
        return result
376
409
                signers[authors] += 1
377
410
        result = []
378
411
        for authors, number in signers.items():
379
 
            result.append( i18n.ngettext(u"{0} commit by author {1}", 
 
412
            result.append( ngettext(u"{0} commit by author {1}", 
380
413
                                 u"{0} commits by author {1}",
381
414
                                 number).format(number, authors) )
382
415
        return result
390
423
                signers[fingerprint] += 1
391
424
        result = []
392
425
        for fingerprint, number in signers.items():
393
 
            result.append( i18n.ngettext(u"Unknown key {0} signed {1} commit", 
 
426
            result.append( ngettext(u"Unknown key {0} signed {1} commit", 
394
427
                                 u"Unknown key {0} signed {1} commits",
395
428
                                 number).format(fingerprint, number) )
396
429
        return result
397
430
 
 
431
    def verbose_expired_key_message(self, result, repo):
 
432
        """takes a verify result and returns list of expired key info"""
 
433
        signers = {}
 
434
        fingerprint_to_authors = {}
 
435
        for rev_id, validity, fingerprint in result:
 
436
            if validity == SIGNATURE_EXPIRED:
 
437
                revision = repo.get_revision(rev_id)
 
438
                authors = ', '.join(revision.get_apparent_authors())
 
439
                signers.setdefault(fingerprint, 0)
 
440
                signers[fingerprint] += 1
 
441
                fingerprint_to_authors[fingerprint] = authors
 
442
        result = []
 
443
        for fingerprint, number in signers.items():
 
444
            result.append(ngettext(u"{0} commit by author {1} with "\
 
445
                                    "key {2} now expired", 
 
446
                                   u"{0} commits by author {1} with key {2} now "\
 
447
                                    "expired",
 
448
                                    number).format(number,
 
449
                            fingerprint_to_authors[fingerprint], fingerprint) )
 
450
        return result
 
451
 
398
452
    def valid_commits_message(self, count):
399
453
        """returns message for number of commits"""
400
 
        return i18n.gettext(u"{0} commits with valid signatures").format(
 
454
        return gettext(u"{0} commits with valid signatures").format(
401
455
                                        count[SIGNATURE_VALID])
402
456
 
403
457
    def unknown_key_message(self, count):
404
458
        """returns message for number of commits"""
405
 
        return i18n.ngettext(u"{0} commit with unknown key",
406
 
                             u"{0} commits with unknown keys",
407
 
                             count[SIGNATURE_KEY_MISSING]).format(
 
459
        return ngettext(u"{0} commit with unknown key",
 
460
                        u"{0} commits with unknown keys",
 
461
                        count[SIGNATURE_KEY_MISSING]).format(
408
462
                                        count[SIGNATURE_KEY_MISSING])
409
463
 
410
464
    def commit_not_valid_message(self, count):
411
465
        """returns message for number of commits"""
412
 
        return i18n.ngettext(u"{0} commit not valid",
413
 
                             u"{0} commits not valid",
414
 
                             count[SIGNATURE_NOT_VALID]).format(
 
466
        return ngettext(u"{0} commit not valid",
 
467
                        u"{0} commits not valid",
 
468
                        count[SIGNATURE_NOT_VALID]).format(
415
469
                                            count[SIGNATURE_NOT_VALID])
416
470
 
417
471
    def commit_not_signed_message(self, count):
418
472
        """returns message for number of commits"""
419
 
        return i18n.ngettext(u"{0} commit not signed",
420
 
                             u"{0} commits not signed",
421
 
                             count[SIGNATURE_NOT_SIGNED]).format(
 
473
        return ngettext(u"{0} commit not signed",
 
474
                        u"{0} commits not signed",
 
475
                        count[SIGNATURE_NOT_SIGNED]).format(
422
476
                                        count[SIGNATURE_NOT_SIGNED])
 
477
 
 
478
    def expired_commit_message(self, count):
 
479
        """returns message for number of commits"""
 
480
        return ngettext(u"{0} commit with key now expired",
 
481
                        u"{0} commits with key now expired",
 
482
                        count[SIGNATURE_EXPIRED]).format(
 
483
                                    count[SIGNATURE_EXPIRED])