[Pkg-privacy-commits] [torbrowser-launcher] 09/48: Make verify function use gpgme library
Roger Shimizu
rosh at moszumanska.debian.org
Mon Sep 4 16:42:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit 360f6ec005e165b92e941420b7cc84ec6ed26ba9
Author: Kajisav <dan at dephekt.net>
Date: Sun Mar 5 02:13:02 2017 -0600
Make verify function use gpgme library
---
torbrowser_launcher/common.py | 16 ++++++++--------
torbrowser_launcher/launcher.py | 37 ++++++++++++++++---------------------
2 files changed, 24 insertions(+), 29 deletions(-)
diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 3b6c2cd..b4410d4 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -196,16 +196,16 @@ class Common:
c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
impkey = self.paths['signing_keys'][key]
- if os.path.isfile(impkey):
+ try:
c.op_import(gpg.Data(file=impkey))
- else:
- print _("Signing key not found")
-
- result = c.op_import_result()
- if (result and self.fingerprints[key] in result.imports[0].fpr):
- return True
- else:
+ except:
return False
+ else:
+ result = c.op_import_result()
+ if (result and self.fingerprints[key] in result.imports[0].fpr):
+ return True
+ else:
+ return False
# import gpg keys
def import_keys(self):
diff --git a/torbrowser_launcher/launcher.py b/torbrowser_launcher/launcher.py
index ec87cf8..acff817 100644
--- a/torbrowser_launcher/launcher.py
+++ b/torbrowser_launcher/launcher.py
@@ -26,7 +26,7 @@ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
"""
-import os, subprocess, time, json, tarfile, hashlib, lzma, threading, re, unicodedata
+import os, subprocess, time, json, tarfile, hashlib, lzma, threading, re, unicodedata, gpg
from twisted.internet import reactor
from twisted.web.client import Agent, RedirectAgent, ResponseDone, ResponseFailed
from twisted.web.http_headers import Headers
@@ -474,29 +474,24 @@ class Launcher:
return None
def verify(self):
- # initialize the progress bar
self.progressbar.set_fraction(0)
self.progressbar.set_text(_('Verifying Signature'))
self.progressbar.show()
-
- # verify the PGP signature
- verified = False
- FNULL = open(os.devnull, 'w')
- p = subprocess.Popen(['/usr/bin/gpg', '--homedir', self.common.paths['gnupg_homedir'], '--verify', self.common.paths['sig_file'], self.common.paths['tarball_file']], stdout=FNULL, stderr=subprocess.STDOUT)
- self.pulse_until_process_exits(p)
- if p.returncode == 0:
- verified = True
-
- if verified:
- self.run_task()
- else:
- # TODO: add the ability to report attack by posting bug to trac.torproject.org
- self.set_gui('task', _("SIGNATURE VERIFICATION FAILED!\n\nYou might be under attack, or there might just be a networking problem. Click Start try the download again."), ['start_over'], False)
- self.clear_ui()
- self.build_ui()
-
- if not reactor.running:
- reactor.run()
+
+ with gpg.Context() as c:
+ c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.common.paths['gnupg_homedir'])
+
+ sig = gpg.Data(file=self.common.paths['sig_file'])
+ signed = gpg.Data(file=self.common.paths['tarball_file'])
+
+ try:
+ c.verify(signature=sig, signed_data=signed)
+ except Exception as e:
+ self.set_gui('task', _("SIGNATURE VERIFICATION FAILED!\n\nYou might be under attack, or there might just be a networking problem. Click Start try the download again."), ['start_over'], False)
+ self.clear_ui()
+ self.build_ui()
+ else:
+ self.run_task()
def extract(self):
# initialize the progress bar
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list