3 f@svddlmZmZmZddlZddlZddlZddlmZddl m Z ej dZ da ddZdd Zd d Zd d ZdS))print_functionabsolute_importunicode_literalsN)which)_ZdnfcCs$tdkr tdatjtdttS)Nrpmkeysz3Using rpmkeys executable at %s to verify signatures)_rpmkeys_binaryr_loggerdebugrr r /usr/lib/python3.6/miscutils.py_find_rpmkeys_binarys  r cCst|dks |ddks |dr$dSd\}}}}x^|ddD]N}d|krNdS|jdr^d }q>|jd rnd }q>|jd r~d }q>|jd s>dSq>W|rdS|rdS|rd SdS)Nrs-:Fs: BADs: NOKEYTs : NOTTRUSTEDs : NOTFOUNDs: OK)FFFFr)lenendswith)dataZseen_sigZ missing_keyZ not_trustedZ not_signedir r r _process_rpm_output$s*      rc Cst}|dkstjj| r.tjtddSddd|dddd f}tj||d d itj d |d }|j d}WdQRX|j }t |t k rtd|dks|dkrdSt|jd}|r|S|rdSdS)Nz4Cannot find rpmkeys executable to verify signatures.rrz --checksigz--rootz --verbosez#--define=_pkgverify_level signaturez--define=_pkgverify_flags 0x0-LC_ALLC/)args executableenvstdoutcwdstdinrz Popen set return code to non-int )r ospathisfiler Zcriticalr subprocessPopenPIPEZ communicate returncodetypeintAssertionErrorrsplit)packageZ installrootZrpmkeys_binaryrprr)retr r r _verifyPackageUsingRpmkeys?s0   r1c Cs>tj|tjtjBtjB}zt||jj}Wdtj|X|S)a Takes a transaction set and a package, check it's sigs, return 0 if they are all fine return 1 if the gpg key can't be found return 2 if the header is in someway damaged return 3 if the key is not trusted return 4 if the pkg is not gpg or pgp signedN) r#openO_RDONLYO_NOCTTY O_CLOEXECr1tsZrootDirclose)r6r.Zfdnovaluer r r checkSig^s  r9)Z __future__rrrr#r&ZloggingZshutilrZdnf.i18nrZ getLoggerr rr rr1r9r r r r s