|
|
|
@ -23,6 +23,8 @@ import itertools
|
|
|
|
|
import json
|
|
|
|
|
import os
|
|
|
|
|
import time
|
|
|
|
|
import pgpy
|
|
|
|
|
import rpm
|
|
|
|
|
from six.moves import cPickle as pickle
|
|
|
|
|
|
|
|
|
|
import kobo.log
|
|
|
|
@ -993,6 +995,24 @@ class KojiMockPackageSet(PackageSetBase):
|
|
|
|
|
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
def _is_rpm_signed(self, rpm_path) -> bool:
|
|
|
|
|
ts = rpm.TransactionSet()
|
|
|
|
|
ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
|
|
|
|
|
sigkeys = [
|
|
|
|
|
sigkey.lower() for sigkey in self.sigkey_ordering
|
|
|
|
|
if sigkey is not None
|
|
|
|
|
]
|
|
|
|
|
with open(rpm_path, 'rb') as fd:
|
|
|
|
|
header = ts.hdrFromFdno(fd)
|
|
|
|
|
signature = header[rpm.RPMTAG_SIGGPG] or header[rpm.RPMTAG_SIGPGP]
|
|
|
|
|
if signature is None:
|
|
|
|
|
return False
|
|
|
|
|
pgp_msg = pgpy.PGPMessage.from_blob(signature)
|
|
|
|
|
return any(
|
|
|
|
|
signature.signer.lower() in sigkeys
|
|
|
|
|
for signature in pgp_msg.signatures
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def get_package_path(self, queue_item):
|
|
|
|
|
rpm_info, build_info = queue_item
|
|
|
|
|
|
|
|
|
@ -1010,6 +1030,13 @@ class KojiMockPackageSet(PackageSetBase):
|
|
|
|
|
|
|
|
|
|
rpm_path = os.path.join(pathinfo.topdir, pathinfo.rpm(rpm_info))
|
|
|
|
|
if os.path.isfile(rpm_path):
|
|
|
|
|
if not self._is_rpm_signed(rpm_path):
|
|
|
|
|
self._invalid_sigkey_rpms.append(rpm_info)
|
|
|
|
|
self.log_error(
|
|
|
|
|
'RPM "%s" not found for sigs: "%s". Path checked: "%s"',
|
|
|
|
|
rpm_info, self.sigkey_ordering, rpm_path
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
return rpm_path
|
|
|
|
|
else:
|
|
|
|
|
self.log_warning("RPM %s not found" % rpm_path)
|
|
|
|
|