-
Notifications
You must be signed in to change notification settings - Fork 14
/
rpm-signer.py
executable file
·148 lines (119 loc) · 5.14 KB
/
rpm-signer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/usr/bin/python
import os
import ConfigParser
import subprocess
import shlex
import shutil
import sys
from optparse import OptionParser
usage = "usage: %prog -c configuration_file [-i/-l] [-i package_name]"
parser = OptionParser(usage)
parser.add_option("-c", "--config-file",
action="store", type ="string", dest="config_file",
help="Specify a configuration file"
)
parser.add_option("-i", "--install",
action="store_true", dest="install",
help="Install and sign a package, requires -p"
)
parser.add_option("-l", "--list-signatures",
action="store_true", dest="list_signatures",
help="List RPMs and their signature status on reposdir and subdirectories"
)
(options, args) = parser.parse_args()
config = ConfigParser.ConfigParser()
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
if not options.config_file:
parser.error('No configuration file specified')
sys.exit(1)
try:
config.read(options.config_file)
gpghome = config.get('main', 'gpghome')
gpgkeyid = config.get('main', 'gpgkeyid')
gpgname = config.get('main', 'gpgname')
reposdir = config.get('main', 'reposdir')
except ConfigParser.Error:
print "An incorrect configuration file was specified. Make sure the file exists and has a [main] section on its header"
sys.exit(1)
def list_rpm_files_signature():
if len(args) > 0:
print 'No need to specify a package name with the -l option, check --help'
sys.exit(1)
for repo in ['el5', 'el6', 'el7']:
for arch in ['i386', 'x86_64', 'noarch', 'SRPMS']:
for _file in os.listdir(os.path.join(reposdir, repo, arch)):
if _file.endswith('.rpm'):
if check_valid_signature(os.path.join(reposdir, repo, arch, _file)) is False:
print ' %s - NOT SIGNED' % (os.path.join(reposdir, repo, arch, _file)) + '\n'
else:
print ' %s - SIGNED' % (os.path.join(reposdir, repo, arch, _file)) + '\n'
def check_valid_signature(package):
command = 'rpmsign -K %s' % package
command = shlex.split(command)
rpm_qpi = subprocess.Popen(command, stdout=subprocess.PIPE)
rpm_qpi.wait()
for line in rpm_qpi.stdout.readlines():
splitted_line = line.split(' ')
if ('NOT' or 'NON') in splitted_line:
return False
def sign_rpm(package):
package_name = args[0]
if not os.path.isfile('/usr/bin/rpmsign'):
print 'The rpmsign binary is not installed, please install the rpm-sign package'
sys.exit(1)
query_user = raw_input("Do you want to sign the %s package? Type YES or NO: " % package_name)
if query_user == 'YES' or 'yes':
command = 'rpm -D "%%_signature gpg" -D "%%_gpg_path %s" -D "%%_gpg_name %s" -D "%%__gpg /usr/bin/gpg" --resign %s' % (gpghome, gpgname, package)
command = shlex.split(command)
sign = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
sign.wait()
if sign.returncode == 0:
print 'Package has been signed with the following key: %s' % gpgkeyid
print "Run 'cobbler reposync' as root on expander to regenerate the repositories metadata"
else:
error = sign.stderr.readlines()
report_error = error[1:2]
print '\n' + 'Package has not been signed, error is: %s' % report_error[0]
elif query_user == 'NO' or 'no':
print '\n' + 'The signature of %s has been ABORTED' % filename + '\n'
else:
print 'Neither "YES" or "NO" were entered, aborting'
def install_package():
if len(args) == 0:
print 'No package name specified, check --help'
sys.exit(1)
elif len(args) == 1:
package = args[0]
else:
print 'Please list one package at a time'
packagename_splitted = package.split('.')
for repo in ['el5', 'el6', 'el7']:
for arch in ['i386', 'x86_64', 'aarch64', 'noarch', 'SRPMS']:
if repo in packagename_splitted:
if arch in packagename_splitted:
dest = os.path.join(reposdir, repo, arch)
if os.path.isdir(dest) and os.path.isfile(package):
print 'Copying %s to %s' % (package, dest) + '\n'
shutil.copy(package, dest)
newdest = os.path.join(dest, package)
if os.path.isfile(newdest):
print '%s has been copied, now signing it' % package + '\n'
sign_rpm(newdest)
else:
print "Either %s or the RPM file you want to install couldn't be found" % dest
sys.exit(1)
def main():
if options.install and options.list_signatures:
print 'The -i and -l flags are mutually exclusive'
sys.exit(1)
if options.install:
install_package()
elif options.list_signatures:
list_rpm_files_signature()
else:
parser.print_help()
sys.exit(1)
if __name__ == "__main__":
main()