1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | # Less terrible, ugly hack of a script than getsigs.pl, but similar. Used to |
---|
4 | # verify the signatures on the release tarballs and produce the list of who |
---|
5 | # signed them in the format we use for the announcements. |
---|
6 | # |
---|
7 | # To use just run it in the directory with the signatures and tarballs and |
---|
8 | # pass the version of subversion you want to check. It assumes gpg is on |
---|
9 | # your path, if it isn't you should fix that. :D |
---|
10 | # |
---|
11 | # Script will die if any gpg process returns an error. |
---|
12 | # |
---|
13 | # Because I hate perl... |
---|
14 | |
---|
15 | import glob, subprocess, shutil, sys, re |
---|
16 | |
---|
17 | key_start = '-----BEGIN PGP SIGNATURE-----\n' |
---|
18 | sig_pattern = re.compile(r'^gpg: Signature made .*? using \w+ key ID (\w+)') |
---|
19 | fp_pattern = re.compile(r'^pub\s+(\w+\/\w+)[^\n]*\n\s+Key\sfingerprint\s=((\s+[0-9A-F]{4}){10})\nuid\s+([^<\(]+)\s') |
---|
20 | |
---|
21 | |
---|
22 | def grab_sig_ids(): |
---|
23 | good_sigs = {} |
---|
24 | |
---|
25 | for filename in glob.glob('subversion-*.asc'): |
---|
26 | shutil.copyfile(filename, '%s.bak' % filename) |
---|
27 | text = open(filename).read() |
---|
28 | keys = text.split(key_start) |
---|
29 | |
---|
30 | for key in keys[1:]: |
---|
31 | open(filename, 'w').write(key_start + key) |
---|
32 | gpg = subprocess.Popen(['gpg', '--logger-fd', '1', |
---|
33 | '--verify', filename], |
---|
34 | stdout=subprocess.PIPE, |
---|
35 | stderr=subprocess.STDOUT) |
---|
36 | |
---|
37 | rc = gpg.wait() |
---|
38 | output = gpg.stdout.read() |
---|
39 | if rc: |
---|
40 | # gpg choked, die with an error |
---|
41 | print(output) |
---|
42 | sys.stderr.write("BAD SIGNATURE in %s\n" % filename) |
---|
43 | shutil.move('%s.bak' % filename, filename) |
---|
44 | sys.exit(1) |
---|
45 | |
---|
46 | for line in output.split('\n'): |
---|
47 | match = sig_pattern.match(line) |
---|
48 | if match: |
---|
49 | key_id = match.groups()[0] |
---|
50 | good_sigs[key_id] = True |
---|
51 | |
---|
52 | shutil.move('%s.bak' % filename, filename) |
---|
53 | |
---|
54 | return good_sigs |
---|
55 | |
---|
56 | |
---|
57 | def generate_output(good_sigs): |
---|
58 | for id in good_sigs.keys(): |
---|
59 | gpg = subprocess.Popen(['gpg', '--fingerprint', id], |
---|
60 | stdout=subprocess.PIPE, stderr=subprocess.STDOUT) |
---|
61 | rc = gpg.wait() |
---|
62 | gpg_output = gpg.stdout.read() |
---|
63 | if rc: |
---|
64 | print(gpg_output) |
---|
65 | sys.stderr.write("UNABLE TO GET FINGERPRINT FOR %s" % id) |
---|
66 | sys.exit(1) |
---|
67 | |
---|
68 | fp = fp_pattern.match(gpg_output).groups() |
---|
69 | print(" %s [%s] with fingerprint:" % (fp[3], fp[0])) |
---|
70 | print(" %s" % fp[1]) |
---|
71 | |
---|
72 | |
---|
73 | if __name__ == '__main__': |
---|
74 | if len(sys.argv) < 2: |
---|
75 | print("Give me a version number!") |
---|
76 | sys.exit(1) |
---|
77 | |
---|
78 | generate_output(grab_sig_ids()) |
---|