GPGPath = "gpg"
GPGBasicOptions = ["--no-options","--batch","--load-extension","rsa",\
"--no-default-keyring","--always-trust"];
-GPGKeyRings = ["--keyring","/usr/share/keyrings/debian-keyring.pgp",\
- "--keyring","/usr/share/keyrings/debian-keyring.gpg"];
+GPGKeyRings = [];
GPGSigOptions = ["--output","-"];
GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint"];
GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\
AgeCutOff = 4*24*60*60;
FutureCutOff = 3*24*60*60;
+# Set the keyrings, the input is a list of keyrings
+def SetKeyrings(Rings):
+ for x in Rings:
+ GPGKeyRings.append("--keyring");
+ GPGKeyRings.append(x);
+
# GetClearSig takes an un-seekable email message stream (mimetools.Message)
# and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded
# clear signed text.
# Append the PGP boundary header and the signature text to re-form the
# original signed block [needs to convert to \r\n]
- Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n" + Signed.getvalue() + Signature;
+ Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n";
+ # Semi-evil hack to get the proper hash type inserted in the message
+ if Msg.getparam('micalg') != None:
+ Output = Output + "Hash: %s\r\n"%(string.upper(Msg.getparam('micalg')[4:]));
+ Output = Output + "\r\n";
+ Output = Output + string.replace(Signed.getvalue(),"\n---","\n- ---") + Signature;
return (Output,1);
else:
# Just return the message body
Why = "Verification of signature failed";
# Bad signature response
- if Split[1] == "ERRSIG" or Split[1] == "NO_PUBKEY":
+ if Split[1] == "ERRSIG":
GoodSig = 0;
KeyID = Split[2];
- if Split[7] == '9':
+ if len(Split) <= 7:
+ Why = "GPG error, ERRSIG status tag is invalid";
+ elif Split[7] == '9':
Why = "Unable to verify signature, signing key missing.";
elif Split[7] == '4':
Why = "Unable to verify signature, unknown packet format/key type";
else:
Why = "Unable to verify signature, unknown reason";
+ if Split[1] == "NO_PUBKEY":
+ GoodSig = 0;
+ Why = "Unable to verify signature, signing key missing.";
+
# Expired signature
if Split[1] == "SIGEXPIRED":
GoodSig = 0;
Result = [];
Owner = "";
KeyID = "";
+ Hits = {};
try:
Strm = os.popen(string.join(Args," "),"r");
# Output the key
if Split[0] == 'fpr':
+ if Hits.has_key(Split[9]):
+ continue;
+ Hits[Split[9]] = None;
Result.append( (KeyID,Split[9],Owner,Length) );
finally:
if Strm != None: