[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r25541 - in gnunet-update/src: ext gnunet_update tests
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r25541 - in gnunet-update/src: ext gnunet_update tests |
|
Date: |
Wed, 19 Dec 2012 11:27:12 +0100 |
Author: harsha
Date: 2012-12-19 11:27:11 +0100 (Wed, 19 Dec 2012)
New Revision: 25541
Added:
gnunet-update/src/tests/test_data_to_string.c
Modified:
gnunet-update/src/ext/
gnunet-update/src/ext/Makefile.am
gnunet-update/src/gnunet_update/install.py
gnunet-update/src/gnunet_update/util.py
gnunet-update/src/tests/
Log:
fix 2684: Ignore GPG checking while installing
Index: gnunet-update/src/ext
===================================================================
--- gnunet-update/src/ext 2012-12-19 10:04:59 UTC (rev 25540)
+++ gnunet-update/src/ext 2012-12-19 10:27:11 UTC (rev 25541)
Property changes on: gnunet-update/src/ext
___________________________________________________________________
Modified: svn:ignore
## -4,3 +4,4 ##
Makefile
gnunet-service-ext
gnunet-ext
+test_file_hash
Modified: gnunet-update/src/ext/Makefile.am
===================================================================
--- gnunet-update/src/ext/Makefile.am 2012-12-19 10:04:59 UTC (rev 25540)
+++ gnunet-update/src/ext/Makefile.am 2012-12-19 10:27:11 UTC (rev 25541)
@@ -39,7 +39,8 @@
test_ext_api \
test_file_hash
-TESTS = $(check_PROGRAMS)
+TESTS = \
+ test_ext_api
test_ext_api_SOURCES = \
test_ext_api.c
Modified: gnunet-update/src/gnunet_update/install.py
===================================================================
--- gnunet-update/src/gnunet_update/install.py 2012-12-19 10:04:59 UTC (rev
25540)
+++ gnunet-update/src/gnunet_update/install.py 2012-12-19 10:27:11 UTC (rev
25541)
@@ -38,6 +38,7 @@
# Used for testing; Sets from where we read input
getch_ = None
+ignore_gpg = False
def _usage():
"""Print helpful usage information."""
@@ -54,6 +55,10 @@
-c, --config=FILENAME : use configuration file FILENAME
-l, --list-groups : list the available groups
-g, --group=GROUP : install GROUP (multiple options are allowed)
+ -x, --ignore-gpg : ignore gpg checks for verifying integrity of
+ downloaded package. WARNING: using this option
+ may result in untrusted or malicious software
to
+ be installed in your computer
"""
def _shared_library_setup(shared_library_paths):
@@ -78,17 +83,19 @@
def main():
"""Execution start point."""
+ global ignore_gpg
external_config_file = None
list_groups = False
install_group_names = set()
assert getch_ is not None
try:
opts, args = getopt.getopt(sys.argv[1:],
- "c:g:lh",
+ "c:g:lhx",
["help",
"config=",
"list-groups",
- "group="])
+ "group=",
+ "ignore-gpg"])
except getopt.GetoptError, err:
print err
print "Execption occured"
@@ -105,7 +112,8 @@
list_groups = True
elif option in ("-g", "--group"):
install_group_names.add(value)
-
+ elif option in ("-x", "--ignore-gpg"):
+ ignore_gpg = True
if list_groups:
if len(args) < 1:
print "Incorrect number of arguments"
@@ -117,22 +125,23 @@
sys.exit(1)
config = GnunetUpdateConfig(external_config_file) # Configuration
- pgp_sign_key = config.get('SECURITY', 'PGP_SIGN_KEY')
- if pgp_sign_key is None:
- print "PGP key fingerprint is missing in configuration"
- sys.exit (0)
- # If key is not present in the user's GPG key ring; import it automatically
- if not util.gpg_key_exists(pgp_sign_key):
- print "We are about to download and install a GPG key with
fingerprint: " + pgp_sign_key
- print "Press [Y] to proceed or any other key to abort"
- ch = getch_()
- if ch is None:
- sys.exit(0)
- if ch not in ['Y', 'y']:
- sys.exit(0)
- if util.gpg_import_key(pgp_sign_key[-8:]) is not 0:
- sys.exit(0)
- metadata = util.verify_metadata(args[0], pgp_sign_key)
+ if not ignore_gpg:
+ pgp_sign_key = config.get('SECURITY', 'PGP_SIGN_KEY')
+ if pgp_sign_key is None:
+ print "PGP key fingerprint is missing in configuration"
+ sys.exit (0)
+ # If key is not present in the user's GPG key ring; import it
automatically
+ if not util.gpg_key_exists(pgp_sign_key):
+ print "We are about to download and install a GPG key with
fingerprint: " + pgp_sign_key
+ print "Press [Y] to proceed or any other key to abort"
+ ch = getch_()
+ if ch is None:
+ sys.exit(0)
+ if ch not in ['Y', 'y']:
+ sys.exit(0)
+ if util.gpg_import_key(pgp_sign_key[-8:]) is not 0:
+ sys.exit(0)
+ metadata = util.verify_metadata(args[0], pgp_sign_key, ignore_gpg)
if metadata is None:
sys.exit(2)
Modified: gnunet-update/src/gnunet_update/util.py
===================================================================
--- gnunet-update/src/gnunet_update/util.py 2012-12-19 10:04:59 UTC (rev
25540)
+++ gnunet-update/src/gnunet_update/util.py 2012-12-19 10:27:11 UTC (rev
25541)
@@ -141,13 +141,13 @@
new_sigs = ctx.verify(sign_fd, plain_fd, None)
return new_sigs
-def verify_metadata(package_tarfile_path, key_fpr):
+def verify_metadata(package_tarfile_path, key_fpr, ignore_gpg=False):
"""Verifys whether metadata of the package is valid and authentic
package_tarfile_path: The path of the package file. This tarfile will be
examined for metadata and its signature
key_fpr: The key to validate the metadata signature
-
+ ignore_gpg: Should the gpg signature checking be ignored
return: If metadata of the package is valid and authentic, the metadata is
read into a Metadata object which is returned. If it is found to be not
valid or authentic then None is returned.
@@ -157,37 +157,38 @@
try:
filename = "metadata.dat"
metadata_tarinfo = package_tarfile.getmember(filename)
- filename = "metadata.dat.asc"
- metadata_sig_tarinfo = package_tarfile.getmember(filename)
+ if not ignore_gpg:
+ filename = "metadata.dat.asc"
+ metadata_sig_tarinfo = package_tarfile.getmember(filename)
except KeyError as no_file:
print filename + " not found in the given tarfile. Are you sure you \
gave the correct package file?"
package_tarfile.close()
return None
-
# Temporary directory for package extraction
temp_dir = tempfile.mkdtemp()
package_tarfile.extract(metadata_tarinfo, temp_dir)
- package_tarfile.extract(metadata_sig_tarinfo, temp_dir)
+ if not ignore_gpg:
+ package_tarfile.extract(metadata_sig_tarinfo, temp_dir)
package_tarfile.close()
- # Verify metadata signature
- metadata_fd = open(os.path.join(temp_dir, metadata_tarinfo.name), "rb")
- metadata_sig_fd = open(os.path.join(temp_dir, metadata_sig_tarinfo.name),
"rb")
- sig = gpg_verify_sign(metadata_fd,
- metadata_sig_fd,
- key_fpr,
- detached=True)
- metadata_sig_fd.close()
- metadata_fd.close()
- if sig is None:
- print "Signature not verified"
- shutil.rmtree(temp_dir)
- return None
- if sig[0].status is not None:
- print "Error verifying the signature of metadata: " + sig[0].status[2]
- shutil.rmtree(temp_dir)
- return None
-
+ if not ignore_gpg:
+ # Verify metadata signature
+ metadata_fd = open(os.path.join(temp_dir, metadata_tarinfo.name), "rb")
+ metadata_sig_fd = open(os.path.join(temp_dir,
metadata_sig_tarinfo.name), "rb")
+ sig = gpg_verify_sign(metadata_fd,
+ metadata_sig_fd,
+ key_fpr,
+ detached=True)
+ metadata_sig_fd.close()
+ metadata_fd.close()
+ if sig is None:
+ print "Signature not verified"
+ shutil.rmtree(temp_dir)
+ return None
+ if sig[0].status is not None:
+ print "Error verifying the signature of metadata: " +
sig[0].status[2]
+ shutil.rmtree(temp_dir)
+ return None
#check whether the system and machine architecture match
metadata = Metadata()
metadata.read_from_file(os.path.join(temp_dir, metadata_tarinfo.name))
@@ -196,8 +197,7 @@
host_machine = platform.machine()
if metadata.system != host_system or metadata.machine != host_machine:
print "The given package is not suited for this platform."
- return None
-
+ return None
return metadata
def get_available_libs(_test_input=None):
Index: gnunet-update/src/tests
===================================================================
--- gnunet-update/src/tests 2012-12-19 10:04:59 UTC (rev 25540)
+++ gnunet-update/src/tests 2012-12-19 10:27:11 UTC (rev 25541)
Property changes on: gnunet-update/src/tests
___________________________________________________________________
Modified: svn:ignore
## -3,3 +3,5 ##
__init__.py
user-home
gen_user_home.sh
+.deps
+test_data_to_string
Added: gnunet-update/src/tests/test_data_to_string.c
===================================================================
--- gnunet-update/src/tests/test_data_to_string.c
(rev 0)
+++ gnunet-update/src/tests/test_data_to_string.c 2012-12-19 10:27:11 UTC
(rev 25541)
@@ -0,0 +1,22 @@
+#include <gnunet/platform.h>
+#include <gnunet/gnunet_util_lib.h>
+
+static const char *data = "This is some test data";
+
+int main (int argc, char *argv)
+{
+ size_t size;
+ char out[1024];
+ char *c;
+
+ size = strlen (data);
+ c = GNUNET_STRINGS_data_to_string ((const unsigned char *) data,
+ size,
+ out,
+ ((size*8) + (((size*8) % 5) > 0 ? 5 -
+ ((size*8) % 5) : 0)) / 5);
+ if (NULL == c)
+ return 1;
+ PRINTF ("%s", out);
+ return 0;
+}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r25541 - in gnunet-update/src: ext gnunet_update tests,
gnunet <=