← Back to branch summary

~bzoltan/click/transition_mirrors

« back to all changes in this revision

Viewing changes to click/install.py

  • Committer: CI bot
  • Author(s): Michael Vogt, Colin Watson
  • Date: 2014-08-22 17:18:56 UTC
  • mfrom: (425.1.79 devel)
  • Revision ID: ps-jenkins@lists.canonical.com-20140822171856-06cj8hcsjbfrybex
Click 0.4.31: "click info <file in unpacked package>", and basic support for package signing. Fixes: 1324853, 1330770

Show diffs side-by-side

added added

removed removed

Lines of Context:
click/install.py
30
30
import grp
31
31
import inspect
32
32
import json
 
33
import logging
33
34
import os
34
35
import pwd
35
36
import shutil
74
75
apt_pkg.init_system()
75
76
 
76
77
 
 
78
class DebsigVerifyError(Exception):
 
79
    pass
 
80
 
 
81
 
 
82
class DebsigVerify:
 
83
    """Tiny wrapper around the debsig-verify commandline"""
 
84
    # from debsig-verify-0.9/debsigs.h
 
85
    DS_SUCCESS = 0
 
86
    DS_FAIL_NOSIGS = 10
 
87
    DS_FAIL_UNKNOWN_ORIGIN = 11
 
88
    DS_FAIL_NOPOLICIES = 12
 
89
    DS_FAIL_BADSIG = 13
 
90
    DS_FAIL_INTERNAL = 14
 
91
 
 
92
    # should be a property, but python does not support support
 
93
    # class properties easily
 
94
    @classmethod
 
95
    def available(cls):
 
96
        return Click.find_on_path("debsig-verify")
 
97
 
 
98
    @classmethod
 
99
    def verify(cls, path, allow_unauthenticated):
 
100
        command = ["debsig-verify"] + [path]
 
101
        try:
 
102
            subprocess.check_output(command, universal_newlines=True)
 
103
        except subprocess.CalledProcessError as e:
 
104
            if (allow_unauthenticated and
 
105
                e.returncode in (DebsigVerify.DS_FAIL_NOSIGS,
 
106
                                 DebsigVerify.DS_FAIL_UNKNOWN_ORIGIN,
 
107
                                 DebsigVerify.DS_FAIL_NOPOLICIES)):
 
108
                logging.warning(
 
109
                    "Signature check failed, but installing anyway "
 
110
                    "as requested")
 
111
            else:
 
112
                raise DebsigVerifyError(
 
113
                    "Signature verification error: %s" % e.output)
 
114
        return True
 
115
 
 
116
 
77
117
class ClickInstallerError(Exception):
78
118
    pass
79
119
 
87
127
 
88
128
 
89
129
class ClickInstaller:
90
 
    def __init__(self, db, force_missing_framework=False):
 
130
    def __init__(self, db, force_missing_framework=False,
 
131
                 allow_unauthenticated=False):
91
132
        self.db = db
92
133
        self.force_missing_framework = force_missing_framework
 
134
        self.allow_unauthenticated = allow_unauthenticated
93
135
 
94
136
    def _preload_path(self):
95
137
        if "CLICK_PACKAGE_PRELOAD" in os.environ:
125
167
            subprocess.check_call(command, env=env, **kwargs)
126
168
 
127
169
    def audit(self, path, slow=False, check_arch=False):
 
170
        # always do the signature check first
 
171
        if DebsigVerify.available():
 
172
            try:
 
173
                DebsigVerify.verify(path, self.allow_unauthenticated)
 
174
            except DebsigVerifyError as e:
 
175
                raise ClickInstallerAuditError(str(e))
 
176
        else:
 
177
            logging.warning(
 
178
                "debsig-verify not available; cannot check signatures")
 
179
 
128
180
        with closing(DebFile(filename=path)) as package:
129
181
            control_fields = package.control.debcontrol()
130
182