4
from twisted.internet.utils import getProcessOutputAndValue
7
class InvalidGPGSignature(Exception):
8
"""Raised when the gpg signature for a given file is invalid."""
11
def gpg_verify(filename, signature, gpg="/usr/bin/gpg"):
12
"""Verify the GPG signature of a file.
14
@param filename: Path to the file to verify the signature against.
15
@param signature: Path to signature to use.
16
@param gpg: Optionally, path to the GPG binary to use.
17
@return: a C{Deferred} resulting in C{True} if the signature is
18
valid, C{False} otherwise.
21
def remove_gpg_home(ignored):
22
shutil.rmtree(gpg_home)
25
def check_gpg_exit_code((out, err, code)):
27
raise InvalidGPGSignature("%s failed (out='%s', err='%s', "
28
"code='%d')" % (gpg, out, err, code))
30
gpg_home = tempfile.mkdtemp()
31
args = ("--no-options", "--homedir", gpg_home, "--no-default-keyring",
32
"--ignore-time-conflict", "--keyring", "/etc/apt/trusted.gpg",
33
"--verify", signature, filename)
35
result = getProcessOutputAndValue(gpg, args=args)
36
result.addBoth(remove_gpg_home)
37
result.addCallback(check_gpg_exit_code)