extras-buildsys/utils/pushscript Utils.py,1.20,1.21
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Wed Oct 24 19:43:08 UTC 2007
Author: mschwendt
Update of /cvs/fedora/extras-buildsys/utils/pushscript
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25465
Modified Files:
Utils.py
Log Message:
If we define _gpg_name when running rpm we do not need that old key-check anyway, as rpm signing would fail miserably for any non-existant key. But we still can apply GPG based sanity checks here.
Index: Utils.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/utils/pushscript/Utils.py,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Utils.py 24 Oct 2007 17:44:14 -0000 1.20
+++ Utils.py 24 Oct 2007 19:43:06 -0000 1.21
@@ -20,9 +20,12 @@
import os, sys
import shutil
import stat, tempfile
+
+sys.path.insert(0,'/srv/extras-push/work/buildsys-utils/pushscript')
import rpmUtils
compsname = 'comps.xml'
+
ts = rpmUtils.transaction.initReadOnlyTransaction()
DEBUG = False
@@ -78,11 +81,16 @@
sys.exit(errno.EPERM)
-# FIXME: this is too simplistic now that we explicitly pass the key name
-# to --resign in Push.py
def sign_key_check(keyname):
- if keyname != os.popen('rpm --eval %_gpg_name','r').read().rstrip():
- print 'ERROR: Configure ~/.rpmmacros for proper GPG signing before running this!'
+ gpg = os.popen("gpg --list-secret-keys --with-colons '%s'" % keyname)
+ gpgout = gpg.readlines()
+ seckeys = 0
+ for l in gpgout:
+ if l.startswith('sec:'):
+ seckeys += 1
+ rv = gpg.close()
+ if (seckeys!=1 or rv):
+ print 'ERROR: GPG secret key check failed: %s' % keyname
sys.exit(errno.EPERM)
More information about the fedora-extras-commits
mailing list