From c6542576f04e6dc159e731b50a19f1a10d9d5ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Mas=C5=82owski?= Date: Tue, 16 Oct 2012 15:42:10 +0200 Subject: db-list-unsigned-packages: rewrite using a helper Python script. The previous implementation parsed each tarball multiple times having quadratic time complexity in the number of packages. It was too slow for a complete run. --- db-list-unsigned-packages.py | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100755 db-list-unsigned-packages.py (limited to 'db-list-unsigned-packages.py') diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py new file mode 100755 index 0000000..ccbec3a --- /dev/null +++ b/db-list-unsigned-packages.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 +# Copyright (C) 2012 Michał Masłowski +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +""" +Output a list of repo/package-name-and-version pairs representing +unsigned packages in the database at standard input of repo named in +the first argument and specified for architectures listed in the +following arguments (usually the one of the database or any, default +is to list all). +""" + + +import sys +import tarfile + + +def main(): + """Do the job.""" + repo = sys.argv[1] + pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) + with tarfile.open(fileobj=sys.stdin.buffer) as archive: + for entry in archive: + if entry.name.endswith("/desc"): + content = archive.extractfile(entry) + skip = False + is_arch = False + for line in content: + if is_arch: + is_arch = False + if pkgarches and line.strip() not in pkgarches: + skip = True # different architecture + break + if line == b"%PGPSIG%\n": + skip = True # signed + break + if line == b"%ARCH%\n": + is_arch = True + if skip: + print("skip " + repo + "/" + entry.name[:-5]) + continue + print(repo + "/" + entry.name[:-5]) + + +if __name__ == "__main__": + main() -- cgit v1.2.3-2-g168b From 43aacb891613909fdb0e2898fc9d85bfa20bcfad Mon Sep 17 00:00:00 2001 From: Parabola Date: Tue, 16 Oct 2012 13:54:48 +0000 Subject: db-list-unsigned-packages.py: Don't list signed packages. --- db-list-unsigned-packages.py | 1 - 1 file changed, 1 deletion(-) (limited to 'db-list-unsigned-packages.py') diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py index ccbec3a..36be93a 100755 --- a/db-list-unsigned-packages.py +++ b/db-list-unsigned-packages.py @@ -50,7 +50,6 @@ def main(): if line == b"%ARCH%\n": is_arch = True if skip: - print("skip " + repo + "/" + entry.name[:-5]) continue print(repo + "/" + entry.name[:-5]) -- cgit v1.2.3-2-g168b From 548dad674dd2e2e59402981522676284eee6cee5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Mas=C5=82owski?= Date: Sun, 26 Oct 2014 20:22:07 +0100 Subject: db-list-unsigned-packages.py: support listing keys that signed the packages. --- db-list-unsigned-packages.py | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) (limited to 'db-list-unsigned-packages.py') diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py index 36be93a..80cff51 100755 --- a/db-list-unsigned-packages.py +++ b/db-list-unsigned-packages.py @@ -21,23 +21,35 @@ unsigned packages in the database at standard input of repo named in the first argument and specified for architectures listed in the following arguments (usually the one of the database or any, default is to list all). + +If the --keyset argument is passed, print the key fingerprint of every +signed package. """ +import base64 +import subprocess import sys import tarfile def main(): """Do the job.""" + check_keys = False + if "--keyset" in sys.argv: + sys.argv.remove("--keyset") + check_keys = True repo = sys.argv[1] pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) + packages = [] + keys = [] with tarfile.open(fileobj=sys.stdin.buffer) as archive: for entry in archive: if entry.name.endswith("/desc"): content = archive.extractfile(entry) skip = False is_arch = False + key = None for line in content: if is_arch: is_arch = False @@ -46,12 +58,38 @@ def main(): break if line == b"%PGPSIG%\n": skip = True # signed - break + key = b"" + if check_keys: + continue + else: + break if line == b"%ARCH%\n": is_arch = True + continue + if key is not None: + if line.strip(): + key += line.strip() + else: + break + if check_keys and key: + key_binary = base64.b64decode(key) + keys.append(key_binary) + packages.append(repo + "/" + entry.name[:-5]) if skip: continue print(repo + "/" + entry.name[:-5]) + if check_keys and keys: + # We have collected all signed package names in packages and + # all keys in keys. Let's now ask gpg to list all signatures + # and find which keys made them. + packets = subprocess.check_output(("gpg", "--list-packets"), + input=b"".join(keys)) + i = 0 + for line in packets.decode("latin1").split("\n"): + if line.startswith(":signature packet:"): + keyid = line[line.index("keyid ") + len("keyid "):] + print(packages[i], keyid) + i += 1 if __name__ == "__main__": -- cgit v1.2.3-2-g168b