��JFIF�����������$
�������������������������������������� ��� ������
�����
�
�����������
���
����d�d�����������7������������������������ ��
Viewing File: /usr/lib/python3.9/site-packages/dnf/rpm/miscutils.py
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Copyright 2003 Duke University
from __future__ import print_function, absolute_import, unicode_literals
import os
import subprocess
import logging
from shutil import which
from dnf.i18n import _
_logger = logging.getLogger('dnf')
_rpmkeys_binary = None
def _find_rpmkeys_binary():
global _rpmkeys_binary
if _rpmkeys_binary is None:
_rpmkeys_binary = which("rpmkeys")
_logger.debug(_('Using rpmkeys executable at %s to verify signatures'),
_rpmkeys_binary)
return _rpmkeys_binary
def _process_rpm_output(data):
# No signatures or digests = corrupt package.
# There is at least one line for -: and another (empty) entry after the
# last newline.
if len(data) < 3 or data[0] != b'-:' or data[-1]:
return 2
seen_sig, missing_key, not_trusted, not_signed = False, False, False, False
for i in data[1:-1]:
if b': BAD' in i:
return 2
elif i.endswith(b': NOKEY'):
missing_key = True
elif i.endswith(b': NOTTRUSTED'):
not_trusted = True
elif i.endswith(b': NOTFOUND'):
not_signed = True
elif not i.endswith(b': OK'):
return 2
if not_trusted:
return 3
elif missing_key:
return 1
elif not_signed:
return 4
# we still check return code, so this is safe
return 0
def _verifyPackageUsingRpmkeys(package, installroot):
rpmkeys_binary = _find_rpmkeys_binary()
if rpmkeys_binary is None or not os.path.isfile(rpmkeys_binary):
_logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
return 2
# "--define=_pkgverify_level signature" enforces signature checking;
# "--define=_pkgverify_flags 0x0" ensures that all signatures are checked.
args = ('rpmkeys', '--checksig', '--root', installroot, '--verbose',
'--define=_pkgverify_level signature', '--define=_pkgverify_flags 0x0',
'-')
env = dict(os.environ)
env['LC_ALL'] = 'C'
with subprocess.Popen(
args=args,
executable=rpmkeys_binary,
env=env,
stdout=subprocess.PIPE,
cwd='/',
stdin=package) as p:
data = p.communicate()[0]
returncode = p.returncode
if type(returncode) is not int:
raise AssertionError('Popen set return code to non-int')
# rpmkeys can return something other than 0 or 1 in the case of a
# fatal error (OOM, abort() called, SIGSEGV, etc)
if returncode >= 2 or returncode < 0:
return 2
ret = _process_rpm_output(data.split(b'\n'))
if ret:
return ret
return 2 if returncode else 0
def checkSig(ts, package):
"""Takes a transaction set and a package, check it's sigs,
return 0 if they are all fine
return 1 if the gpg key can't be found
return 2 if the header is in someway damaged
return 3 if the key is not trusted
return 4 if the pkg is not gpg or pgp signed"""
fdno = os.open(package, os.O_RDONLY|os.O_NOCTTY|os.O_CLOEXEC)
try:
value = _verifyPackageUsingRpmkeys(fdno, ts.ts.rootDir)
finally:
os.close(fdno)
return value
Back to Directory
�������������������������������������nL+D�550�H�?Mx� ,D"v]qv;6*Zqn�)�ZP��0������������������������������!1 ��A� "#a$2Qr��������D8�a�Ri�[f�\mIykIw0�cu�FcRı?lO7к_f˓[C$殷WF<_W ԣs�KcëIzyQy���/_LK�ℂ;C�",pFA:�/]=H�� �~,ls/9�ć:[=/#f;�)x�{�ٛ�EQ )~� ���=𘙲r*2~ ��a��_V='��kumF��D}KYYC)({�*g&f�`툪r�y�`=^cJ.I]�(*`�wq���1�dđ#̩�͑0�;H]u搂@:~וKL� Ns��h�}OIR*8:2��!lDJVo(��3=M(z�Ȱ+i*NA�r6K�n�Sl�)!JJӁ* %�݉�?|D}d5:eP0R;{$X'xF@.ÊB {,W�J�uQ�ɲRI;9�QE�琯62fT.D�UJ���;*c��P��A\ILNj!J۱+�O\�͔]ޒ�SJȧc%AN��ol�ՎprULZԛe�r�E2=XDXg�VQe�ӓk��y�P�7U*omQIs,K`)6\�G3t?pgj�r�mۛجwluG��tf��h9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0���'G=i2N�+0e2�]]�9VT�P��O7h(F*�癈�'�=Q��V�ZDF,d߬~�TX
G[�`l�e69CR(!S2!P�
<0x�<������������������������!1��AQ "Raq�02Br���#S�CTb�����
?�Ζ"]mH�5WR7k.ۛ!}Q~+yԏz|@T20S~Kek�*zFf^2X*(@8�r?��CIuI|�֓>^ExLgN�UY+{.RѪ
τVYTD�I62'8Y2�7'\T�P�.6�d&˦@�Vqi�|8-�OΕ�]ʔ� U=��TL8=;6c�|���!qfF3a�ů�&~$l}'NWUs$Uk^SV��:U#�6w+�+s&r+nڐ��{@�29�g�L�
u"TÙ�M=6�(^"7r}�=6YݾlCuhquympǦ
�G�jhsǜNl�ɻ}o7�#S6aw�4!OS�rD�57�%|?x>L
|�/�nD6?/8w#[�)L7��+6〼T�ATg�!��%5�MmZ/c-{�1_Je"|�^$'O���&�ޱմ�Trb�$�w)R�$�&�
N1EtdU�3Uȉ1p�M"�N*(DN�y�d96.(jQ)X
5cQɎMyW�?��Q�*!R>6=7)Xj5`J]�e�8%t!+'!1Q�5���������� �������������!1��� AQ�aqё#2�"0BRb������?�G�t^�## .llQT $�v,,m��㵜5�ubV �=sY+@d�{N!�dnO<���.-B;�_wJt6�;Q�Jd.Qc%p{ 1,sND�dFH�I0Гo�Xш�e黅XۢF:)[�FGXƹ/w�_cMeD���,ʡcc.���WD�tA$�j@�:) -#�u
c1<@ۗ9F�)KJ-hpP]�_��x[qBlbp�ʖw� q"�L�FGd�ƶ*���s+�ډ_Zc"?�%�t[IP���6J]#=ɺVvv�CGsGh1� >)6�|ey?Lӣm,4GWUi`�]uJVoV�D�G�< SB�6ϏQ@ TiUly�OU0kfV~�~}�SZ@*WUU�i##;�s/[�=!�7}"��WN]'(L!��~y�5g9T̅JkbM'�+s:S� ��+�B)v@M��j
���e Cf�jE�0��Y\QnzG�1д~Wo{T�9?`�Rmyh�sy�3!HA�D]m�c1~2L���Su7xT;j$`}4->L#�vzŏ��ILS���֭��T��{�r��jGKC;��b�pU=�-`BsK.SFw4�Mq]ZdH�S0)tLg