=== modified file 'linaro_image_tools/fetch_image.py'
@@ -387,8 +387,8 @@
def _check_downloads(self):
self.get_sig_files()
- self.verified_files, self.gpg_sig_ok = utils.verify_file_integrity(
- self.sig_files)
+ (self.verified_files, self.gpg_sig_ok,
+ self.gpg_out) = utils.verify_file_integrity(self.sig_files)
# Expect to have 2 sha1sum files (one for hwpack, one for OS bin)
self.have_sha1sums = len(self.sha1_files) ==2
@@ -442,22 +442,42 @@
# matches the sha1sums we will re-download any failing hwpack
# and OS binary files in the if below.
- self._download_sigs_gen_download_list(force_download=True)
- self._check_downloads()
-
- if(self.have_sha1sums and self.have_gpg_sigs
- and not self.gpg_sig_ok):
- # If after re-trying the downloads we still can't get a GPG
- # signature match on a sha1sum file (and both files exist)
- # the abort.
- message = "Package signature check failed. Aborting"
+ no_pubkey_search = re.search("\[GNUPG:\] NO_PUBKEY (\S+)",
+ self.gpg_out)
+ if no_pubkey_search:
+ message = ("Package signature check failed.\n"
+ "To check package signatures, please import "
+ "key {0}")
+ # The GPG output we are using gives us the long key format,
+ # which doesn't match anything in the key management app
+ # that ships with Ubuntu Desktop. The last 8 digits though
+ # are the short key, which are what we normally deal with.
+ # That is, this seems to be the case. I haven't found any
+ # answers after searching around about the long keyID format,
+ # but this works for keys I have tested with...
+ message = message.format(no_pubkey_search.group(1)[-8:])
if self.event_queue:
- self.event_queue.put("message", message)
- self.event_queue.put("abort")
+ self.event_queue.put(("message", message))
else:
print >> sys.stderr, message
- return [], False
+ else:
+ self._download_sigs_gen_download_list(force_download=True)
+ self._check_downloads()
+
+ if(self.have_sha1sums and self.have_gpg_sigs
+ and not self.gpg_sig_ok):
+ # If after re-trying the downloads we still can't get a GPG
+ # signature match on a sha1sum file (and both files exist)
+ # tell the user.
+ message = "Package signature check failed"
+ if self.event_queue:
+ self.event_queue.put(("message", message))
+ self.event_queue.put("abort")
+ else:
+ print >> sys.stderr, message
+
+ return [], False
if(self.have_sha1sums and
self.gpg_sig_ok or not self.have_gpg_sigs):
@@ -479,8 +499,8 @@
self.event_queue,
force_download=True)
- (self.verified_files,
- self.gpg_sig_ok) = utils.verify_file_integrity(self.sig_files)
+ (self.verified_files, self.gpg_sig_ok,
+ self.gpg_out) = utils.verify_file_integrity(self.sig_files)
to_retry = self._unverified_files()
@@ -490,7 +510,7 @@
# corrupt. Display a message to the user and quit.
message = "Download retry failed. Aborting"
if self.event_queue:
- self.event_queue.put("message", message)
+ self.event_queue.put(("message", message))
self.event_queue.put("abort")
else:
print >> sys.stderr, message
@@ -500,9 +520,6 @@
hwpack = os.path.basename(self.downloaded_files[hwpack_url])
hwpack_verified = (hwpack in self.verified_files) and self.gpg_sig_ok
- if self.event_queue: # Clear messages, if any, from GUI
- self.event_queue.put(("message", ""))
-
return self.downloaded_files, hwpack_verified
=== modified file 'linaro_image_tools/tests/test_utils.py'
@@ -107,7 +107,7 @@
self.MockCmdRunnerPopen()))
hash_filename = "dummy-file.txt"
signature_filename = hash_filename + ".asc"
- verified_files, _ = verify_file_integrity([signature_filename])
+ verified_files, _, _ = verify_file_integrity([signature_filename])
self.assertEqual(self.filenames_in_shafile, verified_files)
def test_check_file_integrity_and_print_errors(self):
=== modified file 'linaro_image_tools/utils.py'
@@ -22,6 +22,7 @@
import subprocess
import re
import logging
+import tempfile
try:
from CommandNotFound import CommandNotFound
@@ -43,21 +44,27 @@
"""
gpg_sig_ok = True
+ gpg_out = ""
verified_files = []
for sig_file in sig_file_list:
hash_file = sig_file[0:-len('.asc')]
+ tmp = tempfile.NamedTemporaryFile()
try:
- cmd_runner.run(['gpg', '--verify', sig_file]).wait()
+ cmd_runner.run(['gpg', '--status-file={0}'.format(tmp.name),
+ '--verify', sig_file]).wait()
except cmd_runner.SubcommandNonZeroReturnValue:
gpg_sig_ok = False
+ gpg_out = gpg_out + tmp.read()
+
+ tmp.close()
if os.path.dirname(hash_file) == '':
sha_cwd = None
else:
sha_cwd = os.path.dirname(hash_file)
-
+
try:
sha1sums_out, _ = cmd_runner.Popen(
['sha1sum', '-c', hash_file],
@@ -73,14 +80,14 @@
if sha1_check:
verified_files.append(sha1_check.group(1))
- return verified_files, gpg_sig_ok
+ return verified_files, gpg_sig_ok, gpg_out
def check_file_integrity_and_log_errors(sig_file_list, binary, hwpacks):
"""
Wrapper around verify_file_integrity that prints error messages to stderr
if verify_file_integrity finds any problems.
"""
- verified_files, gpg_sig_pass = verify_file_integrity(sig_file_list)
+ verified_files, gpg_sig_pass, _ = verify_file_integrity(sig_file_list)
# Check the outputs from verify_file_integrity
# Abort if anything fails.