aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageialinux-online.org>2016-05-08 18:20:44 +0200
committerPapoteur <papoteur@mageialinux-online.org>2016-05-08 18:20:44 +0200
commitb1b6e4265b782fea8d1eb439061b7ae5813c95ed (patch)
tree7b776e5f34cc99d4213b4840229eb26d672c3bf2
parentc5ab544e0a5d1a9bfb3215d54b67976683114927 (diff)
downloadMageiaSync-b1b6e4265b782fea8d1eb439061b7ae5813c95ed.tar
MageiaSync-b1b6e4265b782fea8d1eb439061b7ae5813c95ed.tar.gz
MageiaSync-b1b6e4265b782fea8d1eb439061b7ae5813c95ed.tar.bz2
MageiaSync-b1b6e4265b782fea8d1eb439061b7ae5813c95ed.tar.xz
MageiaSync-b1b6e4265b782fea8d1eb439061b7ae5813c95ed.zip
Add verification of signature
Diffstat
-rw-r--r--mageiaSync/mageiaSyncExt.py16
1 files changed, 15 insertions, 1 deletions
diff --git a/mageiaSync/mageiaSyncExt.py b/mageiaSync/mageiaSyncExt.py
index 0d30b43..c3120b4 100644
--- a/mageiaSync/mageiaSyncExt.py
+++ b/mageiaSync/mageiaSyncExt.py
@@ -5,7 +5,7 @@ Created on Sat Jul 12 21:42:56 2014
@author: yves
"""
-import re, os
+import re, os, gnupg
from subprocess import Popen, PIPE
from PyQt5.QtCore import QDir, QFileInfo,pyqtSignal,QThread
@@ -26,6 +26,20 @@ class checkThread(QThread):
hashfunc = hashlib.sha512()
if sumType=='md5':
hashfunc = hashlib.md5()
+ # Check if the sum file has a valid signature
+ gpg = gnupg.GPG()
+ gpg.encoding = 'utf-8'
+ gpg.recv_keys('pgp.mit.edu', 'EDCA7A90')
+ sig_file = self.destination+'/'+self.path+'/'+self.name+'.'+sumType+'.gpg'
+ try:
+ with open(sig_file, 'rb') as g:
+ verified = gpg.verify_file(g)
+ if not verified.valid:
+ print('Signature not OK')
+ return False
+ except:
+ print('Signature file %s not found'%sig_file)
+ return False
try:
with open(self.destination+'/'+self.path+'/'+self.name, 'rb') as f:
while True:
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-17 16:04:39 +0000