From b1b6e4265b782fea8d1eb439061b7ae5813c95ed Mon Sep 17 00:00:00 2001
From: Papoteur <papoteur@mageialinux-online.org>
Date: Sun, 8 May 2016 18:20:44 +0200
Subject: Add verification of signature

---
 mageiaSync/mageiaSyncExt.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/mageiaSync/mageiaSyncExt.py b/mageiaSync/mageiaSyncExt.py
index 0d30b43..c3120b4 100644
--- a/mageiaSync/mageiaSyncExt.py
+++ b/mageiaSync/mageiaSyncExt.py
@@ -5,7 +5,7 @@ Created on Sat Jul 12 21:42:56 2014
 @author: yves
 """
 
-import re, os
+import re, os, gnupg
 
 from subprocess import Popen, PIPE
 from PyQt5.QtCore import QDir, QFileInfo,pyqtSignal,QThread
@@ -26,6 +26,20 @@ class checkThread(QThread):
             hashfunc = hashlib.sha512()
         if sumType=='md5':
             hashfunc = hashlib.md5()
+        #       Check if the sum file has a valid signature
+        gpg = gnupg.GPG()
+        gpg.encoding = 'utf-8'
+        gpg.recv_keys('pgp.mit.edu', 'EDCA7A90')
+        sig_file = self.destination+'/'+self.path+'/'+self.name+'.'+sumType+'.gpg'
+        try:
+            with open(sig_file, 'rb') as g:
+                verified = gpg.verify_file(g)
+                if not verified.valid: 
+                    print('Signature not OK')
+                    return False
+        except:
+            print('Signature file %s not found'%sig_file)
+            return False
         try:
             with open(self.destination+'/'+self.path+'/'+self.name, 'rb') as f:
                 while True:
-- 
cgit v1.2.1