Refactor signature checking.

- expiration of the key is not an error, just an info (mga#33562)

1 files changed, 27 insertions, 22 deletions

diff --git a/lib/isodumper.py b/lib/isodumper.py
index 48353be..e0dc2e3 100755
--- a/lib/isodumper.py
+++ b/lib/isodumper.py
@@ -404,8 +404,8 @@ class IsoDumper(basedialog.BaseDialog):
         # Use Mageia public key
         mageia_keyid = "835E41F4EDCA7A90"
         self.sum_type = "sha3"
-        sig_file = "{}.{}.gpg".format(source, self.sum_type)
-        self.source_file = "{}.{}".format(source, self.sum_type)
+        sig_file = f"{source}.{self.sum_type}.gpg"
+        self.source_file = f"{source}.{self.sum_type}"
         try:
             keys_list = gpg.list_keys()
         except Exception as e:
@@ -414,15 +414,10 @@ class IsoDumper(basedialog.BaseDialog):
             self.logger.warning(_("GPG signatures database can not be read"))
             return
         key_present = False
+        self.key_expired =  False
         for entry in keys_list:
             if mageia_keyid == entry["keyid"]:
-                if entry["expires"] and (
-                    datetime.datetime.now().timestamp() > float(entry["expires"])
-                ):
-                    self.logger.warning("Mageia key expired, reloading")
-                else:
-                    self.logger.debug("Mageia key already present")
-                    key_present = True
+                key_present = True
                 break
         try:
             if not key_present:
@@ -431,27 +426,35 @@ class IsoDumper(basedialog.BaseDialog):
             with open(sig_file, "rb") as g:
                 self.signature_found = True
                 verified = gpg.verify_file(g, close_file=False)
-                if verified:
+                if verified.status == "signature valid":
                     self.signature_checked = True
-                    self.logger.debug("signature checked")
+                    self.logger.debug(_("Signature checked"))
                     g.close()
                 else:
                     g.seek(0)
                     verified = gpg.verify_file(g, self.source_file)
-                    if verified:
-                        self.signature_checked = True
-                        self.logger.debug("Detached signature is OK")
-                    else:
-                        self.signature_checked = False
-                        self.logger.warning("Signature is false")
-        except Exception as e:
+                if verified.status == "signature valid":
+                    # is the signature done before the expiration?
+                    self.key_expired = verified.key_status
+                    if self.key_expired:
+                        self.logger.debug("Note: This key has expired!")
+                    self.signature_checked = True
+                else:
+                    self.signature_checked = False
+                    self.logger.warning(_("Signature is bad"))
+        except FileNotFoundError as e:
             self.signature_found = False
-            self.logger.warning(str(e))
             self.logger.warning(
-                _("Signature file {} not found\n" + _("or key expired")).format(
+                _("Signature file {} not found\n").format(
                     sig_file
                 )
             )
+        except Exception as e:
+            self.signature_found = False
+            self.logger.warning(str(e))
+            self.logger.warning(
+                _("GPG signatures database can not be read" )+ "\n"
+            )
 
     def do_format(self):
         # code, format_type, name = self.ask_format()
@@ -1168,7 +1171,7 @@ exFAT, NTFS or ext. You can specify a volume name and the format in a new dialog
                     _("Warning"),
                     True,
                     _(
-                        "No GPG signature has been found or the key is expired. Are you sure you want to use this image?"
+                        "No GPG signature has been found. Are you sure you want to use this image?"
                     ),
                 )
                 if self.ask_YesOrNo(info):
@@ -1176,6 +1179,8 @@ exFAT, NTFS or ext. You can specify a volume name and the format in a new dialog
                 else:
                     self.img_name = ""
                     return
+            if self.key_expired:
+                self.logger.info(_("Info: Key used for the signature has expired. Updated version may be available."))
             self.ima.setLabel(os.path.basename(self.img_name))
             self.dialog.recalcLayout()
             self.activate_devicelist()
@@ -1472,8 +1477,8 @@ exFAT, NTFS or ext. You can specify a volume name and the format in a new dialog
             return
 
         self._setupUI()
-        # setting to False will break the event loop
         self.logger = Logging(debug, self.logview)
+        # setting to False will break the event loop
         self._running = True
         self._start = False
         self.timeout = 100