Check the signature as a first step after selecting an image to write.

Nothing happens if the check is OK. Else a message is displayed about missing signature file or checked not passed,
and ask to continue or not.
The check is now done in main program instead of backend.

1 files changed, 18 insertions, 72 deletions

diff --git a/backend/raw_write.py b/backend/raw_write.py
index 03405bd..7891b43 100755
--- a/backend/raw_write.py
+++ b/backend/raw_write.py
@@ -27,7 +27,6 @@ import gettext
 import hashlib
 import io
 import logging
-import datetime
 ###########
 # imports #
 ###########
@@ -37,8 +36,6 @@ import sys
 import time
 from subprocess import Popen, PIPE
 
-import gnupg
-
 
 class Dumper(object):
 
@@ -126,62 +123,6 @@ class Dumper(object):
             self.finished.set()
             return
 
-    def _get_sum(self, source):
-        self.return_state = False
-        self.signature_checked = FalseS
-        logging.debug("Starting getting sum")
-        #       Check if the sum file has a valid signature
-        gpg = gnupg.GPG()
-        gpg.encoding = 'utf-8'
-        # Use Mageia public key
-        mageia_keyid = "835E41F4EDCA7A90"
-        self.sum_type = 'sha3'
-        sig_file = "{}.{}.gpg".format(source, self.sum_type)
-        self.source_file = "{}.{}".format(source, self.sum_type)
-        keys_list = gpg.list_keys()
-        key_present  = False
-        for entry in keys_list:
-            if (mageia_keyid == entry['keyid']):
-                if entry['expires'] and (datetime.datetime.now().timestamp() > float(entry['expires'])):
-                    logging.info("Mageia key expired, reloading")
-                else:
-                    logging.info("Mageia key already present")
-                    key_present = True
-                break
-        try:
-            if not key_present:
-                gpg.recv_keys('pool.sks-keyservers.net', mageia_keyid)
-            self.sum_check_searched = True
-            with open(sig_file, 'rb') as g:
-                self.signature_found = True
-                verified = gpg.verify_file(g, close_file=False)
-                if verified:
-                    self.signature_checked = True
-                    logging.debug("signature checked")
-                    g.close()
-                else:
-                    g.seek(0)
-                    verified = gpg.verify_file(g, self.source_file)
-                    if verified:
-                        self.signature_checked = True
-                        logging.debug("Detached signature is OK")
-                    else:
-                        self.signature_checked = False
-                        logging.warning("Signature is false")
-        except Exception as e:
-            self.signature_found = False
-            logging.error(str(e))
-            logging.info(_("Signature file {} not found\n" + _("or key expired")).format(sig_file))
-        try:
-            # Look for sum files in the same directory as source
-            with open(self.source_file,'r') as fs:
-                # Read the sum in the file
-                self.sum_check=(fs.readline()).split()[0]
-            self.sum_file = True
-        except:
-            logging.info(_("Sum file {} not found\n").format(self.source_file))
-            self.sum_file = False
-
     def _check_write(self, target, source):
         logging.debug("Start checking")
         self.return_message = ""
@@ -207,25 +148,30 @@ class Dumper(object):
             sha512func.update(block)
             sha512sumcalc=sha512func.hexdigest().upper()
         #f.close()
+        self.sum_check = ""
+        sum_type = "sha3"
+        sum_file = f"{source}.{sum_type}"
+        try:
+            # Look for sum files in the same directory as source
+            with open(sum_file,'r') as fs:
+                # Read the sum in the file
+                self.sum_check=(fs.readline()).split()[0]
+            self.sum_file = True
+        except:
+            logging.info(_("Sum file {} not found\n").format(sum_file))
+            self.sum_file = False
         self.return_state = True
-        if self.signature_found and not self.signature_checked:
-                #,  keep the pourcent, this is the place for source file name
-            self.return_message = _('Invalid signature for %s')%self.source_file
-            self.return_state = False
+        #if self.signature_found and not self.signature_checked:
+                ##,  keep the pourcent, this is the place for source file name
+            #self.return_message = _('Invalid signature for %s')%self.source_file
+            #self.return_state = False
         if (self.sum_check == "") :  # Can't get stored sum
                 self.return_message += _('SHA3 sum: {}').format(sha512sumcalc)
         #  compare the sums
         elif (sha512sumcalc == self.sum_check) :
-            if self.signature_checked and self.signature_found:
+            #if self.signature_checked and self.signature_found:
                 #,  keep the bracket, this is the place for sum type
-                self.return_message +="\n" + _("The {} sum check is OK and the sum is signed").format(self.sum_type)
-            else :
-                if self.signature_found:
-                    self.return_message +="\n" + _("The validation of the GPG signature failed !") + "\n" + _("The integrity of the ISO image could not be verified.")
-                    self.return_state = False
-                else:
-                    #,  keep the bracket, this is the place for sum type
-                    self.return_message +="\n" + _("The {} sum check is OK but the signature can't be found").format(self.sum_type)
+                self.return_message +="\n" + _("The {} sum check is OK").format(sum_type)
         else:
             self.return_message +="\n" + _("/!\\The computed and stored sums don't match")
             self.return_state = False