From a5ff14b2e46f5270d06f970152d1c9e1fc40cee7 Mon Sep 17 00:00:00 2001 From: Papoteur Date: Fri, 18 Dec 2020 21:51:05 +0100 Subject: Verify also detached signatures --- backend/raw_write.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'backend') diff --git a/backend/raw_write.py b/backend/raw_write.py index 30b658c..1c1e216 100755 --- a/backend/raw_write.py +++ b/backend/raw_write.py @@ -145,12 +145,20 @@ class Dumper(object): self.sum_check_searched = True with open(sig_file, 'rb') as g: self.signature_found = True - verified = gpg.verify_file(g) + verified = gpg.verify_file(g, close_file=False) if verified: self.signature_checked = True logging.debug("signature checked") + g.close() else: - self.signature_checked = False + g.seek(0) + verified = gpg.verify_file(g, self.source_file) + if verified: + self.signature_checked = True + logging.debug("Detached signature is OK") + else: + self.signature_checked = False + logging.debug("Signature is false") except: self.signature_found = False logging.info(_("Signature file {} not found\n").format(sig_file)) -- cgit v1.2.1 From f4171e7499ef27db9e1bdf92ea9c254a5f4436c2 Mon Sep 17 00:00:00 2001 From: Papoteur Date: Fri, 18 Dec 2020 22:46:20 +0100 Subject: Display warning instead of succes when signatures or sums doesn't match --- backend/raw_write.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'backend') diff --git a/backend/raw_write.py b/backend/raw_write.py index 1c1e216..164089b 100755 --- a/backend/raw_write.py +++ b/backend/raw_write.py @@ -198,6 +198,7 @@ class Dumper(object): sha512func.update(block) sha512sumcalc=sha512func.hexdigest().upper() f.close() + self.return_state = True if self.signature_found and not self.signature_checked: #, keep the pourcent, this is the place for source file name self.return_message = _('Invalid signature for %s')%self.source_file @@ -211,17 +212,18 @@ class Dumper(object): else : if self.signature_found: self.return_message +="\n" + _("The signature of the sum is false !").format(self.sum_type) + self.return_state = False else: #, keep the bracket, this is the place for sum type self.return_message +="\n" + _("The {} sum check is OK but the signature can't be found").format(self.sum_type) else: self.return_message +="\n" + _("/!\\The computed and stored sums don't match") + self.return_state = False #except: #pass self._progress = 100 logging.info(self.return_message) - self.return_state = True self.finished.set() def udev_wait(self, operation): -- cgit v1.2.1 From 3bd2651a5be5a37574f199669a45c2698b9caa5c Mon Sep 17 00:00:00 2001 From: Papoteur Date: Sun, 20 Dec 2020 16:53:17 +0100 Subject: Fix initialization of flag of signature checking --- backend/raw_write.py | 1 + 1 file changed, 1 insertion(+) (limited to 'backend') diff --git a/backend/raw_write.py b/backend/raw_write.py index 164089b..cdac7e2 100755 --- a/backend/raw_write.py +++ b/backend/raw_write.py @@ -127,6 +127,7 @@ class Dumper(object): def _get_sum(self, source): self.return_state = False + self.signature_checked = False mageia_keyid = "835E41F4EDCA7A90" logging.debug("Starting getting sum") # Check if the sum file has a valid signature -- cgit v1.2.1 From 4d72d0da0bd7960bba8eef08bb013290a61d9696 Mon Sep 17 00:00:00 2001 From: Papoteur Date: Mon, 21 Dec 2020 08:07:21 +0100 Subject: Fix return state in raw_write when signature is false --- backend/raw_write.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'backend') diff --git a/backend/raw_write.py b/backend/raw_write.py index cdac7e2..508a9ae 100755 --- a/backend/raw_write.py +++ b/backend/raw_write.py @@ -119,10 +119,10 @@ class Dumper(object): return ifc.close() self._progress = 100 - self.finished.set() self.return_state = True self.return_message = _("Writing terminated") logging.debug(self.return_message) + self.finished.set() return def _get_sum(self, source): @@ -175,7 +175,6 @@ class Dumper(object): def _check_write(self, target, source): logging.debug("Start checking") - self.return_state = False self.return_message = "" b = os.path.getsize(source) # Compute the sum from the written device @@ -203,11 +202,12 @@ class Dumper(object): if self.signature_found and not self.signature_checked: #, keep the pourcent, this is the place for source file name self.return_message = _('Invalid signature for %s')%self.source_file + self.return_state = False if (self.sum_check == "") : # Can't get stored sum self.return_message += _('SHA3 sum: {}').format(sha512sumcalc) # compare the sums elif (sha512sumcalc == self.sum_check) : - if self.signature_checked: + if self.signature_checked and self.signature_found: #, keep the bracket, this is the place for sum type self.return_message +="\n" + _("The {} sum check is OK and the sum is signed").format(self.sum_type) else : @@ -223,7 +223,6 @@ class Dumper(object): #except: #pass self._progress = 100 - logging.info(self.return_message) self.finished.set() -- cgit v1.2.1