a !cB@svddlmZmZmZddlZddlZddlZddlmZddl m Z e dZ da ddZdd Zd d Zd d ZdS))print_functionabsolute_importunicode_literalsN)which)_ZdnfcCs$tdur tdattdttS)Nrpmkeysz3Using rpmkeys executable at %s to verify signatures)_rpmkeys_binaryr_loggerdebugrr r 5/usr/lib/python3.9/site-packages/dnf/rpm/miscutils.py_find_rpmkeys_binarys  r cCst|dks |ddks |dr$dSd\}}}}|ddD]R}d|vrNdS|d r^d }q<|d rnd }q<|d r~d }q<|d s<dSq<|rdS|rdS|rdSdS)Nrs-:)FFFFs: BADs: NOKEYTs : NOTTRUSTEDs : NOTFOUNDs: OK)lenendswith)dataZseen_sigZ missing_keyZ not_trustedZ not_signedir r r _process_rpm_output$s*      rc Cst}|dustj|s,ttddSddd|dddd f}ttj}d |d <t j |||t j d |d }| d}Wdn1s0Y|j }t|turtd|dks|dkrdSt|d}|r|S|rdSdS)Nz4Cannot find rpmkeys executable to verify signatures.rrz --checksigz--rootz --verbosez#--define=_pkgverify_level signaturez--define=_pkgverify_flags 0x0-CLC_ALL/)args executableenvstdoutcwdstdinrz Popen set return code to non-int )r ospathisfiler Zcriticalrdictenviron subprocessPopenPIPEZ communicate returncodetypeintAssertionErrorrsplit) packageZ installrootZrpmkeys_binaryrrprr+retr r r _verifyPackageUsingRpmkeys?s:  * r3c CsHt|tjtjBtjB}zt||jj}Wt|n t|0|S)a Takes a transaction set and a package, check it's sigs, return 0 if they are all fine return 1 if the gpg key can't be found return 2 if the header is in someway damaged return 3 if the key is not trusted return 4 if the pkg is not gpg or pgp signed) r#openO_RDONLYO_NOCTTY O_CLOEXECr3tsZrootDirclose)r8r0Zfdnovaluer r r checkSig`s r;)Z __future__rrrr#r(ZloggingshutilrZdnf.i18nrZ getLoggerr rr rr3r;r r r r s   !