From 4dd97226a75fb05f0789ad8bd4de88da995494b3 Mon Sep 17 00:00:00 2001
From: Thomas Leonard <talex5@gmail.com>
Date: Sun, 1 Jan 2006 22:02:26 +0000
Subject: [PATCH] Can read, strip sig and resign interfaces. Can change key or
 switch to XML signing method.

git-svn-id: file:///home/talex/Backups/sf.net/Subversion/zero-install/injector/0publish@622 9f8c893c-44ee-0310-b757-c8ca8341c71e
---
 0publish   | 33 ++++++++++++++++++++++++++++++---
 signing.py | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+), 3 deletions(-)
 create mode 100644 signing.py

diff --git a/0publish b/0publish
index 04510c6..1ab02c3 100755
--- a/0publish
+++ b/0publish
@@ -1,10 +1,15 @@
 #!/usr/bin/env python
+from zeroinstall.injector import gpg
 from optparse import OptionParser
 import os, sys
+import signing
 
 version = '0.1'
 
 parser = OptionParser(usage="usage: %prog [options] interface")
+parser.add_option("-k", "--key", help="key to use for signing")
+parser.add_option("-e", "--edit", help="edit with $EDITOR", action='store_true')
+parser.add_option("-x", "--xmlsign", help="add an XML signature block", action='store_true')
 parser.add_option("-V", "--version", help="display version information", action='store_true')
 
 (options, args) = parser.parse_args()
@@ -30,10 +35,32 @@ def confirm(q):
 		if ans in ('y', 'yes'): return True
 		if ans in ('n', 'no'): return False
 
+# Load or create the starting data...
+
 if os.path.exists(interface):
-	from update import update
-	update(interface)
+	contents = file(interface).read()
+	data, sign_fn, key = signing.check_signature(interface)
 else:
 	if confirm("Interface file '%s' does not exist. Create it?" % interface):
 		from create import create
-		create(interface)
+		data = create(interface)
+		sign_fn = signing.sign_unsigned
+		key = None
+	else:
+		sys.exit(1)
+
+# Process it...
+if options.xmlsign:
+	sign_fn = signing.sign_xml
+if options.key:
+	print "Changing key from '%s' to '%s'" % (key, options.key)
+	key = options.key
+
+print "Data", data
+print "Sign", sign_fn
+print "Key", key
+
+# Validate the result...
+
+# Write it back out
+sign_fn(interface, data, key)
diff --git a/signing.py b/signing.py
new file mode 100644
index 0000000..62cb7bc
--- /dev/null
+++ b/signing.py
@@ -0,0 +1,56 @@
+from zeroinstall.injector import gpg
+import tempfile, os, base64
+
+def check_signature(path):
+	data = file(path).read()
+	if data.startswith('BEGIN'):
+		data_stream, sigs = gpg.check_stream(file(path))
+		sign_fn = sign_plain
+	elif '\n<!-- Base64 Signature' in data:
+		data_stream, sigs = gpg.check_stream(file(path))
+		sign_fn = sign_xml
+	else:
+		return data, sign_unsigned, None
+	for sig in sigs:
+		if isinstance(sig, gpg.ValidSig):
+			return data_stream.read(), sign_fn, sig.fingerprint
+	raise Exception('No valid signatures found!')
+
+def write_tmp(path, data):
+	"""Create a temporary file in the same directory as 'path' and write data to it."""
+	fd, tmp = tempfile.mkstemp(prefix = 'tmp-', dir = os.path.dirname(path))
+	stream = os.fdopen(fd, 'w')
+	stream.write(data)
+	stream.close()
+	return tmp
+
+def run_gpg(default_key, *arguments):
+	arguments = list(arguments)
+	if default_key is not None:
+		arguments = ['--default-key', default_key] + arguments
+	arguments.insert(0, 'gpg')
+	if os.spawnvp(os.P_WAIT, 'gpg', arguments):
+		raise Exception("Command '%s' failed" % arguments)
+
+def sign_unsigned(path, data, key):
+	os.rename(write_tmp(path, data), path)
+
+def sign_plain(path, data, key):
+	tmp = write_tmp(path, data)
+	try:
+		run_gpg(key, '--clearsign', tmp)
+	except:
+		os.unlink(tmp)
+		raise
+	os.rename(tmp + '.asc', path)
+
+def sign_xml(path, data, key):
+	tmp = write_tmp(path, data)
+	try:
+		run_gpg(key, '--detach-sign', tmp)
+	finally:
+		os.unlink(tmp)
+	tmp += '.sig'
+	encoded = base64.encodestring(file(tmp).read())
+	sig = "<!-- Base64 Signature\n" + encoded + "\n-->\n"
+	os.rename(write_tmp(path, data + sig), path)
-- 
2.11.4.GIT