search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Holding the pointer over an interface in the main window shows a tooltip
[zeroinstall.git] / trust_box.py
blobbdc7d56f199dc856f0d8ec4c58db1feac0d0d19f
1 import gtk
2 from zeroinstall.injector.model import SafeException
3 from zeroinstall.injector import gpg, trust
4 from zeroinstall.injector.iface_cache import iface_cache
5
6 import gui
7 import dialog, help_box
8
9 def fingerprint(sig):
10 try:
11 return sig.fingerprint
12 except:
13 # Work around a bug in injector-0.9
14 return sig.status[sig.FINGERPRINT]
15
16 def pretty_fp(fp):
17 s = fp[0:4]
18 for x in range(4, len(fp), 4):
19 s += ' ' + fp[x:x + 4]
20 return s
21
22 class TrustBox(dialog.Dialog):
23 model = None
24 tree_view = None
25
26 interface = None
27 sigs = None
28 iface_xml = None
29
30 def __init__(self, interface, sigs, iface_xml):
31 dialog.Dialog.__init__(self)
32 self.connect('destroy', lambda a: _pop_queue())
33
34 self.interface = interface
35 self.sigs = sigs
36 self.iface_xml = iface_xml
37
38 self.set_title('Confirm trust')
39
40 label = gtk.Label('Please confirm that you trust '
41 'these keys to sign software updates:')
42 label.set_padding(8, 8)
43 self.vbox.pack_start(label, False, True, 0)
44
45 swin = gtk.ScrolledWindow()
46 self.vbox.pack_start(swin, True, True, 0)
47 swin.set_policy(gtk.POLICY_NEVER, gtk.POLICY_AUTOMATIC)
48 swin.set_shadow_type(gtk.SHADOW_IN)
49 swin.set_border_width(8)
50
51 self.model = gtk.ListStore(str, object)
52 self.tree_view = gtk.TreeView(self.model)
53 self.tree_view.get_selection().set_mode(gtk.SELECTION_NONE)
54 swin.add(self.tree_view)
55
56 self.tree_view.set_size_request(-1, 100)
57
58 text = gtk.CellRendererText()
59
60 for column in [gtk.TreeViewColumn('Key fingerprint', text, text = 0)]:
61 self.tree_view.append_column(column)
62
63 self.vbox.show_all()
64
65 self.add_button(gtk.STOCK_HELP, gtk.RESPONSE_HELP)
66 self.add_button(gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL)
67 self.add_button(gtk.STOCK_ADD, gtk.RESPONSE_OK)
68 self.set_default_response(gtk.RESPONSE_OK)
69
70 def response(box, resp):
71 if resp == gtk.RESPONSE_HELP:
72 trust_help.display()
73 return
74 if resp == gtk.RESPONSE_OK:
75 self.trust_keys()
76 self.destroy()
77 self.connect('response', response)
78
79 valid_sigs = [s for s in sigs if isinstance(s, gpg.ValidSig)]
80 if not valid_sigs:
81 raise SafeException('No valid signatures found')
82
83 for sig in sigs:
84 titer = self.model.append()
85 self.model[titer][0] = pretty_fp(fingerprint(sig))
86 self.model[titer][1] = sig
87
88 self.tree_view.expand_all()
89 self.present()
90
91 def trust_keys(self):
92 try:
93 for row in self.model:
94 sig = row[1]
95 trust.trust_db.trust_key(fingerprint(sig))
96
97 if not iface_cache.update_interface_if_trusted(self.interface, self.sigs,
98 self.iface_xml):
99 raise Exception('Bug: still not trusted!!')
100 except Exception, ex:
101 dialog.alert(None, ex)
102
103 _queue = []
104 def _pop_queue():
105 if _queue:
106 a = _queue.pop()
107 a.show()
108
109 def confirm_trust(interface, sigs, iface_xml):
110 _queue.append(TrustBox(interface, sigs, iface_xml))
111 if len(_queue) == 1:
112 _pop_queue()
113
114 trust_help = help_box.HelpBox("Trust Help",
115 ('Overview', """
116 When you run a program, it typically has access to all your files and can generally do \
117 anything that you're allowed to do (delete files, send emails, etc). So it's important \
118 to make sure that you don't run anything malicious."""),
119
120 ('Digital signatures', """
121 Each software author creates a 'key-pair'; a 'public key' and a 'private key'. Without going \
122 into the maths, only something encrypted with the private key will decrypt with the public key.
123
124 So, when a programmer releases some software, they encrypt it with their private key (which no-one \
125 else has). When you download it, the injector checks that it decrypts using their public key, thus \
126 proving that it came from them and hasn't been tampered with."""),
127
128 ('Trust', """
129 After the injector has checked that the software hasn't been modified since it was signed with \
130 the private key, you still have the following problems:
131
132 1. Does the public key you have really belong to the author?
133 2. Even if the software really did come from that person, do you trust them?"""),
134
135 ('Key fingerprints', """
136 To confirm (1), you should compare the public key you have with the genuine one. To make this \
137 easier, the injector displays a 'fingerprint' for the key. Look in mailing list postings or some \
138 other source to check that the fingerprint is right (a different key will have a different \
139 fingerprint).
140
141 You're trying to protect against the situation where an attacker breaks into a web site \
142 and puts up malicious software, signed with the attacker's private key, and puts up the \
143 attacker's public key too. If you've downloaded this software before, you \
144 should be suspicious that you're being asked to confirm another key!"""),
145
146 ('Reputation', """
147 In general, most problems seem to come from malicous and otherwise-unknown people \
148 replacing software with modified versions, or creating new programs intended only to \
149 cause damage. So, check your programs are signed by a key with a good reputation!"""))
MOVED TO GITHUB: https://github.com/0install/0install