2 from zeroinstall
.injector
.model
import SafeException
3 from zeroinstall
.injector
import gpg
, trust
4 from zeroinstall
.injector
.iface_cache
import iface_cache
7 import dialog
, help_box
11 for x
in range(4, len(fp
), 4):
12 s
+= ' ' + fp
[x
:x
+ 4]
15 class TrustBox(dialog
.Dialog
):
23 def __init__(self
, interface
, sigs
, iface_xml
):
24 dialog
.Dialog
.__init
__(self
)
25 self
.connect('destroy', lambda a
: _pop_queue())
27 self
.interface
= interface
29 self
.iface_xml
= iface_xml
31 self
.set_title('Confirm trust')
33 label
= gtk
.Label('Please confirm that you trust '
34 'these keys to sign software updates:')
35 label
.set_padding(8, 8)
36 self
.vbox
.pack_start(label
, False, True, 0)
38 swin
= gtk
.ScrolledWindow()
39 self
.vbox
.pack_start(swin
, True, True, 0)
40 swin
.set_policy(gtk
.POLICY_NEVER
, gtk
.POLICY_AUTOMATIC
)
41 swin
.set_shadow_type(gtk
.SHADOW_IN
)
42 swin
.set_border_width(8)
44 self
.model
= gtk
.ListStore(str, object)
45 self
.tree_view
= gtk
.TreeView(self
.model
)
46 self
.tree_view
.get_selection().set_mode(gtk
.SELECTION_NONE
)
47 swin
.add(self
.tree_view
)
49 self
.tree_view
.set_size_request(-1, 100)
51 text
= gtk
.CellRendererText()
53 for column
in [gtk
.TreeViewColumn('Key fingerprint', text
, text
= 0)]:
54 self
.tree_view
.append_column(column
)
58 self
.add_button(gtk
.STOCK_HELP
, gtk
.RESPONSE_HELP
)
59 self
.add_button(gtk
.STOCK_CANCEL
, gtk
.RESPONSE_CANCEL
)
60 self
.add_button(gtk
.STOCK_ADD
, gtk
.RESPONSE_OK
)
61 self
.set_default_response(gtk
.RESPONSE_OK
)
63 def response(box
, resp
):
64 if resp
== gtk
.RESPONSE_HELP
:
67 if resp
== gtk
.RESPONSE_OK
:
70 self
.connect('response', response
)
72 valid_sigs
= [s
for s
in sigs
if isinstance(s
, gpg
.ValidSig
)]
74 raise SafeException('No valid signatures found')
77 titer
= self
.model
.append()
78 self
.model
[titer
][0] = pretty_fp(sig
.fingerprint
)
79 self
.model
[titer
][1] = sig
81 self
.tree_view
.expand_all()
85 for row
in self
.model
:
87 trust
.trust_db
.trust_key(sig
.fingerprint
)
89 if not iface_cache
.update_interface_if_trusted(self
.interface
, self
.sigs
,
91 raise Exception('Bug: still not trusted!!')
99 def confirm_trust(interface
, sigs
, iface_xml
):
100 _queue
.append(TrustBox(interface
, sigs
, iface_xml
))
104 trust_help
= help_box
.HelpBox("Trust Help",
106 When you run a program, it typically has access to all your files and can generally do \
107 anything that you're allowed to do (delete files, send emails, etc). So it's important \
108 to make sure that you don't run anything malicious."""),
110 ('Digital signatures', """
111 Each software author creates a 'key-pair'; a 'public key' and a 'private key'. Without going \
112 into the maths, only something encrypted with the private key will decrypt with the public key.
114 So, when a programmer releases some software, they encrypt it with their private key (which no-one \
115 else has). When you download it, the injector checks that it decrypts using their public key, thus \
116 proving that it came from them and hasn't been tampered with."""),
119 After the injector has checked that the software hasn't been modified since it was signed with \
120 the private key, you still have the following problems:
122 1. Does the public key you have really belong to the author?
123 2. Even if the software really did come from that person, do you trust them?"""),
125 ('Key fingerprints', """
126 To confirm (1), you should compare the public key you have with the genuine one. To make this \
127 easier, the injector displays a 'fingerprint' for the key. Look in mailing list postings or some \
128 other source to check that the fingerprint is right (a different key will have a different \
131 You're trying to protect against the situation where an attacker breaks into a web site \
132 and puts up malicious software, signed with the attacker's private key, and puts up their \
133 public key too. If you've downloaded the real software before, you should be suspicious that \
134 the fingerprint has changed!"""),
137 In general, most problems seem to come from malicous and otherwise-unknown people \
138 replacing software with modified versiosn, or creating new programs intended only to \
139 cause damage. So, check your programs are signed by a key with a good reputation!"""))