search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Moved coding line nearer to the top.
[zeroinstall/zeroinstall-rsl.git] / zeroinstall / 0launch-gui / trust_box.py
blobc4faf2847b59d3a307217143c49054752dcd8824
1 # Copyright (C) 2008, Thomas Leonard
2 # -*- coding: utf-8 -*-
3 # See the README file for details, or visit http://0install.net.
4
5 import gtk
6 from zeroinstall.injector.model import SafeException
7 from zeroinstall.injector import gpg, trust
8 from zeroinstall.injector.iface_cache import iface_cache
9 from zeroinstall.support import tasks
10
11 import gui
12 import dialog, help_box
13
14 def pretty_fp(fp):
15 s = fp[0:4]
16 for x in range(4, len(fp), 4):
17 s += ' ' + fp[x:x + 4]
18 return s
19
20 class TrustBox(dialog.Dialog):
21 interface = None
22 sigs = None
23 iface_xml = None
24 valid_sigs = None
25 parent = None
26 closed = None
27
28 def __init__(self, interface, sigs, iface_xml, parent):
29 dialog.Dialog.__init__(self)
30 self.set_transient_for(parent)
31
32 self.closed = tasks.Blocker("confirming keys with user")
33
34 domain = trust.domain_from_url(interface.uri)
35 assert domain
36
37 def destroy(box):
38 global _queue
39 assert _queue[0] is self
40 del _queue[0]
41
42 self.closed.trigger()
43
44 # Remove any queued boxes that are no longer required
45 def still_untrusted(box):
46 for sig in box.valid_sigs:
47 is_trusted = trust.trust_db.is_trusted(sig.fingerprint, domain)
48 if is_trusted:
49 return False
50 return True
51 if _queue:
52 next = _queue[0]
53 if still_untrusted(next):
54 next.show()
55 else:
56 next.trust_keys([], domain)
57 next.destroy() # Will trigger this again...
58 self.connect('destroy', destroy)
59
60 def left(text):
61 label = gtk.Label(text)
62 label.set_alignment(0, 0.5)
63 label.set_selectable(True)
64 return label
65
66 self.interface = interface
67 self.sigs = sigs
68 self.iface_xml = iface_xml
69
70 self.set_title('Confirm trust')
71
72 vbox = gtk.VBox(False, 4)
73 vbox.set_border_width(4)
74 self.vbox.pack_start(vbox, True, True, 0)
75
76 self.valid_sigs = [s for s in sigs if isinstance(s, gpg.ValidSig)]
77 if not self.valid_sigs:
78 raise SafeException('No valid signatures found. Signatures:' +
79 ''.join(['\n- ' + str(s) for s in sigs]))
80
81 notebook = gtk.Notebook()
82
83 if len(self.valid_sigs) == 1:
84 notebook.set_show_tabs(False)
85
86 label = left('Checking: ' + interface.uri)
87 label.set_padding(4, 4)
88 vbox.pack_start(label, False, True, 0)
89
90 currently_trusted_keys = trust.trust_db.get_keys_for_domain(domain)
91 if currently_trusted_keys:
92 keys = [gpg.load_key(fingerprint) for fingerprint in currently_trusted_keys]
93 descriptions = ["%s\n(fingerprint: %s)" % (key.name, pretty_fp(key.fingerprint))
94 for key in keys]
95 else:
96 descriptions = ['None']
97 dialog.frame(vbox, 'Keys already approved for "%s"' % domain, '\n'.join(descriptions))
98
99 if len(self.valid_sigs) == 1:
100 label = left('This key signed the feed:')
101 else:
102 label = left('These keys signed the feed:')
103
104 label.set_padding(4, 4)
105 vbox.pack_start(label, False, True, 0)
106
107 vbox.pack_start(notebook, True, True, 0)
108
109 self.add_button(gtk.STOCK_HELP, gtk.RESPONSE_HELP)
110 self.add_button(gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL)
111 self.add_button(gtk.STOCK_ADD, gtk.RESPONSE_OK)
112 self.set_default_response(gtk.RESPONSE_OK)
113
114 trust_checkbox = {} # Sig -> CheckButton
115 def ok_sensitive():
116 trust_any = False
117 for toggle in trust_checkbox.values():
118 if toggle.get_active():
119 trust_any = True
120 break
121 self.set_response_sensitive(gtk.RESPONSE_OK, trust_any)
122
123 for sig in self.valid_sigs:
124 if hasattr(sig, 'get_details'):
125 name = '<unknown>'
126 details = sig.get_details()
127 for item in details:
128 if item[0] in ('pub', 'uid') and \
129 len(item) > 9:
130 name = item[9]
131 break
132 else:
133 name = None
134 page = gtk.VBox(False, 4)
135 page.set_border_width(8)
136
137 dialog.frame(page, 'Fingerprint', pretty_fp(sig.fingerprint))
138
139 if name is not None:
140 dialog.frame(page, 'Claimed identity', name)
141
142 hint = left(hints.get(sig.fingerprint, 'Warning: Nothing known about this key!'))
143 hint.set_line_wrap(True)
144 dialog.frame(page, 'Unreliable hints database says', hint)
145
146 already_trusted = trust.trust_db.get_trust_domains(sig.fingerprint)
147 if already_trusted:
148 dialog.frame(page, 'You already trust this key for these domains',
149 '\n'.join(already_trusted))
150
151 trust_checkbox[sig] = gtk.CheckButton('_Trust this key')
152 page.pack_start(trust_checkbox[sig], False, True, 0)
153 trust_checkbox[sig].connect('toggled', lambda t: ok_sensitive())
154
155 notebook.append_page(page, gtk.Label(name or 'Signature'))
156
157 ok_sensitive()
158 self.vbox.show_all()
159
160 def response(box, resp):
161 if resp == gtk.RESPONSE_HELP:
162 trust_help.display()
163 return
164 if resp == gtk.RESPONSE_OK:
165 self.trust_keys([sig for sig in trust_checkbox if trust_checkbox[sig].get_active()], domain)
166 self.destroy()
167 self.connect('response', response)
168
169 def trust_keys(self, sigs, domain):
170 assert domain
171 try:
172 for sig in sigs:
173 trust.trust_db.trust_key(sig.fingerprint, domain)
174
175 trust.trust_db.notify()
176 except Exception, ex:
177 dialog.alert(None, ex)
178 if not isinstance(ex, SafeException):
179 raise
180
181 _queue = []
182 def confirm_trust(interface, sigs, iface_xml, parent):
183 """Display a dialog box asking the user to confirm that one of the
184 keys is trusted for this domain. If a trust box is already visible, this
185 one is queued until the existing one is closed.
186 @param interface: the feed being loaded
187 @type interface: L{model.Interface}
188 @param sigs: the signatures on the feed
189 @type sigs: [L{gpg.Signature}]
190 @param iface_xml: the downloaded (untrusted) XML document
191 @type iface_xml: str
192 """
193 box = TrustBox(interface, sigs, iface_xml, parent)
194 _queue.append(box)
195 if len(_queue) == 1:
196 _queue[0].show()
197 return box.closed
198
199 trust_help = help_box.HelpBox("Trust Help",
200 ('Overview', """
201 When you run a program, it typically has access to all your files and can generally do \
202 anything that you're allowed to do (delete files, send emails, etc). So it's important \
203 to make sure that you don't run anything malicious."""),
204
205 ('Digital signatures', """
206 Each software author creates a 'key-pair'; a 'public key' and a 'private key'. Without going \
207 into the maths, only something encrypted with the private key will decrypt with the public key.
208
209 So, when a programmer releases some software, they encrypt it with their private key (which no-one \
210 else has). When you download it, the injector checks that it decrypts using their public key, thus \
211 proving that it came from them and hasn't been tampered with."""),
212
213 ('Trust', """
214 After the injector has checked that the software hasn't been modified since it was signed with \
215 the private key, you still have the following problems:
216
217 1. Does the public key you have really belong to the author?
218 2. Even if the software really did come from that person, do you trust them?"""),
219
220 ('Key fingerprints', """
221 To confirm (1), you should compare the public key you have with the genuine one. To make this \
222 easier, the injector displays a 'fingerprint' for the key. Look in mailing list postings or some \
223 other source to check that the fingerprint is right (a different key will have a different \
224 fingerprint).
225
226 You're trying to protect against the situation where an attacker breaks into a web site \
227 and puts up malicious software, signed with the attacker's private key, and puts up the \
228 attacker's public key too. If you've downloaded this software before, you \
229 should be suspicious that you're being asked to confirm another key!"""),
230
231 ('Reputation', """
232 In general, most problems seem to come from malicous and otherwise-unknown people \
233 replacing software with modified versions, or creating new programs intended only to \
234 cause damage. So, check your programs are signed by a key with a good reputation!"""))
235
236 hints = {
237 '1DC295D11A3F910DA49D3839AA1A7812B40B0B6E' :
238 'Ken Hayber has been writing ROX applications since 2003. This key '
239 'was announced on the rox-users list on 5 Jun 2005.',
240
241 '4338D5420E0BAEB6B2E73530B66A4F24AB8B4B65' :
242 'Thomas Formella is experimenting with packaging programs for 0launch. This key '
243 'was announced on 11 Sep 2005 on the zero-install mailing list.',
244
245 '92429807C9853C0744A68B9AAE07828059A53CC1' :
246 'Thomas Leonard created Zero Install and ROX. This key is used to sign updates to the '
247 'injector; you should accept it.',
248
249 '0597A2AFB6B372ACB97AC6E433B938C2E9D8826D' :
250 'Stephen Watson is a project admin for the ROX desktop, and has been involved with the '
251 'project since 2000. This key has been used for signing software since the 23 Jul 2005 '
252 'announcement on the zero-install mailing list.',
253
254 'F0A0CA2A8D8FCC123F5EC04CD8D59DC384AE988E' :
255 'Piero Ottuzzi is experimenting with packaging programs for 0launch. This key has been '
256 'known since a 16 Mar 2005 post to the zero-install mailing list. It was first used to '
257 'sign software in an announcement posted on 9 Aug 2005.',
258
259 'FC71DC3364367CE82F91472DDF32928893D894E9' :
260 'Niklas Höglund is experimenting with using Zero Install on the Nokia 770. This key has '
261 'been known since the announcement of 4 Apr 2006 on the zero-install mailing list.',
262
263 'B93AAE76C40A3222425A04FA0BDA706F2C21E592' :
264 'Ilja Honkonen is experimenting with packaging software for Zero Install. This key '
265 'was announced on 2006-04-21 on the zero-install mailing list.',
266
267 '5D3D90FB4E6FE10C7F76E94DEE6BC26DBFDE8022' :
268 'Dennis Tomas leads the rox4debian packaging effort. This key has been known since '
269 'an email forwarded to the rox-devel list on 2006-05-28.',
270
271 '2E2B4E59CAC8D874CD2759D34B1095AF2E992B19' :
272 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
273 'This key was announced in a Jun 17, 2006 post to the rox-devel mailing list.',
274
275 '7722DC5085B903FF176CCAA9695BA303C9839ABC' :
276 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
277 'This key was announced in an Oct 5, 2006 post to the rox-users mailing list.',
278
279 '03DC5771716A5A329CA97EA64AB8A8E7613A266F' :
280 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
281 'This key was announced in an Oct 7, 2007 post to the rox-users mailing list.',
282
283 '617794D7C3DFE0FFF572065C0529FDB71FB13910' :
284 'This low-security key is used to sign Zero Install interfaces which have been '
285 "automatically generated by a script. Typically, the upstream software didn't "
286 "come with a signature, so it's impossible to know if the code is actually OK. "
287 "However, there is still some benefit: if the archive is modified after the "
288 "script has signed it then any further changes will be detected, so this isn't "
289 "completely pointless.",
290
291 '5E665D0ECCCF1215F725BD2FA7421904E3D1B654' :
292 'Daniel Carrera works on the OpenDocument viewer from opendocumentfellowship.org. '
293 'This key was confirmed in a zero-install mailing list post on 2007-01-09.',
294
295 '635469E565B8D340C2C9EA4C32FBC18CE63EF486' :
296 'Eric Wasylishen is experimenting with packaging software with Zero Install. '
297 'This key was announced on the zero-install mailing list on 2007-01-16.',
298
299 'C82D382AAB381A54529019D6A0F9B035686C6996' :
300 "Justus Winter is generating Zero Install feeds from pkgsrc (which was originally "
301 "NetBSD's ports collection). This key was announced on the zero-install mailing list "
302 "on 2007-06-01.",
303
304 'D7582A2283A01A6480780AC8E1839306AE83E7E2' :
305 'Tom Adams is experimenting with packaging software with Zero Install. '
306 'This key was announced on the zero-install mailing list on 2007-08-14.',
307
308 '3B2A89E694686DC4FEEFD6F6D00CA21EC004251B' :
309 'Tuomo Valkonen is the author of the Ion tiling window manager. This key fingerprint '
310 'was taken from http://modeemi.fi/~tuomov/ on 2007-11-17.',
311
312 'A14924F4DFD1B81DED3436240C9B2C41B8D66FEA' :
313 'Andreas K. Förster is experimenting with creating Zero Install feeds. '
314 'This key was announced in a 2008-01-25 post to the zeroinstall mailing list.',
315
316 '520DCCDBE5D38E2B22ADD82672E5E2ACF037FFC4' :
317 'Thierry Goubier creates PPC binaries for the ROX desktop. This key was '
318 'announced in a 2008-02-03 posting to the rox-users list.'
319 }