search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update year to 2009 in various places
[zeroinstall/zeroinstall-rsl.git] / zeroinstall / 0launch-gui / trust_box.py
blobe7b582ea441adbc24fa91d8817510176abb961c9
1 # Copyright (C) 2009, Thomas Leonard
2 # -*- coding: utf-8 -*-
3 # See the README file for details, or visit http://0install.net.
4
5 import gtk
6 from zeroinstall.injector.model import SafeException
7 from zeroinstall.injector import gpg, trust
8 from zeroinstall.support import tasks
9 from zeroinstall.gtkui import help_box
10
11 import dialog
12
13 def pretty_fp(fp):
14 s = fp[0:4]
15 for x in range(4, len(fp), 4):
16 s += ' ' + fp[x:x + 4]
17 return s
18
19 class TrustBox(dialog.Dialog):
20 interface = None
21 sigs = None
22 iface_xml = None
23 valid_sigs = None
24 parent = None
25 closed = None
26
27 def __init__(self, interface, sigs, iface_xml, parent):
28 dialog.Dialog.__init__(self)
29 self.set_transient_for(parent)
30
31 self.closed = tasks.Blocker("confirming keys with user")
32
33 domain = trust.domain_from_url(interface.uri)
34 assert domain
35
36 def destroy(box):
37 global _queue
38 assert _queue[0] is self
39 del _queue[0]
40
41 self.closed.trigger()
42
43 # Remove any queued boxes that are no longer required
44 def still_untrusted(box):
45 for sig in box.valid_sigs:
46 is_trusted = trust.trust_db.is_trusted(sig.fingerprint, domain)
47 if is_trusted:
48 return False
49 return True
50 if _queue:
51 next = _queue[0]
52 if still_untrusted(next):
53 next.show()
54 else:
55 next.trust_keys([], domain)
56 next.destroy() # Will trigger this again...
57 self.connect('destroy', destroy)
58
59 def left(text):
60 label = gtk.Label(text)
61 label.set_alignment(0, 0.5)
62 label.set_selectable(True)
63 return label
64
65 self.interface = interface
66 self.sigs = sigs
67 self.iface_xml = iface_xml
68
69 self.set_title('Confirm trust')
70
71 vbox = gtk.VBox(False, 4)
72 vbox.set_border_width(4)
73 self.vbox.pack_start(vbox, True, True, 0)
74
75 self.valid_sigs = [s for s in sigs if isinstance(s, gpg.ValidSig)]
76 if not self.valid_sigs:
77 raise SafeException('No valid signatures found. Signatures:' +
78 ''.join(['\n- ' + str(s) for s in sigs]))
79
80 notebook = gtk.Notebook()
81
82 if len(self.valid_sigs) == 1:
83 notebook.set_show_tabs(False)
84
85 label = left('Checking: ' + interface.uri)
86 label.set_padding(4, 4)
87 vbox.pack_start(label, False, True, 0)
88
89 currently_trusted_keys = trust.trust_db.get_keys_for_domain(domain)
90 if currently_trusted_keys:
91 keys = [gpg.load_key(fingerprint) for fingerprint in currently_trusted_keys]
92 descriptions = ["%s\n(fingerprint: %s)" % (key.name, pretty_fp(key.fingerprint))
93 for key in keys]
94 else:
95 descriptions = ['None']
96 dialog.frame(vbox, 'Keys already approved for "%s"' % domain, '\n'.join(descriptions))
97
98 if len(self.valid_sigs) == 1:
99 label = left('This key signed the feed:')
100 else:
101 label = left('These keys signed the feed:')
102
103 label.set_padding(4, 4)
104 vbox.pack_start(label, False, True, 0)
105
106 vbox.pack_start(notebook, True, True, 0)
107
108 self.add_button(gtk.STOCK_HELP, gtk.RESPONSE_HELP)
109 self.add_button(gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL)
110 self.add_button(gtk.STOCK_ADD, gtk.RESPONSE_OK)
111 self.set_default_response(gtk.RESPONSE_OK)
112
113 trust_checkbox = {} # Sig -> CheckButton
114 def ok_sensitive():
115 trust_any = False
116 for toggle in trust_checkbox.values():
117 if toggle.get_active():
118 trust_any = True
119 break
120 self.set_response_sensitive(gtk.RESPONSE_OK, trust_any)
121
122 for sig in self.valid_sigs:
123 if hasattr(sig, 'get_details'):
124 name = '<unknown>'
125 details = sig.get_details()
126 for item in details:
127 if item[0] in ('pub', 'uid') and \
128 len(item) > 9:
129 name = item[9]
130 break
131 else:
132 name = None
133 page = gtk.VBox(False, 4)
134 page.set_border_width(8)
135
136 dialog.frame(page, 'Fingerprint', pretty_fp(sig.fingerprint))
137
138 if name is not None:
139 dialog.frame(page, 'Claimed identity', name)
140
141 hint = left(hints.get(sig.fingerprint, 'Warning: Nothing known about this key!'))
142 hint.set_line_wrap(True)
143 dialog.frame(page, 'Unreliable hints database says', hint)
144
145 already_trusted = trust.trust_db.get_trust_domains(sig.fingerprint)
146 if already_trusted:
147 dialog.frame(page, 'You already trust this key for these domains',
148 '\n'.join(already_trusted))
149
150 trust_checkbox[sig] = gtk.CheckButton('_Trust this key')
151 page.pack_start(trust_checkbox[sig], False, True, 0)
152 trust_checkbox[sig].connect('toggled', lambda t: ok_sensitive())
153
154 notebook.append_page(page, gtk.Label(name or 'Signature'))
155
156 ok_sensitive()
157 self.vbox.show_all()
158
159 def response(box, resp):
160 if resp == gtk.RESPONSE_HELP:
161 trust_help.display()
162 return
163 if resp == gtk.RESPONSE_OK:
164 self.trust_keys([sig for sig in trust_checkbox if trust_checkbox[sig].get_active()], domain)
165 self.destroy()
166 self.connect('response', response)
167
168 def trust_keys(self, sigs, domain):
169 assert domain
170 try:
171 for sig in sigs:
172 trust.trust_db.trust_key(sig.fingerprint, domain)
173
174 trust.trust_db.notify()
175 except Exception, ex:
176 dialog.alert(None, ex)
177 if not isinstance(ex, SafeException):
178 raise
179
180 _queue = []
181 def confirm_trust(interface, sigs, iface_xml, parent):
182 """Display a dialog box asking the user to confirm that one of the
183 keys is trusted for this domain. If a trust box is already visible, this
184 one is queued until the existing one is closed.
185 @param interface: the feed being loaded
186 @type interface: L{model.Interface}
187 @param sigs: the signatures on the feed
188 @type sigs: [L{gpg.Signature}]
189 @param iface_xml: the downloaded (untrusted) XML document
190 @type iface_xml: str
191 """
192 box = TrustBox(interface, sigs, iface_xml, parent)
193 _queue.append(box)
194 if len(_queue) == 1:
195 _queue[0].show()
196 return box.closed
197
198 trust_help = help_box.HelpBox("Trust Help",
199 ('Overview', """
200 When you run a program, it typically has access to all your files and can generally do \
201 anything that you're allowed to do (delete files, send emails, etc). So it's important \
202 to make sure that you don't run anything malicious."""),
203
204 ('Digital signatures', """
205 Each software author creates a 'key-pair'; a 'public key' and a 'private key'. Without going \
206 into the maths, only something encrypted with the private key will decrypt with the public key.
207
208 So, when a programmer releases some software, they encrypt it with their private key (which no-one \
209 else has). When you download it, the injector checks that it decrypts using their public key, thus \
210 proving that it came from them and hasn't been tampered with."""),
211
212 ('Trust', """
213 After the injector has checked that the software hasn't been modified since it was signed with \
214 the private key, you still have the following problems:
215
216 1. Does the public key you have really belong to the author?
217 2. Even if the software really did come from that person, do you trust them?"""),
218
219 ('Key fingerprints', """
220 To confirm (1), you should compare the public key you have with the genuine one. To make this \
221 easier, the injector displays a 'fingerprint' for the key. Look in mailing list postings or some \
222 other source to check that the fingerprint is right (a different key will have a different \
223 fingerprint).
224
225 You're trying to protect against the situation where an attacker breaks into a web site \
226 and puts up malicious software, signed with the attacker's private key, and puts up the \
227 attacker's public key too. If you've downloaded this software before, you \
228 should be suspicious that you're being asked to confirm another key!"""),
229
230 ('Reputation', """
231 In general, most problems seem to come from malicous and otherwise-unknown people \
232 replacing software with modified versions, or creating new programs intended only to \
233 cause damage. So, check your programs are signed by a key with a good reputation!"""))
234
235 hints = {
236 '1DC295D11A3F910DA49D3839AA1A7812B40B0B6E' :
237 'Ken Hayber has been writing ROX applications since 2003. This key '
238 'was announced on the rox-users list on 5 Jun 2005.',
239
240 '4338D5420E0BAEB6B2E73530B66A4F24AB8B4B65' :
241 'Thomas Formella is experimenting with packaging programs for 0launch. This key '
242 'was announced on 11 Sep 2005 on the zero-install mailing list.',
243
244 '92429807C9853C0744A68B9AAE07828059A53CC1' :
245 'Thomas Leonard created Zero Install and ROX. This key is used to sign updates to the '
246 'injector; you should accept it.',
247
248 '0597A2AFB6B372ACB97AC6E433B938C2E9D8826D' :
249 'Stephen Watson is a project admin for the ROX desktop, and has been involved with the '
250 'project since 2000. This key has been used for signing software since the 23 Jul 2005 '
251 'announcement on the zero-install mailing list.',
252
253 'F0A0CA2A8D8FCC123F5EC04CD8D59DC384AE988E' :
254 'Piero Ottuzzi is experimenting with packaging programs for 0launch. This key has been '
255 'known since a 16 Mar 2005 post to the zero-install mailing list. It was first used to '
256 'sign software in an announcement posted on 9 Aug 2005.',
257
258 'FC71DC3364367CE82F91472DDF32928893D894E9' :
259 'Niklas Höglund is experimenting with using Zero Install on the Nokia 770. This key has '
260 'been known since the announcement of 4 Apr 2006 on the zero-install mailing list.',
261
262 'B93AAE76C40A3222425A04FA0BDA706F2C21E592' :
263 'Ilja Honkonen is experimenting with packaging software for Zero Install. This key '
264 'was announced on 2006-04-21 on the zero-install mailing list.',
265
266 '5D3D90FB4E6FE10C7F76E94DEE6BC26DBFDE8022' :
267 'Dennis Tomas leads the rox4debian packaging effort. This key has been known since '
268 'an email forwarded to the rox-devel list on 2006-05-28.',
269
270 '2E2B4E59CAC8D874CD2759D34B1095AF2E992B19' :
271 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
272 'This key was announced in a Jun 17, 2006 post to the rox-devel mailing list.',
273
274 '7722DC5085B903FF176CCAA9695BA303C9839ABC' :
275 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
276 'This key was announced in an Oct 5, 2006 post to the rox-users mailing list.',
277
278 '03DC5771716A5A329CA97EA64AB8A8E7613A266F' :
279 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
280 'This key was announced in an Oct 7, 2007 post to the rox-users mailing list.',
281
282 '617794D7C3DFE0FFF572065C0529FDB71FB13910' :
283 'This low-security key is used to sign Zero Install interfaces which have been '
284 "automatically generated by a script. Typically, the upstream software didn't "
285 "come with a signature, so it's impossible to know if the code is actually OK. "
286 "However, there is still some benefit: if the archive is modified after the "
287 "script has signed it then any further changes will be detected, so this isn't "
288 "completely pointless.",
289
290 '5E665D0ECCCF1215F725BD2FA7421904E3D1B654' :
291 'Daniel Carrera works on the OpenDocument viewer from opendocumentfellowship.org. '
292 'This key was confirmed in a zero-install mailing list post on 2007-01-09.',
293
294 '635469E565B8D340C2C9EA4C32FBC18CE63EF486' :
295 'Eric Wasylishen is experimenting with packaging software with Zero Install. '
296 'This key was announced on the zero-install mailing list on 2007-01-16 and then lost.',
297
298 'E5175248514E9D4E558B5925BC456918F32AC5D1' :
299 'Eric Wasylishen is experimenting with packaging software with Zero Install. '
300 'This key was announced on the zero-install mailing list on 2008-12-07',
301
302 'C82D382AAB381A54529019D6A0F9B035686C6996' :
303 "Justus Winter is generating Zero Install feeds from pkgsrc (which was originally "
304 "NetBSD's ports collection). This key was announced on the zero-install mailing list "
305 "on 2007-06-01.",
306
307 'D7582A2283A01A6480780AC8E1839306AE83E7E2' :
308 'Tom Adams is experimenting with packaging software with Zero Install. '
309 'This key was announced on the zero-install mailing list on 2007-08-14.',
310
311 '3B2A89E694686DC4FEEFD6F6D00CA21EC004251B' :
312 'Tuomo Valkonen is the author of the Ion tiling window manager. This key fingerprint '
313 'was taken from http://modeemi.fi/~tuomov/ on 2007-11-17.',
314
315 'A14924F4DFD1B81DED3436240C9B2C41B8D66FEA' :
316 'Andreas K. Förster is experimenting with creating Zero Install feeds. '
317 'This key was announced in a 2008-01-25 post to the zeroinstall mailing list.',
318
319 '520DCCDBE5D38E2B22ADD82672E5E2ACF037FFC4' :
320 'Thierry Goubier creates PPC binaries for the ROX desktop. This key was '
321 'announced in a 2008-02-03 posting to the rox-users list.',
322
323 '517085B7261D3B03A97515319C2C2CD1D41AF5BB' :
324 'Frank Richter is a developer of the Crystal Space 3D SDK. This key was '
325 'confirmed in a 2008-09-04 post to the zero-install-devel mailing list.',
326 }