search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added Thierry Goubier's key.
[zeroinstall/zeroinstall-rsl.git] / zeroinstall / 0launch-gui / trust_box.py
blobbe0a6ee263b572ab11a31fd01b4aa8b5858c50fd
1 # -*- coding: utf-8 -*-
2
3 import gtk
4 from zeroinstall.injector.model import SafeException
5 from zeroinstall.injector import gpg, trust
6 from zeroinstall.injector.iface_cache import iface_cache
7 from zeroinstall.support import tasks
8
9 import gui
10 import dialog, help_box
11
12 def pretty_fp(fp):
13 s = fp[0:4]
14 for x in range(4, len(fp), 4):
15 s += ' ' + fp[x:x + 4]
16 return s
17
18 class TrustBox(dialog.Dialog):
19 interface = None
20 sigs = None
21 iface_xml = None
22 valid_sigs = None
23 parent = None
24 closed = None
25
26 def __init__(self, interface, sigs, iface_xml, parent):
27 dialog.Dialog.__init__(self)
28 self.set_transient_for(parent)
29
30 self.closed = tasks.Blocker("confirming keys with user")
31
32 domain = trust.domain_from_url(interface.uri)
33 assert domain
34
35 def destroy(box):
36 global _queue
37 assert _queue[0] is self
38 del _queue[0]
39
40 self.closed.trigger()
41
42 # Remove any queued boxes that are no longer required
43 def still_untrusted(box):
44 for sig in box.valid_sigs:
45 is_trusted = trust.trust_db.is_trusted(sig.fingerprint, domain)
46 if is_trusted:
47 return False
48 return True
49 if _queue:
50 next = _queue[0]
51 if still_untrusted(next):
52 next.show()
53 else:
54 next.trust_keys([], domain)
55 next.destroy() # Will trigger this again...
56 self.connect('destroy', destroy)
57
58 def left(text):
59 label = gtk.Label(text)
60 label.set_alignment(0, 0.5)
61 label.set_selectable(True)
62 return label
63
64 self.interface = interface
65 self.sigs = sigs
66 self.iface_xml = iface_xml
67
68 self.set_title('Confirm trust')
69
70 vbox = gtk.VBox(False, 4)
71 vbox.set_border_width(4)
72 self.vbox.pack_start(vbox, True, True, 0)
73
74 self.valid_sigs = [s for s in sigs if isinstance(s, gpg.ValidSig)]
75 if not self.valid_sigs:
76 raise SafeException('No valid signatures found. Signatures:' +
77 ''.join(['\n- ' + str(s) for s in sigs]))
78
79 notebook = gtk.Notebook()
80
81 if len(self.valid_sigs) == 1:
82 notebook.set_show_tabs(False)
83
84 label = left('Checking: ' + interface.uri)
85 label.set_padding(4, 4)
86 vbox.pack_start(label, False, True, 0)
87
88 currently_trusted_keys = trust.trust_db.get_keys_for_domain(domain)
89 if currently_trusted_keys:
90 keys = [gpg.load_key(fingerprint) for fingerprint in currently_trusted_keys]
91 descriptions = ["%s\n(fingerprint: %s)" % (key.name, pretty_fp(key.fingerprint))
92 for key in keys]
93 else:
94 descriptions = ['None']
95 dialog.frame(vbox, 'Keys already approved for "%s"' % domain, '\n'.join(descriptions))
96
97 if len(self.valid_sigs) == 1:
98 label = left('This key signed the feed:')
99 else:
100 label = left('These keys signed the feed:')
101
102 label.set_padding(4, 4)
103 vbox.pack_start(label, False, True, 0)
104
105 vbox.pack_start(notebook, True, True, 0)
106
107 self.add_button(gtk.STOCK_HELP, gtk.RESPONSE_HELP)
108 self.add_button(gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL)
109 self.add_button(gtk.STOCK_ADD, gtk.RESPONSE_OK)
110 self.set_default_response(gtk.RESPONSE_OK)
111
112 trust_checkbox = {} # Sig -> CheckButton
113 def ok_sensitive():
114 trust_any = False
115 for toggle in trust_checkbox.values():
116 if toggle.get_active():
117 trust_any = True
118 break
119 self.set_response_sensitive(gtk.RESPONSE_OK, trust_any)
120
121 for sig in self.valid_sigs:
122 if hasattr(sig, 'get_details'):
123 name = '<unknown>'
124 details = sig.get_details()
125 for item in details:
126 if item[0] in ('pub', 'uid') and \
127 len(item) > 9:
128 name = item[9]
129 break
130 else:
131 name = None
132 page = gtk.VBox(False, 4)
133 page.set_border_width(8)
134
135 dialog.frame(page, 'Fingerprint', pretty_fp(sig.fingerprint))
136
137 if name is not None:
138 dialog.frame(page, 'Claimed identity', name)
139
140 hint = left(hints.get(sig.fingerprint, 'Warning: Nothing known about this key!'))
141 hint.set_line_wrap(True)
142 dialog.frame(page, 'Unreliable hints database says', hint)
143
144 already_trusted = trust.trust_db.get_trust_domains(sig.fingerprint)
145 if already_trusted:
146 dialog.frame(page, 'You already trust this key for these domains',
147 '\n'.join(already_trusted))
148
149 trust_checkbox[sig] = gtk.CheckButton('_Trust this key')
150 page.pack_start(trust_checkbox[sig], False, True, 0)
151 trust_checkbox[sig].connect('toggled', lambda t: ok_sensitive())
152
153 notebook.append_page(page, gtk.Label(name or 'Signature'))
154
155 ok_sensitive()
156 self.vbox.show_all()
157
158 def response(box, resp):
159 if resp == gtk.RESPONSE_HELP:
160 trust_help.display()
161 return
162 if resp == gtk.RESPONSE_OK:
163 self.trust_keys([sig for sig in trust_checkbox if trust_checkbox[sig].get_active()], domain)
164 self.destroy()
165 self.connect('response', response)
166
167 def trust_keys(self, sigs, domain):
168 assert domain
169 try:
170 for sig in sigs:
171 trust.trust_db.trust_key(sig.fingerprint, domain)
172
173 trust.trust_db.notify()
174 except Exception, ex:
175 dialog.alert(None, ex)
176 if not isinstance(ex, SafeException):
177 raise
178
179 _queue = []
180 def confirm_trust(interface, sigs, iface_xml, parent):
181 """Display a dialog box asking the user to confirm that one of the
182 keys is trusted for this domain. If a trust box is already visible, this
183 one is queued until the existing one is closed.
184 @param interface: the feed being loaded
185 @type interface: L{model.Interface}
186 @param sigs: the signatures on the feed
187 @type sigs: [L{gpg.Signature}]
188 @param iface_xml: the downloaded (untrusted) XML document
189 @type iface_xml: str
190 """
191 box = TrustBox(interface, sigs, iface_xml, parent)
192 _queue.append(box)
193 if len(_queue) == 1:
194 _queue[0].show()
195 return box.closed
196
197 trust_help = help_box.HelpBox("Trust Help",
198 ('Overview', """
199 When you run a program, it typically has access to all your files and can generally do \
200 anything that you're allowed to do (delete files, send emails, etc). So it's important \
201 to make sure that you don't run anything malicious."""),
202
203 ('Digital signatures', """
204 Each software author creates a 'key-pair'; a 'public key' and a 'private key'. Without going \
205 into the maths, only something encrypted with the private key will decrypt with the public key.
206
207 So, when a programmer releases some software, they encrypt it with their private key (which no-one \
208 else has). When you download it, the injector checks that it decrypts using their public key, thus \
209 proving that it came from them and hasn't been tampered with."""),
210
211 ('Trust', """
212 After the injector has checked that the software hasn't been modified since it was signed with \
213 the private key, you still have the following problems:
214
215 1. Does the public key you have really belong to the author?
216 2. Even if the software really did come from that person, do you trust them?"""),
217
218 ('Key fingerprints', """
219 To confirm (1), you should compare the public key you have with the genuine one. To make this \
220 easier, the injector displays a 'fingerprint' for the key. Look in mailing list postings or some \
221 other source to check that the fingerprint is right (a different key will have a different \
222 fingerprint).
223
224 You're trying to protect against the situation where an attacker breaks into a web site \
225 and puts up malicious software, signed with the attacker's private key, and puts up the \
226 attacker's public key too. If you've downloaded this software before, you \
227 should be suspicious that you're being asked to confirm another key!"""),
228
229 ('Reputation', """
230 In general, most problems seem to come from malicous and otherwise-unknown people \
231 replacing software with modified versions, or creating new programs intended only to \
232 cause damage. So, check your programs are signed by a key with a good reputation!"""))
233
234 hints = {
235 '1DC295D11A3F910DA49D3839AA1A7812B40B0B6E' :
236 'Ken Hayber has been writing ROX applications since 2003. This key '
237 'was announced on the rox-users list on 5 Jun 2005.',
238
239 '4338D5420E0BAEB6B2E73530B66A4F24AB8B4B65' :
240 'Thomas Formella is experimenting with packaging programs for 0launch. This key '
241 'was announced on 11 Sep 2005 on the zero-install mailing list.',
242
243 '92429807C9853C0744A68B9AAE07828059A53CC1' :
244 'Thomas Leonard created Zero Install and ROX. This key is used to sign updates to the '
245 'injector; you should accept it.',
246
247 '0597A2AFB6B372ACB97AC6E433B938C2E9D8826D' :
248 'Stephen Watson is a project admin for the ROX desktop, and has been involved with the '
249 'project since 2000. This key has been used for signing software since the 23 Jul 2005 '
250 'announcement on the zero-install mailing list.',
251
252 'F0A0CA2A8D8FCC123F5EC04CD8D59DC384AE988E' :
253 'Piero Ottuzzi is experimenting with packaging programs for 0launch. This key has been '
254 'known since a 16 Mar 2005 post to the zero-install mailing list. It was first used to '
255 'sign software in an announcement posted on 9 Aug 2005.',
256
257 'FC71DC3364367CE82F91472DDF32928893D894E9' :
258 'Niklas Höglund is experimenting with using Zero Install on the Nokia 770. This key has '
259 'been known since the announcement of 4 Apr 2006 on the zero-install mailing list.',
260
261 'B93AAE76C40A3222425A04FA0BDA706F2C21E592' :
262 'Ilja Honkonen is experimenting with packaging software for Zero Install. This key '
263 'was announced on 2006-04-21 on the zero-install mailing list.',
264
265 '5D3D90FB4E6FE10C7F76E94DEE6BC26DBFDE8022' :
266 'Dennis Tomas leads the rox4debian packaging effort. This key has been known since '
267 'an email forwarded to the rox-devel list on 2006-05-28.',
268
269 '2E2B4E59CAC8D874CD2759D34B1095AF2E992B19' :
270 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
271 'This key was announced in a Jun 17, 2006 post to the rox-devel mailing list.',
272
273 '7722DC5085B903FF176CCAA9695BA303C9839ABC' :
274 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
275 'This key was announced in an Oct 5, 2006 post to the rox-users mailing list.',
276
277 '03DC5771716A5A329CA97EA64AB8A8E7613A266F' :
278 'Lennon Cook creates the FreeBSD-x86 binaries for various ROX applications. '
279 'This key was announced in an Oct 7, 2007 post to the rox-users mailing list.',
280
281 '617794D7C3DFE0FFF572065C0529FDB71FB13910' :
282 'This low-security key is used to sign Zero Install interfaces which have been '
283 "automatically generated by a script. Typically, the upstream software didn't "
284 "come with a signature, so it's impossible to know if the code is actually OK. "
285 "However, there is still some benefit: if the archive is modified after the "
286 "script has signed it then any further changes will be detected, so this isn't "
287 "completely pointless.",
288
289 '5E665D0ECCCF1215F725BD2FA7421904E3D1B654' :
290 'Daniel Carrera works on the OpenDocument viewer from opendocumentfellowship.org. '
291 'This key was confirmed in a zero-install mailing list post on 2007-01-09.',
292
293 '635469E565B8D340C2C9EA4C32FBC18CE63EF486' :
294 'Eric Wasylishen is experimenting with packaging software with Zero Install. '
295 'This key was announced on the zero-install mailing list on 2007-01-16.',
296
297 'C82D382AAB381A54529019D6A0F9B035686C6996' :
298 "Justus Winter is generating Zero Install feeds from pkgsrc (which was originally "
299 "NetBSD's ports collection). This key was announced on the zero-install mailing list "
300 "on 2007-06-01.",
301
302 'D7582A2283A01A6480780AC8E1839306AE83E7E2' :
303 'Tom Adams is experimenting with packaging software with Zero Install. '
304 'This key was announced on the zero-install mailing list on 2007-08-14.',
305
306 '3B2A89E694686DC4FEEFD6F6D00CA21EC004251B' :
307 'Tuomo Valkonen is the author of the Ion tiling window manager. This key fingerprint '
308 'was taken from http://modeemi.fi/~tuomov/ on 2007-11-17.',
309
310 'A14924F4DFD1B81DED3436240C9B2C41B8D66FEA' :
311 'Andreas K. Förster is experimenting with creating Zero Install feeds. '
312 'This key was announced in a 2008-01-25 post to the zeroinstall mailing list.',
313
314 '520DCCDBE5D38E2B22ADD82672E5E2ACF037FFC4' :
315 'Thierry Goubier creates PPC binaries for the ROX desktop. This key was '
316 'announced in a 2008-02-03 posting to the rox-users list.'
317 }