Add signing to the ACI converter

2015-02-04 15:29:24 -05:00 · 2015-02-04 15:29:24 -05:00 · bfb0784abc
commit bfb0784abc
parent 81b5b8d1dc
14 changed files with 311 additions and 90 deletions
--- a/util/signing.py
+++ b/util/signing.py
@ -0,0 +1,69 @@
+import gpgme
+import os
+from StringIO import StringIO
+
+class GPG2Signer(object):
+  """ Helper class for signing data using GPG2. """
+  def __init__(self, app, key_directory):
+    if not app.config.get('GPG2_PRIVATE_KEY_NAME'):
+      raise Exception('Missing configuration key GPG2_PRIVATE_KEY_NAME')
+
+    if not app.config.get('GPG2_PRIVATE_KEY_FILENAME'):
+      raise Exception('Missing configuration key GPG2_PRIVATE_KEY_FILENAME')
+
+    if not app.config.get('GPG2_PUBLIC_KEY_FILENAME'):
+      raise Exception('Missing configuration key GPG2_PUBLIC_KEY_FILENAME')
+
+    self._ctx = gpgme.Context()
+    self._ctx.armor = True
+    self._private_key_name = app.config['GPG2_PRIVATE_KEY_NAME']
+    self._public_key_path = os.path.join(key_directory, app.config['GPG2_PUBLIC_KEY_FILENAME'])
+
+    key_file = os.path.join(key_directory, app.config['GPG2_PRIVATE_KEY_FILENAME'])
+    if not os.path.exists(key_file):
+      raise Exception('Missing key file %s' % key_file)
+
+    with open(key_file, 'rb') as fp:
+      self._ctx.import_(fp)
+
+  @property
+  def name(self):
+    return 'gpg2'
+
+  @property
+  def public_key_path(self):
+    return self._public_key_path
+
+  def detached_sign(self, stream):
+    """ Signs the given stream, returning the signature. """
+    ctx = self._ctx
+    ctx.signers = [ctx.get_key(self._private_key_name)]
+    signature = StringIO()
+    new_sigs = ctx.sign(stream, signature, gpgme.SIG_MODE_DETACH)
+
+    signature.seek(0)
+    return signature.getvalue()
+
+
+class Signer(object):
+  def __init__(self, app=None, key_directory=None):
+    self.app = app
+    if app is not None:
+      self.state = self.init_app(app, key_directory)
+    else:
+      self.state = None
+
+  def init_app(self, app, key_directory):
+    preference = app.config.get('SIGNING_ENGINE', None)
+    if preference is None:
+      return None
+
+    return SIGNING_ENGINES[preference](app, key_directory)
+
+  def __getattr__(self, name):
+    return getattr(self.state, name, None)
+
+
+SIGNING_ENGINES = {
+  'gpg2': GPG2Signer
+}
--- a/util/tarlayerformat.py
+++ b/util/tarlayerformat.py
@ -44,6 +44,11 @@ class TarLayerFormat(object):
          # properly handle large filenames.
          clone = copy.deepcopy(tar_info)
          clone.name = os.path.join(self.path_prefix, clone.name)
+
+          # If the entry is a link of some kind, and it is not relative, then prefix it as well.
+          if clone.linkname and clone.type == tarfile.LNKTYPE:
+            clone.linkname = os.path.join(self.path_prefix, clone.linkname)
+
          yield clone.tobuf()
        else:
          yield tar_info.tobuf()