관리-도구

편집 파일: gpg.cpython-39.pyc

a ����'�Dg�����������������������@���st���d�Z�d
dl
Z
d
dlZd
dlZd
dlZd
dlZd
dlmZ
�d
dlm Z m Z
�d
dlmZ
�e
� e�
ZdZG�dd��d�ZdS�) z0gpg.py - Collection of gpg key related functions�����N)
�TemporaryDirectory)�Dict�Optional)
�subpZ GNUPGHOMEc�������������������@���s����e�Z
d�Zd
d��Zdd��Zeeeef�d�
dd��
Zdd ��Z d d�
dd�Z eee�d �dd�Zeed �dd�Z d"eed�dd�Zd#eed d�dd�Zed d �dd�Zd$eeee�d�dd�Zd d�
d d!�Zd S�)%�GPGc
�����������
������C���s���d
|�_�i�|�_
t��|�_d�S�)NF)�gpg_started�_envr����temp_dir�
�self��r����1/usr/lib/python3.9/site-packages/cloudinit/gpg.py�__init__���s����


zGPG.__init__c
�����������
���
���C���s���|�S��
Nr���r ���r���r���r ���� __enter__���s����
z GPG.__enter__)
�returnc
�����������
������C���s&���|�j�r|�j�S�d
|�_
t|�jji
|�_�|�j�S�)a
��when this env property gets invoked, set up our temporary directory, and also set gpg_started to tell the cleanup() method whether or not why put this here and not in __init__? pytest seems unhappy and it's not obvious how to work around it T)r���r����HOMEr ����namer ���r���r���r ����env"���s ���� 



zGPG.envc�����������������C���s���|�����
�d�S�r���)
�cleanup)r���Zexc_typ� exc_value� tracebackr���r���r ����__exit__1���s����
zGPG.__exit__Nc
�����������
������C���s,���|�����
�|�j
r(tj�|�j
j�
r(|�j
���
�d
S�)z0cleanup the gpg temporary directory and kill gpgN)�kill_gpgr ����os�path�isdirr���r���r ���r���r���r ���r���4���s����

zGPG.cleanup)�keyr���c�������������� ���C���sX���zt�j�d
dd|
gd|�j
d�jW�S��t�jyR
�}
�zt�d|
|�
�W�Y�d}~n d}~0�0�dS�)z*Export gpg key, armoured key gets returned�gpgz--exportz--armourT��capture� update_env�&Failed to export armoured key "%s": %sN)r���r����stdout�ProcessExecutionError�LOG�debug�r���r����errorr���r���r ���� export_armour:���s����



� $
zGPG.export_armourc�����������������C���s���t�j�d
dg|
d|�j
d�jS�)z�Dearmor gpg key, dearmored key gets returned note: man gpg(1) makes no mention of an --armour spelling, only --armor r���z --dearmorF)�data�decoder!���)r���r���r#���)r���r���r���r���r ����dearmorG���s����
�zGPG.dearmorF)�key_filer���c�����������������C���sL���g�d
�
}|s|��d�

�|��|
�

�t
j
||�jdd�\}}|rHt�d|
|�
�|S�)z�List keys from a keyring with fingerprints. Default to a stable machine parseable format. @param key_file: a string containing a filepath to a key @param human_output: return output intended for human parsing )r���z--no-optionsz--with-fingerprintz--no-default-keyringz--list-keysz --keyringz --with-colonsT)r!���r ���r"���)�appendr���r���r%����warning)r���r-���Zhuman_output�cmdr#����stderrr���r���r ���� list_keysP���s����




�z GPG.list_keys��
���r4���)r���� keyserverr���c����������� ��� ���C���s����t��
d
|
|�
�d}d}t|pg��
}|d7�}z6tjddd|�d|
gd |�jd �
�t��
d|
||�
�W�dS��tjy�
�}
�z|}W�Y�d}~n d}~0�0�z&t|�
}t��
d|j|�
�t� |�

�W�q"�t y�
�}
�z"td |
|||f��
|�W�Y�d}~q"d}~0�0�q"dS�)a���Receive gpg key from the specified keyserver. Retries are done by default because keyservers can be unreliable. Additionally, there is no way to determine the difference between a non-existent key and a failure. In both cases gpg (at least 2.2.4) exits with status 2 and stderr: "keyserver receive failed: No data" It is assumed that a key provided to cloud-init exists on the keyserver so re-trying makes better sense than failing. @param key: a string key fingerprint (as passed to gpg --recv-keys). @param keyserver: the keyserver to request keys from. @param retries: an iterable of sleep lengths for retries. Use None to indicate no retries.z&Importing key '%s' from keyserver '%s'r
���Nr4���r���z--no-ttyz--keyserver=%sz--recv-keysTr���z/Imported key '%s' from keyserver '%s' on try %dz6Import failed with exit code %d, will try again in %ssz@Failed to import key '%s' from keyserver '%s' after %d tries: %s)r%���r&����iterr���r���r$����nextZ exit_code�time�sleep� StopIteration� ValueError) r���r���r5���ZretriesZtrynumr(���Zsleeps�
eZnaplenr���r���r ����recv_keyj���sR����








�
�



�







�



���zGPG.recv_keyc�������������� ���C���sZ���z t�j�d
ddd|
gd|�j
d�
�W�n4�t�jyT
�}
�zt�d|
|�
�W�Y�d}~n d}~0�0�dS�) z0Delete the specified key from the local gpg ringr���z--batchz--yesz --delete-keysTr���zFailed delete key "%s": %sN)r���r���r$���r%���r/���r'���r���r���r ���� delete_key����s����



� 
zGPG.delete_key�keyserver.ubuntu.com)�keyidr5���r���c�������������� ���C���sl���|���|
�
}|shzLz|�j
|
|d
�
�|���|
�
}W�n �tyL
�
�
�t�d|
�
���Y�n0�W�|��|
�

�n|��|
�

�0�|S�)zget gpg keyid from keyserver)
r5���zFailed to obtain gpg key %s)r)���r=���r;���r%���� exceptionr>���)r���r@���r5���Zarmourr���r���r ���� getkeybyid����s����







zGPG.getkeybyidc
�������������� ���C���s����z�|�j�sW�d
S�t
�d�
r2t
j
g�d�
d|�jd�j}
n\t
j
g�d�
dddgd �j}
t�d |
�}dd��|D��
}|rvt�d |�
�|D�]}t � |tj�
�qzW�n2�t
j y�
�}
�zt�d|�
�W�Y�d
}~n d
}~0�0�d
S�)a
��killing with gpgconf is best practice, but when it isn't available failover is possible GH: 4344 - stop gpg-agent/dirmgr daemons spawned by gpg key imports. Daemons spawned by cloud-config.service on systemd v253 report (running) N�gpgconf)rC���z--kill�allTr���) Zpsz-ozppid,pid�-CZkeyboxdrE���ZdirmngrrE���z gpg-agentr
���r4���)r ���Zrcsz(?P<ppid>\d+)\s+(?P<pid>\d+)c
�����������������S���s$���g�|�]}
|
d��d
krt�|
d��
�qS�)r
����
1r4���)
�int)�.0�pidr���r���r ���� <listcomp>����s���
z GPG.kill_gpg.<locals>.<listcomp>z&Killing gpg-agent and dirmngr pids: %sz"Failed to clean up gpg process: %s)r���r����whichr���r#����re�findallr%���r&���r����kill�signal�SIGKILLr$���r/���)r���Zgpg_process_outZgpg_pidsZ root_gpg_pidsZgpg_pidr<���r���r���r ���r�������s8����






� 

�
�
�

�


zGPG.kill_gpg)
F)
r3���)
r?���)�__name__� __module__�__qualname__r���r����propertyr����strr���r���r���r���r)���r,���r2���r=���r>���rB���r���r���r���r���r ���r������s"���

  7��

�r���)�__doc__Zloggingr���rL���rO���r8���Ztempfiler����typingr���r���Z cloudinitr���Z getLoggerrQ���r%���r���r���r���r���r���r ����<module>���s���