U Ӈg@stdZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z e eZdZGdddZdS) z0gpg.py - Collection of gpg key related functionsN)TemporaryDirectory)DictOptional)subpZ GNUPGHOMEc@seZdZddZddZeeeefdddZdd Z d dd d Z ee ed ddZ eed ddZ d"eedddZd#eed dddZed d ddZd$eee edddZd dd d!Zd S)%GPGcCsd|_i|_t|_dS)NF) gpg_started_envrtemp_dirselfr //usr/lib/python3/dist-packages/cloudinit/gpg.py__init__sz GPG.__init__cCs|SNr r r r r __enter__sz GPG.__enter__)returncCs&|jr |jSd|_t|jji|_|jS)awhen this env property gets invoked, set up our temporary directory, and also set gpg_started to tell the cleanup() method whether or not why put this here and not in __init__? pytest seems unhappy and it's not obvious how to work around it T)rrHOMEr namer r r r env"s zGPG.envcCs |dSr)cleanup)r Zexc_typ exc_value tracebackr r r __exit__1sz GPG.__exit__NcCs,||jr(tj|jjr(|jdS)z0cleanup the gpg temporary directory and kill gpgN)kill_gpgr ospathisdirrrr r r r r4sz GPG.cleanup)keyrc CsVztjddd|gd|jdjWStjk rP}ztd||W5d}~XYnXdS)z*Export gpg key, armoured key gets returnedgpgz--exportz--armourTcapture update_env&Failed to export armoured key "%s": %sN)rrstdoutProcessExecutionErrorLOGdebugr rerrorr r r export_armour:s   zGPG.export_armourcCstjddg|d|jdjS)zDearmor gpg key, dearmored key gets returned note: man gpg(1) makes no mention of an --armour spelling, only --armor rz --dearmorF)datadecoder!)rrr#)r rr r r dearmorGs z GPG.dearmorF)key_filercCsTddddddg}|s|d||tj||jdd \}}|rPtd |||S) zList keys from a keyring with fingerprints. Default to a stable machine parseable format. @param key_file: a string containing a filepath to a key @param human_output: return output intended for human parsing rz --no-optionsz--with-fingerprintz--no-default-keyringz --list-keysz --keyringz --with-colonsT)r!r r")appendrrr%warning)r r-Z human_outputcmdr#stderrr r r list_keysPs$  z GPG.list_keysr4)r keyserverrc Cstd||d}d}t|pg}|d7}z6tjddd|d|gd |jd td |||WdStjk r}z|}W5d}~XYnXz&t|}td |j|t |Wq"t k r}zt d ||||f|W5d}~XYq"Xq"dS)aReceive gpg key from the specified keyserver. Retries are done by default because keyservers can be unreliable. Additionally, there is no way to determine the difference between a non-existent key and a failure. In both cases gpg (at least 2.2.4) exits with status 2 and stderr: "keyserver receive failed: No data" It is assumed that a key provided to cloud-init exists on the keyserver so re-trying makes better sense than failing. @param key: a string key fingerprint (as passed to gpg --recv-keys). @param keyserver: the keyserver to request keys from. @param retries: an iterable of sleep lengths for retries. Use None to indicate no retries.z&Importing key '%s' from keyserver '%s'rNr4rz--no-ttyz--keyserver=%sz --recv-keysTrz/Imported key '%s' from keyserver '%s' on try %dz6Import failed with exit code %d, will try again in %ssz@Failed to import key '%s' from keyserver '%s' after %d tries: %s) r%r&iterrrr$nextZ exit_codetimesleep StopIteration ValueError) r rr5ZretriesZtrynumr(ZsleepseZnaplenr r r recv_keyjsR   z GPG.recv_keyc CsXz tjdddd|gd|jdWn2tjk rR}ztd||W5d}~XYnXdS) z0Delete the specified key from the local gpg ringrz--batchz--yesz --delete-keysTrzFailed delete key "%s": %sN)rrr$r%r/r'r r r delete_keys  zGPG.delete_keykeyserver.ubuntu.com)keyidr5rc Csd||}|s`zDz|j||d||}Wn"tk rNtd|YnXW5||X|S)zget gpg keyid from keyserver)r5zFailed to obtain gpg key %s)r)r>r=r;r%Z exception)r r@r5Zarmourr r r getkeybyids    zGPG.getkeybyidc Csz|jsWdStdr4tjdddgd|jdj}njtjddd d d d d d d g dddgdj}td|}dd|D}|rtd||D]}t |t j qWn0tj k r}ztd|W5d}~XYnXdS)akilling with gpgconf is best practice, but when it isn't available failover is possible GH: 4344 - stop gpg-agent/dirmgr daemons spawned by gpg key imports. Daemons spawned by cloud-config.service on systemd v253 report (running) NZgpgconfz--killallTrZpsz-ozppid,pidz-CZkeyboxdZdirmngrz gpg-agentrr4)r Zrcsz(?P\d+)\s+(?P\d+)cSs$g|]}|ddkrt|dqS)r1r4)int).0pidr r r s z GPG.kill_gpg..z&Killing gpg-agent and dirmngr pids: %sz"Failed to clean up gpg process: %s)rrZwhichrr#refindallr%r&rkillsignalSIGKILLr$r/)r Zgpg_process_outZgpg_pidsZ root_gpg_pidsZgpg_pidr<r r r rsN   z GPG.kill_gpg)F)r3)r?)__name__ __module__ __qualname__rrpropertyrstrrrrrr)r,r2r=r>rArr r r r rs$  7  r)__doc__ZloggingrrHrKr8ZtempfilertypingrrZ cloudinitrZ getLoggerrMr%rrr r r r s