File: //etc/leapp/repos.d/system_upgrade/common/libraries/gpg.pyo
��
��ic������������@���s����d��d��l��Z��d��d��l��m��Z���d��d��l��m��Z��m��Z���d��d��l��m��Z��m��Z���d��d��l �m
�Z
��d��Z��d�����Z��d�����Z
�d ����Z��d
����Z��d�����Z��d�����Z��d��S(
���i����N(����t����config(����t����get_source_major_versiont����get_target_major_version(����t����apit����run(����t����GpgKeys����rpm-gpgc������������C���s;���g��|��j��D]-�}��|��j��d��k��r
�t��d��|��j��d��t�����^��q
�S(����s����
Return the list of fingerprints of GPG keys in RPM DB
This function returns short 8 characters fingerprints of trusted GPG keys
"installed" in the source OS RPM database. These look like normal packages
named "gpg-pubkey" and the fingerprint is present in the version field.
:param installed_rpms: List of installed RPMs
:type installed_rpms: list(leapp.models.RPM)
:return: list of GPG keys from RPM DB
:rtype: list(leapp.models.GpgKey)
s
���gpg-pubkeyt����fingerprintt����rpmdb(����t����itemst����nameR����t����versiont����True(����t����installed_rpmst����pkg(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����get_pubkeys_from_rpms����s�����
c������������C���s����y_�d��g��}��t�����d��k��r+�|��j��d������n
�|��j��d������|��d��|��g��7}��t��|��d��t��d��t�����SWn?��t��k
�r���}���d��j��|��t��|��������}��t��j ����j
�|������i��SXd �S(
���s����
Show keys in given file in version-agnostic manner
This runs gpg --show-keys (EL8) or gpg --with-fingerprints (EL7)
to verify the given file exists, is readable and contains valid
OpenPGP key data, which is printed in parsable format (--with-colons).
t����gpg2t����7s����--with-fingerprints����--show-keyss
���--with-colonst����splitt����checkeds.���Failed to read fingerprint from GPG key {}: {}N(����R����t����appendR����R����t����Falset����OSErrort����formatt����strR����t����current_loggert����error(����t����key_patht����cmdt����errR����(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����_gpg_show_keys����s�������� �����
�����������c������������C���s����|���s��|��d���r��g��Sg��}��x��|��d���D]��}��|���s&�|��j��d������rI�q&�n��|��j��d�����}��t��|�����d��k��r��t��|��d������d��k��r��|��j��|��d���d���j���������q&�t��j�����j��d��j��|���������q&�W|��S( ���sL���
Parse the output of gpg --show-keys --with-colons.
Return list of 8 characters fingerprints per each gpgkey for the given
output from stdlib.run() or None if some error occurred. Either the
command return non-zero exit code, the file does not exists, its not
readable or does not contain any openpgp data.
t ���exit_codet����stdouts����pub:t����:i����i����i����s(���Cannot parse the gpg2 output. Line: "{}"( ���t
���startswithR����t����lenR����t����lowerR����R����t����warningR����(����t����outputt����gpg_fpst����linet����parts(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����_parse_fp_from_gpg5���s����� ��� ����������(���������c������������C���sN���t��|�����}��t��|�����}��|��sJ�d��j��|��|��d������}��t��j�����j��|������n��|��S(����sZ���
Return the list of public key fingerprints from the given file
Log warning in case no OpenPGP data found in the given file or it is not
readable for some reason.
:param key_path: Path to the file with GPG key(s)
:type key_path: str
:return: List of public key fingerprints from the given file
:rtype: list(str)
s'���Unable to read OpenPGP keys from {}: {}t����stderr(����R����R)���R����R����R����R$���(����R����t����rest����fpt ���error_msg(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����get_gpg_fp_from_fileX���s����������������c������������C���s^���t�����}��t��j��d�����}��|��}��|��d��k��r<�d��j��|�����}��n��d��t��j��j��t��j��t ����|�����g��S(����sB���
Get path to the directory with trusted target gpg keys in the common leapp repository.
GPG keys stored under this directory are considered as trusted and are
installed during the upgrade process.
:return: Path to the directory with GPG keys stored under the common leapp repository.
:rtype: str
t����targett����betas����{}betas#���/etc/leapp/files/vendors.d/rpm-gpg/(
���R����R����t����get_product_typeR����t����ost����patht����joinR����t����get_common_folder_patht����GPG_CERTS_FOLDER(����t����target_major_versiont����target_product_typet ���certs_dir(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����get_path_to_gpg_certsl���s�����
�����������c������������C���s����t��j��d��t�����d��k��S(����s����
Return True if the GPG check should be skipped.
The GPG check is skipped if leapp is executed with LEAPP_NOGPGCHECK=1
or with the --nogpgcheck CLI option. In both cases, actors will see
LEAPP_NOGPGCHECK is '1'.
:rtype: bool
t����LEAPP_NOGPGCHECKt����1(����R����t����get_envR����(����(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����is_nogpgcheck_set����s�����
(����R2���t����leapp.libraries.commonR����t%���leapp.libraries.common.config.versionR����R����t����leapp.libraries.stdlibR����R����t����leapp.modelsR����R6���R����R����R)���R.���R:���R>���(����(����(����sO���/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/gpg.pyt����<module>����s���������������� � � # � �