summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ehrhardt <christian.ehrhardt@canonical.com>2016-06-06 09:18:17 +0200
committerChristian Ehrhardt <christian.ehrhardt@canonical.com>2016-06-06 09:18:17 +0200
commitdca09871e61186deb216ce5cb1fc5db3b69c9fc2 (patch)
treee04994a6445415b6dd1527c8bcdd4af264acd1b0
parenteee526be37d47bae4196b88c3b2ecd4fdf0bbc8c (diff)
downloadvyos-cloud-init-dca09871e61186deb216ce5cb1fc5db3b69c9fc2.tar.gz
vyos-cloud-init-dca09871e61186deb216ce5cb1fc5db3b69c9fc2.zip
pythonify getkeybyid and move it to uitl.py
-rw-r--r--cloudinit/config/cc_apt_configure.py27
-rw-r--r--cloudinit/util.py38
2 files changed, 39 insertions, 26 deletions
diff --git a/cloudinit/config/cc_apt_configure.py b/cloudinit/config/cc_apt_configure.py
index 7a9777c0..2f270662 100644
--- a/cloudinit/config/cc_apt_configure.py
+++ b/cloudinit/config/cc_apt_configure.py
@@ -34,21 +34,6 @@ APT_PROXY_FN = "/etc/apt/apt.conf.d/95cloud-init-proxy"
# this will match 'XXX:YYY' (ie, 'cloud-archive:foo' or 'ppa:bar')
ADD_APT_REPO_MATCH = r"^[\w-]+:\w"
-# A temporary shell program to get a given gpg key
-# from a given keyserver
-EXPORT_GPG_KEYID = """
- k=${1} ks=${2};
- exec 2>/dev/null
- [ -n "$k" ] || exit 1;
- armour=$(gpg --export --armour "${k}")
- if [ -z "${armour}" ]; then
- gpg --keyserver ${ks} --recv "${k}" >/dev/null &&
- armour=$(gpg --export --armour "${k}") &&
- gpg --batch --yes --delete-keys "${k}"
- fi
- [ -n "${armour}" ] && echo "${armour}"
-"""
-
def handle(name, cfg, cloud, log, _args):
if util.is_false(cfg.get('apt_configure_enabled', True)):
@@ -108,16 +93,6 @@ def handle(name, cfg, cloud, log, _args):
util.logexc(log, "Failed to run debconf-set-selections")
-# get gpg keyid from keyserver
-def getkeybyid(keyid, keyserver):
- with util.ExtendedTemporaryFile(suffix='.sh', mode="w+", ) as fh:
- fh.write(EXPORT_GPG_KEYID)
- fh.flush()
- cmd = ['/bin/sh', fh.name, keyid, keyserver]
- (stdout, _stderr) = util.subp(cmd)
- return stdout.strip()
-
-
def mirror2lists_fileprefix(mirror):
string = mirror
# take off http:// or ftp://
@@ -192,7 +167,7 @@ def add_key(ent):
keyserver = "keyserver.ubuntu.com"
if 'keyserver' in ent:
keyserver = ent['keyserver']
- ent['key'] = getkeybyid(ent['keyid'], keyserver)
+ ent['key'] = util.getkeybyid(ent['keyid'], keyserver)
if 'key' in ent:
add_key_raw(ent['key'])
diff --git a/cloudinit/util.py b/cloudinit/util.py
index d6b80dbe..d3b14f72 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -2234,3 +2234,41 @@ def message_from_string(string):
if sys.version_info[:2] < (2, 7):
return email.message_from_file(six.StringIO(string))
return email.message_from_string(string)
+
+
+def gpg_export_armour(key):
+ """Export gpg key, armoured key gets returned"""
+ (armour, _) = subp(["gpg", "--export", "--armour", key], capture=True)
+ return armour
+
+
+def gpg_recv_key(key, keyserver):
+ """Receive gpg key from the specified keyserver"""
+ try:
+ subp(["gpg", "--keyserver", keyserver, "--recv", key],
+ capture=True)
+ except ProcessExecutionError as error:
+ raise ValueError('Failed to import key %s from server %s - error %s' %
+ (key, keyserver, error))
+
+
+def gpg_delete_key(key):
+ """Delete the specified key from the local gpg ring"""
+ subp(["gpg", "--batch", "--yes", "--delete-keys", key], capture=False)
+
+
+def getkeybyid(keyid, keyserver):
+ """get gpg keyid from keyserver"""
+ armour = gpg_export_armour(keyid)
+ if not armour:
+ try:
+ gpg_recv_key(keyid, keyserver=keyserver)
+ except ValueError:
+ LOG.exception('Failed to obtain gpg key %s', keyid)
+ raise
+
+ armour = gpg_export_armour(keyid)
+ # delete just imported key to leave environment as it was before
+ gpg_delete_key(keyid)
+
+ return armour.rstrip('\n')