summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/config/cc_apt_configure.py3
-rw-r--r--cloudinit/gpg.py64
-rw-r--r--cloudinit/util.py38
3 files changed, 66 insertions, 39 deletions
diff --git a/cloudinit/config/cc_apt_configure.py b/cloudinit/config/cc_apt_configure.py
index be6324a2..ba080930 100644
--- a/cloudinit/config/cc_apt_configure.py
+++ b/cloudinit/config/cc_apt_configure.py
@@ -24,6 +24,7 @@ import re
from cloudinit import templater
from cloudinit import util
+from cloudinit import gpg
distros = ['ubuntu', 'debian']
@@ -167,7 +168,7 @@ def add_apt_key(ent):
keyserver = "keyserver.ubuntu.com"
if 'keyserver' in ent:
keyserver = ent['keyserver']
- ent['key'] = util.getkeybyid(ent['keyid'], keyserver)
+ ent['key'] = gpg.gpg_getkeybyid(ent['keyid'], keyserver)
if 'key' in ent:
add_apt_key_raw(ent['key'])
diff --git a/cloudinit/gpg.py b/cloudinit/gpg.py
new file mode 100644
index 00000000..620dfb19
--- /dev/null
+++ b/cloudinit/gpg.py
@@ -0,0 +1,64 @@
+"""gpg.py - Collection of gpg key related functions"""
+# vi: ts=4 expandtab
+#
+# Copyright (C) 2016 Canonical Ltd.
+#
+# Author: Scott Moser <scott.moser@canonical.com>
+# Author: Juerg Haefliger <juerg.haefliger@hp.com>
+# Author: Joshua Harlow <harlowja@yahoo-inc.com>
+# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3, as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from cloudinit import util
+from cloudinit import log as logging
+
+LOG = logging.getLogger(__name__)
+
+
+def gpg_export_armour(key):
+ """Export gpg key, armoured key gets returned"""
+ (armour, _) = util.subp(["gpg", "--export", "--armour", key], capture=True)
+ return armour
+
+
+def gpg_recv_key(key, keyserver):
+ """Receive gpg key from the specified keyserver"""
+ try:
+ util.subp(["gpg", "--keyserver", keyserver, "--recv", key],
+ capture=True)
+ except util.ProcessExecutionError as error:
+ raise ValueError('Failed to import key %s from server %s - error %s' %
+ (key, keyserver, error))
+
+
+def gpg_delete_key(key):
+ """Delete the specified key from the local gpg ring"""
+ util.subp(["gpg", "--batch", "--yes", "--delete-keys", key], capture=True)
+
+
+def gpg_getkeybyid(keyid, keyserver):
+ """get gpg keyid from keyserver"""
+ armour = gpg_export_armour(keyid)
+ if not armour:
+ try:
+ gpg_recv_key(keyid, keyserver=keyserver)
+ except ValueError:
+ LOG.exception('Failed to obtain gpg key %s', keyid)
+ raise
+
+ armour = gpg_export_armour(keyid)
+ # delete just imported key to leave environment as it was before
+ gpg_delete_key(keyid)
+
+ return armour.rstrip('\n')
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 6d16532d..d6b80dbe 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -2234,41 +2234,3 @@ def message_from_string(string):
if sys.version_info[:2] < (2, 7):
return email.message_from_file(six.StringIO(string))
return email.message_from_string(string)
-
-
-def gpg_export_armour(key):
- """Export gpg key, armoured key gets returned"""
- (armour, _) = subp(["gpg", "--export", "--armour", key], capture=True)
- return armour
-
-
-def gpg_recv_key(key, keyserver):
- """Receive gpg key from the specified keyserver"""
- try:
- subp(["gpg", "--keyserver", keyserver, "--recv", key],
- capture=True)
- except ProcessExecutionError as error:
- raise ValueError('Failed to import key %s from server %s - error %s' %
- (key, keyserver, error))
-
-
-def gpg_delete_key(key):
- """Delete the specified key from the local gpg ring"""
- subp(["gpg", "--batch", "--yes", "--delete-keys", key], capture=True)
-
-
-def getkeybyid(keyid, keyserver):
- """get gpg keyid from keyserver"""
- armour = gpg_export_armour(keyid)
- if not armour:
- try:
- gpg_recv_key(keyid, keyserver=keyserver)
- except ValueError:
- LOG.exception('Failed to obtain gpg key %s', keyid)
- raise
-
- armour = gpg_export_armour(keyid)
- # delete just imported key to leave environment as it was before
- gpg_delete_key(keyid)
-
- return armour.rstrip('\n')