Package entropy :: Module security :: Class Repository

Class Repository

source code

This class provides a very simple Entropy repositories authenticity
mechanism based on public-key authentication. Using this class you can
sign or verify repository files.
This is the core class for public-key based repository security support.
Encryption is based on the RSA 2048bit algorithm.

NOTE: default GNUPGHOME is set to "/etc/entropy/gpg-keys".
NOTE: this class requires gnupg installed.
NOTE: thanks to http://code.google.com/p/python-gnupg project for providing
    a nice testing codebase.

Nested Classes
  GPGError
Errors during GPG commands execution
  GPGServiceNotAvailable
A particular feature or service is not available
  NothingImported
Public/private key not imported
  KeyAlreadyInstalled
Public/private key already installed
  KeyExpired
Public/private key is expired!
  ListKeys
Handle status messages for --list-keys.
Instance Methods
 
__init__(self, keystore_dir=None)
Instance constructor.
source code
dict
get_keys(self, private=False)
Get available keys indexed by name.
source code
string
create_keypair(self, repository_identifier, passphrase=None, name_email=None, expiration_days=None)
Create Entropy repository GPG keys and store them.
source code
dict
get_key_metadata(self, repository_identifier, private=False)
Return key metadata for given repository identifier.
source code
 
delete_keypair(self, repository_identifier)
Delete keys (public and private) for currently set repository.
source code
bool @raise KeyError, if key is not available
is_pubkey_expired(self, repository_identifier)
Return whether public key is expired.
source code
bool @raise KeyError, if key is not available
is_privkey_expired(self, repository_identifier)
Return whether private key is expired.
source code
bool
is_keypair_available(self, repository_identifier)
Return whether public and private key for given repository identifier is available.
source code
bool
is_pubkey_available(self, repository_identifier)
Return whether public key for given repository identifier is available.
source code
bool
is_privkey_available(self, repository_identifier)
Return whether private key for given repository identifier is available.
source code
string
get_pubkey(self, repository_identifier)
Get public key for currently set repository, if any, otherwise raise KeyError.
source code
string
get_privkey(self, repository_identifier)
Get private key for currently set repository, if any, otherwise raise KeyError.
source code
 
get_key_fingerprint(self, key_path)
Return the fingerprint contained in the given key file, if any.
source code
string
install_key(self, repository_identifier, key_path, ignore_nothing_imported=False, merge_key=False)
Add key to keyring.
source code
 
delete_pubkey(self, repository_identifier)
Delete public key bound to given repository identifier.
source code
string
sign_file(self, repository_identifier, file_path)
Sign given file path using key of given repository identifier.
source code
tuple
verify_file(self, repository_identifier, file_path, signature_path)
Verify file in file_path usign signature in signature_path and key from repository_identifier.
source code
Class Variables
  GPG_HOME = '/etc/entropy/gpg-keys'
Method Details

__init__(self, keystore_dir=None)
(Constructor)

source code 

Instance constructor.

Parameters:
  • repository_identifier (string) - Entropy unique repository identifier

get_keys(self, private=False)

source code 

Get available keys indexed by name.

Returns: dict
available keys and their metadata

create_keypair(self, repository_identifier, passphrase=None, name_email=None, expiration_days=None)

source code 

Create Entropy repository GPG keys and store them.

Parameters:
  • repository_identifier (string) - repository identifier
  • passphrase (string) - passphrase to use
  • name_email (string) - email to use
  • expiration_days (int) - number of days after the key expires
Returns: string
Repository key fingerprint string
Raises:
  • KeyError - if another keypair is already set

get_key_metadata(self, repository_identifier, private=False)

source code 

Return key metadata for given repository identifier.

Parameters:
  • repository_identifier (string) - repository identifier
  • private (bool) - return metadata related to private key
Returns: dict
key metadata
Raises:
  • KeyError - if no keys are set

delete_keypair(self, repository_identifier)

source code 

Delete keys (public and private) for currently set repository.

Parameters:
  • repository_identifier (string) - repository identifier
Raises:
  • KeyError - if key for given repository doesn't exist

is_pubkey_expired(self, repository_identifier)

source code 

Return whether public key is expired.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: bool @raise KeyError, if key is not available
True, if key is expired

is_privkey_expired(self, repository_identifier)

source code 

Return whether private key is expired.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: bool @raise KeyError, if key is not available
True, if key is expired

is_keypair_available(self, repository_identifier)

source code 

Return whether public and private key for given repository identifier is available.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: bool
True, if public and private key is available
Raises:

is_pubkey_available(self, repository_identifier)

source code 

Return whether public key for given repository identifier is available.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: bool
True, if public key is available
Raises:

is_privkey_available(self, repository_identifier)

source code 

Return whether private key for given repository identifier is available.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: bool
True, if private key is available
Raises:

get_pubkey(self, repository_identifier)

source code 

Get public key for currently set repository, if any, otherwise raise KeyError.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: string
public key
Raises:
  • KeyError - if no keypair is set for repository

get_privkey(self, repository_identifier)

source code 

Get private key for currently set repository, if any, otherwise raise KeyError.

Parameters:
  • repository_identifier (string) - repository identifier
Returns: string
private key
Raises:
  • KeyError - if no keypair is set for repository

get_key_fingerprint(self, key_path)

source code 

Return the fingerprint contained in the given key file, if any. Otherwise return None.

Parameters:
  • key_path (string) - valid path to GPG key file

install_key(self, repository_identifier, key_path, ignore_nothing_imported=False, merge_key=False)

source code 

Add key to keyring.

Parameters:
  • repository_identifier (string) - repository identifier
  • key_path (string) - valid path to GPG key file
  • ignore_nothing_imported (bool) - if True, ignore NothingImported exception
  • merge_key (bool) - add --import-options merge-only to gpg callback
Returns: string
fingerprint
Raises:

delete_pubkey(self, repository_identifier)

source code 

Delete public key bound to given repository identifier.

Parameters:
  • repository_identifier (string) - repository identifier
Raises:
  • KeyError - if no key is set for given repository identifier

sign_file(self, repository_identifier, file_path)

source code 

Sign given file path using key of given repository identifier. A custom passphrase can be provided as string.

Parameters:
  • repository_identifier (string) - repository identifier
  • file_path (string) - path to file to sign
Returns: string
path to signature file
Raises:
  • KeyError - if repository key is not available

verify_file(self, repository_identifier, file_path, signature_path)

source code 

Verify file in file_path usign signature in signature_path and key from repository_identifier.

Parameters:
  • repository_identifier (string) - repository identifier
  • file_path (string) - path to file to verify
  • signature_path (string) - path to signature to verify
Returns: tuple
a tuple composed by (validity_bool, error message,)
Raises:
  • KeyError - if repository key is not available