extras-buildsys/utils/pushscript Utils.py,1.20,1.21

[Michael Schwendt (mschwendt)]

Author: mschwendt

Update of /cvs/fedora/extras-buildsys/utils/pushscript
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25465

Modified Files:
	Utils.py 
Log Message:
If we define _gpg_name when running rpm we do not need that old key-check anyway, as rpm signing would fail miserably for any non-existant key. But we still can apply GPG based sanity checks here.


Index: Utils.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/utils/pushscript/Utils.py,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Utils.py	24 Oct 2007 17:44:14 -0000	1.20
+++ Utils.py	24 Oct 2007 19:43:06 -0000	1.21
@@ -20,9 +20,12 @@
 import os, sys
 import shutil
 import stat, tempfile
+
+sys.path.insert(0,'/srv/extras-push/work/buildsys-utils/pushscript')
 import rpmUtils
 
 compsname = 'comps.xml'
+
 ts = rpmUtils.transaction.initReadOnlyTransaction()
 
 DEBUG = False
@@ -78,11 +81,16 @@
         sys.exit(errno.EPERM)
 
 
-# FIXME: this is too simplistic now that we explicitly pass the key name
-#        to --resign in Push.py
 def sign_key_check(keyname):
-    if keyname != os.popen('rpm --eval %_gpg_name','r').read().rstrip():
-        print 'ERROR: Configure ~/.rpmmacros for proper GPG signing before running this!'
+    gpg = os.popen("gpg --list-secret-keys --with-colons '%s'" % keyname)
+    gpgout = gpg.readlines()
+    seckeys = 0
+    for l in gpgout:
+        if l.startswith('sec:'):
+            seckeys += 1
+    rv = gpg.close()
+    if (seckeys!=1 or rv):
+        print 'ERROR: GPG secret key check failed: %s' % keyname
         sys.exit(errno.EPERM)