python-wheel 0.30.0-0.2 / usr / lib / python2.7 / dist-packages / wheel / signatures / keys.py

This file is indexed.

/usr/lib/python2.7/dist-packages/wheel/signatures/keys.py is in python-wheel 0.30.0-0.2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
"""Store and retrieve wheel signing / verifying keys.

Given a scope (a package name, + meaning "all packages", or - meaning
"no packages"), return a list of verifying keys that are trusted for that
scope.

Given a package name, return a list of (scope, key) suggested keys to sign
that package (only the verifying keys; the private signing key is stored
elsewhere).

Keys here are represented as urlsafe_b64encoded strings with no padding.

Tentative command line interface:

# list trusts
wheel trust
# trust a particular key for all
wheel trust + key
# trust key for beaglevote
wheel trust beaglevote key
# stop trusting a key for all
wheel untrust + key

# generate a key pair
wheel keygen

# import a signing key from a file
wheel import keyfile

# export a signing key
wheel export key
"""

import json
import os.path

from ..util import native, load_config_paths, save_config_path


class WheelKeys(object):
    SCHEMA = 1
    CONFIG_NAME = 'wheel.json'

    def __init__(self):
        self.data = {'signers': [], 'verifiers': []}

    def load(self):
        # XXX JSON is not a great database
        for path in load_config_paths('wheel'):
            conf = os.path.join(native(path), self.CONFIG_NAME)
            if os.path.exists(conf):
                with open(conf, 'r') as infile:
                    self.data = json.load(infile)
                    for x in ('signers', 'verifiers'):
                        if x not in self.data:
                            self.data[x] = []
                    if 'schema' not in self.data:
                        self.data['schema'] = self.SCHEMA
                    elif self.data['schema'] != self.SCHEMA:
                        raise ValueError(
                            "Bad wheel.json version {0}, expected {1}".format(
                                self.data['schema'], self.SCHEMA))
                break
        return self

    def save(self):
        # Try not to call this a very long time after load()
        path = save_config_path('wheel')
        conf = os.path.join(native(path), self.CONFIG_NAME)
        with open(conf, 'w+') as out:
            json.dump(self.data, out, indent=2)
        return self

    def trust(self, scope, vk):
        """Start trusting a particular key for given scope."""
        self.data['verifiers'].append({'scope': scope, 'vk': vk})
        return self

    def untrust(self, scope, vk):
        """Stop trusting a particular key for given scope."""
        self.data['verifiers'].remove({'scope': scope, 'vk': vk})
        return self

    def trusted(self, scope=None):
        """Return list of [(scope, trusted key), ...] for given scope."""
        trust = [(x['scope'], x['vk']) for x in self.data['verifiers']
                 if x['scope'] in (scope, '+')]
        trust.sort(key=lambda x: x[0])
        trust.reverse()
        return trust

    def signers(self, scope):
        """Return list of signing key(s)."""
        sign = [(x['scope'], x['vk']) for x in self.data['signers'] if x['scope'] in (scope, '+')]
        sign.sort(key=lambda x: x[0])
        sign.reverse()
        return sign

    def add_signer(self, scope, vk):
        """Remember verifying key vk as being valid for signing in scope."""
        self.data['signers'].append({'scope': scope, 'vk': vk})

APT Browse - Built by Thomas Orozco.