Jared Bunting avatar Jared Bunting committed 775eb41

GPG signatures now require a key that matches the author's name for both sign and verify.

Comments (0)

Files changed (1)

 OpenSSL wont be able to lookup the certificates.
 """
 
-import os, tempfile, subprocess, binascii, shlex
+import os, tempfile, subprocess, binascii, shlex, re
 
 from mercurial import (util, cmdutil, extensions, revlog, error,
                        encoding, changelog)
     }
 
 
-def gnupgsign(msg):
-    cmd = [CONFIG["gnupg.path"], "--detach-sign"] + CONFIG["gnupg.flags"]
+def gnupgsign(msg, user=None):
+    gpg_user = ["-u=%s" % user if user else ""]
+    cmd = [CONFIG["gnupg.path"], "--detach-sign", "--batch"] + CONFIG["gnupg.flags"] + gpg_user
+    print "Running gpg command '%s'." % cmd
     p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
     sig = p.communicate(msg)[0]
+    if p.returncode:
+        raise Exception("Failed to generate signature for user '%s'" % user if user else "not given")
     return binascii.b2a_base64(sig).strip()
 
 
-def gnupgverify(msg, sig, quiet=False):
+def gnupgverify(msg, sig, quiet=False, user=None):
     sig = binascii.a2b_base64(sig)
     try:
         fd, filename = tempfile.mkstemp(prefix="hg-", suffix=".sig")
         p = subprocess.Popen(cmd, stdin=subprocess.PIPE,
                              stdout=subprocess.PIPE, stderr=stderr)
         out, err = p.communicate(msg)
-        return 'GOODSIG' in out
+        return re.search('GOODSIG [^ ]+ ' + user if user else '', out) is not None
     finally:
         try:
             os.unlink(filename)
             pass
 
 
-def opensslsign(msg):
+def opensslsign(msg, user=None):
     try:
         fd, filename = tempfile.mkstemp(prefix="hg-", suffix=".msg")
         fp = os.fdopen(fd, 'wb')
             pass
 
 
-def opensslverify(msg, sig, quiet=False):
+def opensslverify(msg, sig, quiet=False, user=None):
     try:
         fd, filename = tempfile.mkstemp(prefix="hg-", suffix=".msg")
         fp = os.fdopen(fd, 'wb')
     for rev in revs:
         ctx = repo[rev]
         h = ctxhash(ctx)
+        user = ctx.user()
+        ui.debug(_("user: %s\n" % user))
         extra = ctx.extra()
         sig = extra.get('signature')
         if not sig:
             try:
                 scheme, sig = sig.split(":", 1)
                 verifyfunc = sigschemes[scheme][1]
-                if verifyfunc(hex(h), sig, quiet=True):
+                if verifyfunc(hex(h), sig, quiet=True, user=user):
                     msg = _("good %s signature") % scheme
                 else:
                     msg = _("** bad %s signature on %s") % (scheme, short(h))
         h = chash(manifest, files, desc, p1, p2, user, date, extra)
         scheme = CONFIG['scheme']
         signfunc = sigschemes[scheme][0]
-        extra['signature'] = "%s:%s" % (scheme, signfunc(hex(h)))
+        extra['signature'] = "%s:%s" % (scheme, signfunc(hex(h), user))
         return orig(self, manifest, files, desc, transaction,
                     p1, p2, user, date, extra)
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.