Merge branch 'release/1.2.6'

2014-06-04 21:11:13 +00:00 · 2014-06-04 21:11:13 +00:00 · 1ea44e81af
parent 3cdfbc2f9b ebd93db8c2
commit 1ea44e81af
9 changed files with 265 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -86,3 +86,6 @@ MANIFEST
 # sphinx default build
 docs/_build
 # ignore keys which have been generated example scripts:
 8192-bit-key/*
--- a/examples/make-8192-bit-key.py
+++ b/examples/make-8192-bit-key.py
@ -0,0 +1,213 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 """Create a new 8192-bit GnuPG keypair.
 :authors: Isis <isis@patternsinthevoid.net> 0xa3adb67a2cdb8b35
 :license: MIT license
 :copyright: (c) 2013 Isis Agora Lovecruft
 """
 from __future__ import print_function
 from __future__ import absolute_import
 from __future__ import unicode_literals
 import logging
 import gnupg
 import sys
 from gnupg import _logger
 # Set up logging:
 log = _logger.create_logger(9)
 log.setLevel(9)
 #―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
 # Settings
 #
 # You probably want to edit the following variables. Ones which are currently
 # set to strings are necessary; the ones which are set to `None` are optional.
 # The directory to use as the homedir for GnuPG (it will contain the
 # secring.gpg and pubring.gpg, etc.)
 NEWKEY_DIR = './8192-bit-key'
 # The name you go by, as it should appear in the primary keyid, i.e. "Evey
 # Hammond":
 NAME = 'Someone'
 # The comment which goes in parantheses after the name and before the email
 # address on the key's primary uid. Leave as None to not have one.
 NAME_COMMENT = None
 # The email address for the primary UID (You *should* actually be able to put
 # whatever you want here, like a domain or something, because the GnuPG
 # `--allow-freeform-uid` option will be used. I've not actually tested this
 # though.)
 NAME_EMAIL = 'someone@example.com'
 # Expiration date for the new key. To use the default expiration of one year,
 # set to None.
 #EXPIRE_DATE = '1999-09-19'
 EXPIRE_DATE = None
 # GnuPG-1.4.x allows the automated creation of passphraseless keys. If using
 # GnuPG-1.4.x, and you don't specify the passphrase, you can of course set it
 # later with `$ gpg --edit-key` and then at the prompt typing `password`. If
 # using a GnuPG from the 2.x series, you *must* specify a password here
 # (though you can still change it afterward).
 PASSPHRASE = None
 # Type of key, i.e. 'RSA' or 'DSA' or something else. I've only tested
 # 8192-bit keys with RSA.
 KEY_TYPE = 'RSA'
 # Uses for the key. Can be things like 'cert,sign' or 'cert' or 'cert,auth'.
 KEY_USAGE = 'cert'
 # Key bitlength. You likely want 8192, if you're using this script.
 #
 # It *is* possible to create 16834-bit keys, though it requires modifying and
 # recompiling GnuPG. Doing this is a bit janky due to internal GnuPG buffers
 # in several parts of the codebase being limited to 8192-bits, the key cannot
 # be handled by *most* keyservers (there appears to be only one public
 # keyserver which supports 16384-bit keys being uploaded to it), and the
 # 16834-bit key will likely require the modified GnuPG to work with it (even
 # then some operations, such as removal of the primary secret key, but not the
 # primary public key, from the keychain will be badly broken).
 KEY_LENGTH = 8192
 # Type of subkey. None to skip subkey generation. You can add keys later
 # through `$ gpg --edit-key`. For compatibility with people who aren't doing
 # crazy things with their keys, you maybe probably want to use `--edit-key` to
 # create some nice, normal, "overly-paranoid" 4096-bit keys.
 SUBKEY_TYPE = 'RSA'
 # Same as KEY_USAGE.
 #SUBKEY_USAGE = None
 SUBKEY_USAGE = 'sign'
 # Same as KEY_LENGTH.
 #SUBKEY_LENGTH = None
 SUBKEY_LENGTH = 4096
 # The default keyserver for the key, which is embedded into the key, telling
 # other people's GnuPGs to fetch (and send updates) to this URL:
 KEYSERVER = None
 # Set the cipher, hash, and compression preference values for this key. This
 # expects the same type of string as the sub-command ‘setpref’ in the
 # --edit-key menu. The default preferences are given in
 # ``gnupg.GPG.default_preference_list``.
 PREFERENCES = None
 #―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
 gpg = gnupg.GPG(homedir=NEWKEY_DIR)
 allparams = {'name_real': NAME,
             'name_comment': NAME_COMMENT,
             'name_email': NAME_EMAIL,
             'expire_date': EXPIRE_DATE,
             'passphrase': PASSPHRASE,
             'key_type': KEY_TYPE,
             'key_usage': KEY_USAGE,
             'key_length': KEY_LENGTH,
             'subkey_type': SUBKEY_TYPE,
             'subkey_usage': SUBKEY_USAGE,
             'subkey_length': SUBKEY_LENGTH,
             'keyserver': KEYSERVER,
             'preferences': PREFERENCES}
 def createBatchfile(keyparams=allparams):
    """Create the batchfile for our new key.
    :params dict keyparams: A dictionary of arguments for creating the key. It
                            should probably be ``allparams``.
    :rtype: str
    :returns: A string containing the entire GnuPG batchfile.
    """
    useparams = {}
    for key, value in keyparams.items():
        if value:
            useparams.update({key: value})
    batchfile = gpg.gen_key_input(separate_keyring=True,
                                  save_batchfile=True,
                                  **useparams)
    log.info("Generated GnuPG batch file:\n%s" % batchfile)
    return batchfile
 def createKey(batchfile):
    """Create a new keypair from a **batchfile**.
    Writes the new keys into keyrings named after ``NAME_EMAIL`` inside the
    ``NEWKEY_DIR``.
    :params str batchfile: A GnuPG batchfile. See :func:`createBatchfile`.
    """
    key = gpg.gen_key(batchfile)
    fingerprint = key.fingerprint
    if not fingerprint:
        log.error("Key creation seems to have failed: %s" % key.status)
        return None, None
    return key, fingerprint
 def displayNewKey(key):
    """Use ``gnupg.GPG.list_keys()`` to display details of the new key."""
    if key.keyring:
        gpg.keyring = key.keyring
    if key.secring:
        gpg.secring = key.secring
    # Using '--fingerprint' twice will display subkey fingerprints too:
    gpg.options = ['--fingerprint', '--fingerprint']
    keylist = gpg.list_keys(secret=True)
    # `result` is a `gnupg._parsers.ListKeys`, which is list-like, so iterate
    # over all the keys and display their info:
    for gpgkey in keylist:
        for k, v in gpgkey:
            log.info("%s: %s" % (k.capitalize(), v))
    return keylist
 def exportNewKey(fingerprint):
    """Export the new keys into .asc files.
    :param str fingerprint: A full key fingerprint.
    """
    log.info("Exporting key: %s" % fingerprint)
    keyfn = os.path.join(gpg.homedir,
                         fingerprint + '-8192-bit-key') + os.path.extsep
    pubkey = gpg.export_keys(fingerprint)
    seckey = gpg.export_keys(fingerprint, secret=True)
    subkey = gpg.export_keys(fingerprint, secret=True, subkeys=True)
    with open(keyfn + 'pub' + os.path.extsep + 'asc', 'w') as fh:
        fh.write(pubkey)
    with open(keyfn + 'sec' + os.path.extsep + 'asc', 'w') as fh:
        fh.write(seckey)
    with open(keyfn + 'sub' + os.path.extsep + 'asc', 'w') as fh:
        fh.write(subkey)
 if __name__ == '__main__':
    if (NAME == 'Someone') or (NAME_EMAIL == 'someone@example.com'):
        log.info("Please edit the settings variables within this script.")
        log.info("Exiting...")
        exit(1)
    else:
        try:
            batchfile = createBatchfile()
            key, fingerprint = createKey(batchfile)
            log.info("New key with fingerprint %r created" % fingerprint)
            displayNewKey(key)
            exportNewKey(fingerprint)
        except Exception as error:
            log.error(error)
--- a/gnupg/_logger.py
+++ b/gnupg/_logger.py
@ -78,13 +78,13 @@ def create_logger(level=logging.NOTSET):
    if level > logging.NOTSET:
        logging.basicConfig(level=level, filename=_fn,
                            filemode="a", format=_fmt)
        logging.captureWarnings(True)
        logging.logThreads = True
-
+        if hasattr(logging,'captureWarnings'):
            logging.captureWarnings(True)
        colouriser = _ansistrm.ColorizingStreamHandler
        colouriser.level_map[9]  = (None, 'blue', False)
        colouriser.level_map[10] = (None, 'cyan', False)
-        handler = colouriser(stream=sys.stderr)
+        handler = colouriser(sys.stderr)
        handler.setLevel(level)
        formatr = logging.Formatter(_fmt)
--- a/gnupg/_meta.py
+++ b/gnupg/_meta.py
@ -26,7 +26,6 @@ from __future__ import absolute_import
 import atexit
 import codecs
 import encodings
 import exceptions
 ## For AOS, the locale module will need to point to a wrapper around the
 ## java.util.Locale class.
 ## See https://code.patternsinthevoid.net/?p=android-locale-hack.git
@ -154,7 +153,7 @@ class GPGBase(object):
        self._filesystemencoding = encodings.normalize_encoding(
            sys.getfilesystemencoding().lower())
-        self._keyserver = 'hkp://subkeys.pgp.net'
+        self._keyserver = 'hkp://wwwkeys.pgp.net'
        self.__generated_keys = os.path.join(self.homedir, 'generated-keys')
        try:
@ -165,8 +164,8 @@ class GPGBase(object):
            if self.options is not None:
                assert isinstance(self.options, str), "options not string"
        except (AssertionError, AttributeError) as ae:
-            log.error("GPGBase.__init__(): %s" % ae.message)
+            log.error("GPGBase.__init__(): %s" % str(ae))
-            raise RuntimeError(ae.message)
+            raise RuntimeError(str(ae))
        else:
            if verbose is True:
                # The caller wants logging, but we need a valid --debug-level
@ -201,7 +200,7 @@ class GPGBase(object):
        try:
            program = _util._which(prog)[0]
        except (OSError, IOError, IndexError) as err:
-            log.err(err.message)
+            log.err(str(err))
            log.err("Cannot find program '%s', not changing PATH." % prog)
            return
@ -321,14 +320,14 @@ class GPGBase(object):
                             should contain the desired keyserver protocol
                             which is supported by the keyserver, for example,
                             ``'hkps://keys.mayfirst.org'``. The default
-                             keyserver is ``'hkp://subkeys.pgp.net'``.
+                             keyserver is ``'hkp://wwwkeys.pgp.net'``.
        """
        self._keyserver = location
    @keyserver.deleter
    def keyserver(self):
        """Reset the keyserver to the default setting."""
-        self._keyserver = 'hkp://subkeys.pgp.net'
+        self._keyserver = 'hkp://wwwkeys.pgp.net'
    def _homedir_getter(self):
        """Get the directory currently being used as GnuPG's homedir.
@ -374,8 +373,8 @@ class GPGBase(object):
        except AssertionError as ae:
            msg = ("Unable to set '%s' as GnuPG homedir" % directory)
            log.debug("GPGBase.homedir.setter(): %s" % msg)
-            log.debug(ae.message)
+            log.debug(str(ae))
-            raise RuntimeError(ae.message)
+            raise RuntimeError(str(ae))
        else:
            log.info("Setting homedir to '%s'" % hd)
            self._homedir = hd
@ -426,8 +425,8 @@ class GPGBase(object):
        except AssertionError as ae:
            msg = ("Unable to set '%s' as generated keys dir" % directory)
            log.debug("GPGBase._generated_keys_setter(): %s" % msg)
-            log.debug(ae.message)
+            log.debug(str(ae))
-            raise RuntimeError(ae.message)
+            raise RuntimeError(str(ae))
        else:
            log.info("Setting homedir to '%s'" % hd)
            self.__generated_keys = hd
@ -640,8 +639,8 @@ class GPGBase(object):
        if not keyserver:
            keyserver = self.keyserver
-        args = ['--keyserver {}'.format(keyserver),
+        args = ['--keyserver {0}'.format(keyserver),
-                '--recv-keys {}'.format(keyids)]
+                '--recv-keys {0}'.format(keyids)]
        log.info('Requesting keys from %s: %s' % (keyserver, keyids))
        result = self._result_map['import'](self)
@ -697,7 +696,7 @@ class GPGBase(object):
                _util._write_passphrase(proc.stdin, passphrase, self._encoding)
            writer = _util._threaded_copy_data(file, proc.stdin)
        except IOError as ioe:
-            log.exception("Error writing message: %s" % ioe.message)
+            log.exception("Error writing message: %s" % str(ioe))
            writer = None
        self._collect_output(proc, result, writer, proc.stdin)
        return result
--- a/gnupg/_parsers.py
+++ b/gnupg/_parsers.py
@ -25,9 +25,9 @@ from __future__ import absolute_import
 from __future__ import print_function
 try:
-    import collections
+    from collections import OrderedDict
 except ImportError:
-    import ordereddict as collections
+    from ordereddict import OrderedDict
 import re
@ -53,7 +53,7 @@ def _check_keyserver(location):
    :param str location: A string containing the default keyserver. This
                         should contain the desired keyserver protocol which
                         is supported by the keyserver, for example, the
-                         default is ``'hkp://subkeys.pgp.net'``.
+                         default is ``'hkp://wwwkeys .pgp.net'``.
    :rtype: :obj:`str` or :obj:`None`
    :returns: A string specifying the protocol and keyserver hostname, if the
              checks passed. If not, returns None.
@ -301,7 +301,7 @@ def _sanitise(*args):
            flag = _is_allowed(arg)
            assert flag is not None, "_check_option(): got None for flag"
        except (AssertionError, ProtectedOption) as error:
-            log.warn("_check_option(): %s" % error.message)
+            log.warn("_check_option(): %s" % str(error))
        else:
            checked += (flag + ' ')
@ -1027,7 +1027,7 @@ class ImportResult(object):
    _fields = '''count no_user_id imported imported_rsa unchanged
    n_uids n_subk n_sigs n_revoc sec_read sec_imported sec_dups
    not_imported'''.split()
-    _counts = collections.OrderedDict(
+    _counts = OrderedDict(
        zip(_fields, [int(0) for x in range(len(_fields))]) )
    #: A list of strings containing the fingerprints of the GnuPG keyIDs
--- a/gnupg/_trust.py
+++ b/gnupg/_trust.py
@ -55,7 +55,7 @@ def export_ownertrust(cls, trustdb=None):
    try:
        os.rename(trustdb, trustdb + '.bak')
    except (OSError, IOError) as err:
-        log.debug(err.message)
+        log.debug(str(err))
    export_proc = cls._open_subprocess('--export-ownertrust')
    tdb = open(trustdb, 'wb')
--- a/gnupg/_util.py
+++ b/gnupg/_util.py
@ -27,7 +27,6 @@ from time       import mktime
 import codecs
 import encodings
 import exceptions
 import os
 import psutil
 import threading
@ -149,7 +148,7 @@ def _copy_data(instream, outstream):
                break
        except IOError as ioe:
            # Can get 'broken pipe' errors even when all data was sent
-            if 'Broken pipe' in ioe.message:
+            if 'Broken pipe' in str(ioe):
                log.error('Error sending data: Broken pipe')
            else:
                log.exception(ioe)
@ -287,7 +286,7 @@ def _find_binary(binary=None):
        assert not os.path.islink(found), "Path to gpg binary is symlink"
        assert os.access(found, os.X_OK), "Lacking +x perms for gpg binary"
    except (AssertionError, AttributeError) as ae:
-        log.error(ae.message)
+        log.error(str(ae))
    else:
        return found
@ -605,7 +604,7 @@ class Storage(dict):
        try:
            del self[key]
        except KeyError as k:
-            raise AttributeError(k.message)
+            raise AttributeError(k.args[0])
    def __repr__(self):
        return '<Storage ' + dict.__repr__(self) + '>'
--- a/gnupg/gnupg.py
+++ b/gnupg/gnupg.py
@ -31,7 +31,6 @@ from __future__ import absolute_import
 from codecs     import open as open
 import encodings
 import exceptions
 import functools
 import os
 import re
@ -241,7 +240,7 @@ class GPG(GPGBase):
            :command:`$ gpg --with-colons --list-config digestname`.
            The default, if unspecified, is ``'SHA512'``.
        """
-        if 'default_key' in kwargs.items():
+        if 'default_key' in kwargs:
            log.info("Signing message '%r' with keyid: %s"
                     % (data, kwargs['default_key']))
        else:
@ -416,7 +415,7 @@ class GPG(GPGBase):
            fingerprints = ' '.join(fingerprints)
        args = ['--batch']
-        args.append("--delete-{} {}".format(which, fingerprints))
+        args.append("--delete-{0} {1}".format(which, fingerprints))
        result = self._result_map['delete'](self)
        p = self._open_subprocess(args)
@ -441,7 +440,7 @@ class GPG(GPGBase):
            keyids = ' '.join(['%s' % k for k in keyids])
        args = ["--armor"]
-        args.append("--export{} {}".format(which, keyids))
+        args.append("--export{0} {1}".format(which, keyids))
        p = self._open_subprocess(args)
        ## gpg --export produces no status-fd output; stdout will be empty in
@ -572,13 +571,13 @@ class GPG(GPGBase):
                if os.path.isfile(self.temp_keyring):
                    prefix = os.path.join(self.temp_keyring, fpr)
                    try: os.rename(self.temp_keyring, prefix+".pubring")
-                    except OSError as ose: log.error(ose.message)
+                    except OSError as ose: log.error(str(ose))
            if self.temp_secring:
                if os.path.isfile(self.temp_secring):
                    prefix = os.path.join(self.temp_secring, fpr)
                    try: os.rename(self.temp_secring, prefix+".secring")
-                    except OSError as ose: log.error(ose.message)
+                    except OSError as ose: log.error(str(ose))
        log.info("Key created. Fingerprint: %s" % fpr)
        key.keyring = self.temp_keyring
--- a/gnupg/test/test_gnupg.py
+++ b/gnupg/test/test_gnupg.py
@ -47,8 +47,8 @@ import tempfile
 ## these dependencies require Python>=2.6 in order to have proper SSL support.
 ##
 ## Use unittest2 if we're on Python2.6 or less:
-if sys.version_info.major == 2 and sys.version_info.minor <= 6:
+if sys.version_info[0] == 2 and sys.version_info[1] <= 6:
-    unittest = __import__(unittest2)
+    import unittest2 as unittest
 else:
    import unittest
@ -62,7 +62,7 @@ try:
    import gnupg._parsers as _parsers
    import gnupg._logger  as _logger
 except (ImportError, ValueError) as ierr:
-    raise SystemExit(ierr.message)
+    raise SystemExit(str(ierr))
 log = _util.log
@ -325,15 +325,19 @@ class GPGTestCase(unittest.TestCase):
    def test_copy_data_bytesio(self):
        """Test that _copy_data() is able to duplicate byte streams."""
-        message = "This is a BytesIO string."
+        message = b"This is a BytesIO string."
        instream = io.BytesIO(message)
-        self.assertEqual(unicode(message), instream.getvalue())
+        self.assertEqual(message, instream.getvalue())
        out_filename = 'test-copy-data-bytesio'
        # Create the test file:
-        outfile = os.path.join(os.getcwdu(), out_filename)
+        try:
-        outstream = open(outfile, 'w+')
+            cwd = os.getcwdu()
        except AttributeError:
            cwd = os.getcwd() # not present in Python 3
        outfile = os.path.join(cwd, out_filename)
        outstream = open(outfile, 'wb+')
        # _copy_data() will close both file descriptors
        _util._copy_data(instream, outstream)
@ -685,7 +689,7 @@ class GPGTestCase(unittest.TestCase):
        self.assertTrue(sig.data, "File signing should succeed")
-        sigfd = open(sigfn, 'w')
+        sigfd = open(sigfn, 'wb')
        sigfd.write(sig.data)
        sigfd.flush()
@ -820,14 +824,14 @@ authentication."""
        riggio_input = self.gpg.gen_key_input(separate_keyring=True, **riggio)
        log.info("Key stored in separate keyring: %s" % self.gpg.temp_keyring)
        riggio = self.gpg.gen_key(riggio_input)
-        self.gpg.options = ['--keyring {}'.format(riggio.keyring)]
+        self.gpg.options = ['--keyring {0}'.format(riggio.keyring)]
        riggio_key = self.gpg.export_keys(riggio.fingerprint)
        self.gpg.import_keys(riggio_key)
        sicari_input = self.gpg.gen_key_input(separate_keyring=True, **sicari)
        log.info("Key stored in separate keyring: %s" % self.gpg.temp_keyring)
        sicari = self.gpg.gen_key(sicari_input)
-        self.gpg.options.append('--keyring {}'.format(sicari.keyring))
+        self.gpg.options.append('--keyring {0}'.format(sicari.keyring))
        sicari_key = self.gpg.export_keys(sicari.fingerprint)
        self.gpg.import_keys(sicari_key)
@ -925,15 +929,15 @@ analysis of different kinds of data (temperature, humidity, etc.)  coming from
 a WSN while ensuring both end-to-end encryption and hop-by-hop
 authentication."""
        enc = self.gpg.encrypt(message, alice_pfpr, bob_pfpr)
-        encrypted = str(enc.data)
+        encrypted = str(enc)
        log.debug("encryption_decryption_multi_recipient() Ciphertext = %s"
                  % encrypted)
        self.assertNotEquals(message, encrypted)
        dec_alice = self.gpg.decrypt(encrypted, passphrase="test")
-        self.assertEquals(message, str(dec_alice.data))
+        self.assertEquals(message, str(dec_alice))
        dec_bob = self.gpg.decrypt(encrypted, passphrase="test")
-        self.assertEquals(message, str(dec_bob.data))
+        self.assertEquals(message, str(dec_bob))
    def test_symmetric_encryption_and_decryption(self):
        """Test symmetric encryption and decryption"""
@ -943,7 +947,7 @@ know, maybe you shouldn't be doing it in the first place.
        encrypted = str(self.gpg.encrypt(msg, passphrase='quiscustodiet',
                                         symmetric=True, encrypt=False))
        decrypt = self.gpg.decrypt(encrypted, passphrase='quiscustodiet')
-        decrypted = str(decrypt.data)
+        decrypted = str(decrypt)
        log.info("Symmetrically encrypted data:\n%s" % encrypted)
        log.info("Symmetrically decrypted data:\n%s" % decrypted)
@ -975,9 +979,8 @@ know, maybe you shouldn't be doing it in the first place.
            with open(enc_outf) as enc2:
                fdata = enc2.read()
-                ddata = str(self.gpg.decrypt(fdata, passphrase="overalls"))
+                ddata = self.gpg.decrypt(fdata, passphrase="overalls").data
                data = data.encode(self.gpg._encoding)
                if ddata != data:
                    log.debug("data was: %r" % data)
                    log.debug("new (from filehandle): %r" % fdata)