From e6944488fbfe5af869450bff6b0cb7f9c138ec02 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 14 Oct 2013 14:35:01 -0300 Subject: [PATCH 1/4] Replace os.getresuid() so it works on Mac OS X. --- gnupg/_meta.py | 2 +- gnupg/_util.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/gnupg/_meta.py b/gnupg/_meta.py index 57a0dfb..03b1012 100644 --- a/gnupg/_meta.py +++ b/gnupg/_meta.py @@ -75,7 +75,7 @@ class GPGMeta(type): same effective user ID as that of this program. Otherwise, returns None. """ - identity = os.getresuid() + identity = psutil.Process(os.getpid()).uids for proc in psutil.process_iter(): if (proc.name == "gpg-agent") and proc.is_running: log.debug("Found gpg-agent process with pid %d" % proc.pid) diff --git a/gnupg/_util.py b/gnupg/_util.py index dd80632..108a009 100644 --- a/gnupg/_util.py +++ b/gnupg/_util.py @@ -31,6 +31,7 @@ from time import mktime import codecs import encodings import os +import psutil import threading import random import re @@ -393,7 +394,7 @@ def _make_passphrase(length=None, save=False, file=None): passphrase = _make_random_string(length) if save: - ruid, euid, suid = os.getresuid() + ruid, euid, suid = psutil.Process(os.getpid()).uids gid = os.getgid() now = mktime(localtime()) From 678d36ea620a81c16a0cdacd7f1955795abd02a1 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 14 Oct 2013 17:09:09 -0300 Subject: [PATCH 2/4] Fix path creation. --- gnupg/gnupg.py | 10 ++++++---- gnupg/test/test_gnupg.py | 3 +-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/gnupg/gnupg.py b/gnupg/gnupg.py index 0605f68..489e652 100644 --- a/gnupg/gnupg.py +++ b/gnupg/gnupg.py @@ -557,18 +557,20 @@ class GPG(GPGBase): fpr = str(key.fingerprint) if len(fpr) == 20: - if self.temp_keyring or self.temp_secring: - if not os.path.exists(self._keys_dir): - os.makedirs(self._keys_dir) - prefix = os.path.join(self._keys_dir, fpr) + for d in map(lambda x: os.path.dirname(x), + [self.temp_keyring, self.temp_secring]): + if not os.path.exists(d): + os.makedirs(d) if self.temp_keyring: if os.path.isfile(self.temp_keyring): + prefix = os.path.join(self.temp_keyring, fpr) try: os.rename(self.temp_keyring, prefix+".pubring") except OSError as ose: log.error(ose.message) if self.temp_secring: if os.path.isfile(self.temp_secring): + prefix = os.path.join(self.temp_secring, fpr) try: os.rename(self.temp_secring, prefix+".secring") except OSError as ose: log.error(ose.message) diff --git a/gnupg/test/test_gnupg.py b/gnupg/test/test_gnupg.py index 6bf2c8a..e223dbc 100644 --- a/gnupg/test/test_gnupg.py +++ b/gnupg/test/test_gnupg.py @@ -173,7 +173,6 @@ class GPGTestCase(unittest.TestCase): self.keyring = self.gpg.keyring self.secring = self.gpg.secring self.insecure_prng = False - self.gpg._keys_dir = os.path.join(_files, 'generated-keys') def tearDown(self): """This is called once per self.test_* method after the test run.""" @@ -523,7 +522,7 @@ class GPGTestCase(unittest.TestCase): self.assertIsNotNone(key) self.assertNotEquals(key, "") self.assertGreater(len(str(key)), 0) - keyfile = os.path.join(self.gpg._keys_dir, 'test_key_3.pub') + keyfile = os.path.join(_files, 'test_key_3.pub') log.debug("Storing downloaded key as %s" % keyfile) with open(keyfile, 'w') as fh: fh.write(str(key)) From 2c0c826c0f55864a39f7c92f4b88b108ebd513fa Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 24 Oct 2013 18:04:30 -0200 Subject: [PATCH 3/4] Fix gpg binary path validation. --- gnupg/_util.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnupg/_util.py b/gnupg/_util.py index 108a009..28b8280 100644 --- a/gnupg/_util.py +++ b/gnupg/_util.py @@ -271,6 +271,8 @@ def _find_binary(binary=None): except IndexError as ie: log.info("Could not determine absolute path of binary: '%s'" % binary) + elif os.access(binary, os.X_OK): + found = binary if found is None: try: found = _which('gpg')[0] except IndexError as ie: From 2f60144ad94df1291bb59fe4cf0fa61093020f79 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 24 Oct 2013 18:05:18 -0200 Subject: [PATCH 4/4] Fix validation of --verify argument using detached sig. --- gnupg/_parsers.py | 12 ++++++++---- gnupg/gnupg.py | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/gnupg/_parsers.py b/gnupg/_parsers.py index e409afc..1c99c0d 100644 --- a/gnupg/_parsers.py +++ b/gnupg/_parsers.py @@ -298,7 +298,7 @@ def _sanitise(*args): values = value.split(' ') for v in values: ## these can be handled separately, without _fix_unsafe(), - ## because they are only allowed if the pass the regex + ## because they are only allowed if they pass the regex if (flag in none_options) and (v is None): continue @@ -332,8 +332,11 @@ def _sanitise(*args): if flag in ['--encrypt', '--encrypt-files', '--decrypt', '--decrypt-files', '--import', '--verify']: - if _util._is_file(val): checked += (val + " ") - else: log.debug("%s not file: %s" % (flag, val)) + if _util._is_file(val) or \ + (flag == '--verify' and val == '-'): + checked += (val + " ") + else: + log.debug("%s not file: %s" % (flag, val)) elif flag in ['--cipher-algo', '--personal-cipher-prefs', '--personal-cipher-preferences']: @@ -372,7 +375,8 @@ def _sanitise(*args): groups[last] = str(filo.pop()) ## accept the read-from-stdin arg: if len(filo) >= 1 and filo[len(filo)-1] == '-': - groups[last] += str(' - \'\'') ## gross hack + groups[last] += str(' - ') ## gross hack + filo.pop() else: groups[last] = str() while len(filo) > 1 and not is_flag(filo[len(filo)-1]): diff --git a/gnupg/gnupg.py b/gnupg/gnupg.py index 489e652..7d6fc30 100644 --- a/gnupg/gnupg.py +++ b/gnupg/gnupg.py @@ -308,7 +308,7 @@ class GPG(GPGBase): sig_fh = None try: sig_fh = open(sig_file) - args = ["--verify %s - " % sig_fh.name] + args = ["--verify %s -" % sig_fh.name] proc = self._open_subprocess(args) writer = _util._threaded_copy_data(file, proc.stdin) self._collect_output(proc, result, stdin=proc.stdin)