Windows doesn't have EUIDs, so instead we'll check that the usernames
match. This doesn't seem the least bit secure to me, but it's Windows so
they're probably owned anyway. If anyone knows one of the "proper" ways
to determine if another process has the same owner on Windows, I'd love
to know about it.
* FIXES Issue #58 but I don't have a Windows machine to test so maybe
it's still broken.
https://github.com/isislovecruft/python-gnupg/issues/58
Existing code gives up searching for a GnuPG executable (returning None --
contrary to the docstring indicating that a RuntimeError will be thrown in all
cases where no binary can be found) if the first item found is a symlink or is
not accessed via an absolute path.
This refactored version moves the filtering logic down into the _which helper
-- and thus continues to search past unacceptable results -- even if the first
item found is not acceptable.
When gnupg.GPG.verify_file() was changed recently to take the filename
of the signature file as an argument to GnuPG, and then take the data
file to be verified on stdin, the parser in _parsers._check_options()
would call _util._is_file(), which would return False and log an error
that "'-' is not a file!". This fixes that issue by catching OSError and
treating it differently.
Additionally, I renamed the _util._is_file() parameter
`input`→`filename` to avoid overriding a builtin method.
I also replaced the `assert` lines with explicit checks, because
`assert`s are stripped out when the Python interpreter is run with -OO.
* FIXES an issue with verification of detached signatures whose
datafiles are read from stdin.
* ADD function _util._deprefix() for stripping a given prefix from the
beginning of another string.
* ADD function _util._separate_keywork() for extracting the keyword from the
beginning of status-fd output.
* REMOVE excess EOL whitespace.
* CLEANUP method gnupg.GPGBase._read_response().
* CHANGE _find_binary() utility function to look for a gpg2 binary on the
users PATH if no binary is given and gpg is not found.
* FIXES an error where only gpg=>1.4.x was found.
* ADD functions _util._match_version_string(), _util._is_gpg2(), and
_util._is_gpg1() for determining whether to set the default Key-Type to
'default' (for GnuPG v2.x) or to 'RSA' (for GnuPG v1.x).
* ADD class attribute GPG.binary_version, which stores the GnuPG executable's
version string, which should be in the form x.x.x, where 'x' is an integer.
* ADD docs/change-license-emails.txt, which includes email exchanges between
myself and intrigeri, including links to Debian and LEAP mailing lists with
arguments for and against using AGPL for a library.
* CHANGE license header for all files.
* CHANGE LICENSE file and gnupg/copyright.py to use GPLv3+ text.
The following snippet shows that to create a proper timestamp, we should
feed mktime() with localtime() data rather than gmtime(), as it is locale
aware.
>>> from time import mktime, gmtime, localtime
>>> bad = gmtime(mktime(gmtime()))
>>> good = gmtime(mktime(localtime()))
>>> judge = gmtime()
>>> if bad == good: "You're using UTC. Demonstration is impossible."
... elif bad == judge: "I can be wrong"
... elif good == judge: "but this shows I'm right"
...
"but this shows I'm right"
The above code checks whether gmtime() == gmtime(timestamp) from
mktime(). Obviously we don't get the same 'now' if we feed the bad value
to mktime.
Isis Lovecruft
Charles Duffy
Les Aker
Matt Behrens
Thomas Tanner
drebs
Mikael Nordfeldth