X-Git-Url: http://git.onelab.eu/?p=nodemanager.git;a=blobdiff_plain;f=ticket.py;h=a52be173be217c32f74c5fd54d055ec50faf30dd;hp=2e87eb1c27d06398d6ba5a1bc5d643ec810f22c5;hb=HEAD;hpb=2cdb68a20824f5aa0245916f42decec37bc71bef diff --git a/ticket.py b/ticket.py index 2e87eb1..a52be17 100644 --- a/ticket.py +++ b/ticket.py @@ -5,15 +5,21 @@ You must already have the key in the keyring. """ from subprocess import PIPE, Popen -from xmlrpclib import dumps, loads +from xmlrpc.client import dumps, loads -GPG = '/usr/bin/gpg' +# see also myplc/plc.d/gpg +import os.path +GPG = '/usr/bin/gpg1' if os.path.exists("/usr/bin/gpg1") else "/usr/bin/gpg" +def _popen_gpg(*args): + """Return a Popen object to GPG.""" + return Popen((GPG, '--batch', '--no-tty') + args, + stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) def sign(data): """Return signed with the default GPG key.""" - msg = dumps((data,)) - p = _popen_gpg('--armor', '--sign') + msg = dumps((data,), methodresponse = True) + p = _popen_gpg('--armor', '--sign', '--keyring', '/etc/planetlab/secring.gpg', '--no-default-keyring') p.stdin.write(msg) p.stdin.close() signed_msg = p.stdout.read() @@ -24,17 +30,14 @@ def sign(data): def verify(signed_msg): """If is a valid signed document, return its contents. Otherwise, return None.""" - p = _popen_gpg('--decrypt') + p = _popen_gpg('--decrypt', '--keyring', '/usr/boot/pubring.gpg', '--no-default-keyring') p.stdin.write(signed_msg) p.stdin.close() msg = p.stdout.read() p.stdout.close() p.stderr.close() - if p.wait(): return None # verification failed + if p.wait(): + return None # verification failed else: data, = loads(msg)[0] return data - -def _popen_gpg(*args): - """Return a Popen object to GPG.""" - return Popen((GPG, '--batch', '--no-tty') + args, stdin=PIPE, stdout=PIPE, stderr=PIPE)