daklib.gpg

Utilities for signed files

@contact: Debian FTP Master <ftpmaster@debian.org> @copyright: 2011-2018 Ansgar Burchardt <ansgar@debian.org> @license: GNU General Public License version 2 or later

Functions

sign(infile[, outfile, keyids, inline, ...])

waitstatus_to_exitcode(status)

Classes

SignedFile(data, keyrings[, ...])

handle files signed with PGP

Exceptions

GpgException

exception daklib.gpg.GpgException[source]
class daklib.gpg.SignedFile(data: bytes, keyrings: Collection[str], require_signature: bool = True, *, detached_signature: bytes | None = None, gpg: str = '/usr/bin/gpg')[source]

handle files signed with PGP

The following attributes are available:

contents - byte-string with the content (after removing PGP armor) valid - Boolean indicating a valid signature was found weak_signature - signature uses a weak algorithm (e.g. SHA-1) fingerprint - fingerprint of the key used for signing primary_fingerprint - fingerprint of the primary key associated to the key used for signing

_do_io(read: Collection[int], write: Mapping[int, bytes]) dict[int, bytes][source]
_exec_gpg(stdin: int, stdout: int, stderr: int, statusfd: int, detached_signature_path: str | None) NoReturn[source]
_parse_status(line: bytes) None[source]
_parse_timestamp(timestamp: bytes, datestring: bytes | None = None) datetime[source]

parse timestamp in GnuPG’s format

Returns:

datetime object for the given timestamp

_verify(data: bytes, detached_signature: bytes | None, require_signature: bool) None[source]
property contents_sha1: str
property fingerprint: str

fingerprint of the (sub)key used for the signature

property primary_fingerprint: str

fingerprint of the primary key used for the signature

property signature_id: str
valid: bool

valid signature

class daklib.gpg._Pipe[source]

context manager for pipes

Note: When the pipe is closed by other means than the close_r and close_w methods, you have to set self.r (self.w) to None.

close_r()[source]

close reading side of the pipe

close_w()[source]

close writing part of the pipe

r: int | None
w: int | None
daklib.gpg._create_named_temporary_file_with_contents(contents: bytes)[source]
daklib.gpg.sign(infile, outfile=None, keyids: Iterable[str] = [], inline=False, pubring: str | None = None, homedir: str | None = None, passphrase_file: str | None = None, *, digest_algorithm='SHA256') bytes | None[source]
daklib.gpg.waitstatus_to_exitcode(status)[source]