o w7eH@spdZddlZddlmZddlmZeeZgdZ ddZ dd Z dd d Z dddZ ddZdddZdS)z0gpg.py - Collection of gpg key related functionsN)log)subp)gpgz--with-fingerprintz--no-default-keyringz --list-keysz --keyringc Cs\ztjddd|gdd\}}W|Stjy-}ztd||d}WYd}~|Sd}~ww)z*Export gpg key, armoured key gets returnedrz--exportz--armourTcapture&Failed to export armoured key "%s": %sN)rProcessExecutionErrorLOGdebug)keyarmour_errorr//usr/lib/python3/dist-packages/cloudinit/gpg.py export_armours  rcCstjddg|ddjS)z~Dearmor gpg key, dearmored key gets returned note: man gpg(1) makes no mention of an --armour spelling, only --armor rz --dearmorF)datadecode)rstdout)r rrrdearmor'srFcCsNg}|t|s|d||tj|dd\}}|r%td|||S)zList keys from a keyring with fingerprints. Default to a stable machine parseable format. @param key_file: a string containing a filepath to a key @param human_output: return output intended for human parsing z --with-colonsTrr)extendGPG_LISTappendrr warning)key_file human_outputcmdrstderrrrrlist/s   rr c Cstd||ddd|d|g}|durg}d}d}t|} |d 7}ztj|dd td |||WdStjyJ}z|}WYd}~nd}~wwzt|}td |j|t|Wnt yu}z t d ||||f|d}~wwq)aReceive gpg key from the specified keyserver. Retries are done by default because keyservers can be unreliable. Additionally, there is no way to determine the difference between a non-existant key and a failure. In both cases gpg (at least 2.2.4) exits with status 2 and stderr: "keyserver receive failed: No data" It is assumed that a key provided to cloud-init exists on the keyserver so re-trying makes better sense than failing. @param key: a string key fingerprint (as passed to gpg --recv-keys). @param keyserver: the keyserver to request keys from. @param retries: an iterable of sleep lengths for retries. Use None to indicate no retries.z&Importing key '%s' from keyserver '%s'rz--no-ttyz--keyserver=%sz --recv-keysNrTr rz/Imported key '%s' from keyserver '%s' on try %dz6Import failed with exit code %d, will try again in %ssz@Failed to import key '%s' from keyserver '%s' after %d tries: %s) r r iterrrnext exit_codetimesleep StopIteration ValueError) r keyserverretriesrtrynumrsleepsenaplenrrrrecv_keyBsR r.c CsVztjdddd|gddWdStjy*}ztd||WYd}~dSd}~ww) z0Delete the specified key from the local gpg ringrz--batchz--yesz --delete-keysTrzFailed delete key "%s": %sN)rrr r)r rrrr delete_keyss r/keyserver.ubuntu.comcCs`t|}|s.z"z t||dt|}Wnty!td|wWt||St|w|S)zget gpg keyid from keyserver)r(zFailed to obtain gpg key %s)rr.r'r exceptionr/)keyidr(r rrr getkeybyid}s     r3)F)r)r0)__doc__r$ cloudinitrloggingr getLogger__name__r rrrrr.r/r3rrrrs      1