diff options
| author | Elliott Hughes <enh@google.com> | 2013-04-22 19:03:06 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2013-04-22 19:03:06 +0000 |
| commit | bda2fb5efab914e8442ec9c38961b7182ac5978c (patch) | |
| tree | dfe6759d3f728b58216fa3898f514b86d2fec521 /libc/tools | |
| parent | 70e0bd3a448fc345d75d16caf40babf36463f0ec (diff) | |
| parent | 676e66db251cb54b51be5f6f8190a47a8b131738 (diff) | |
| download | bionic-bda2fb5efab914e8442ec9c38961b7182ac5978c.zip bionic-bda2fb5efab914e8442ec9c38961b7182ac5978c.tar.gz bionic-bda2fb5efab914e8442ec9c38961b7182ac5978c.tar.bz2 | |
Merge "Add signature checking to HTTP tzdata updates."
Diffstat (limited to 'libc/tools')
| -rwxr-xr-x | libc/tools/zoneinfo/update-tzdata.py | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/libc/tools/zoneinfo/update-tzdata.py b/libc/tools/zoneinfo/update-tzdata.py index ffcdf54..2b30c15 100755 --- a/libc/tools/zoneinfo/update-tzdata.py +++ b/libc/tools/zoneinfo/update-tzdata.py @@ -80,24 +80,28 @@ def FtpUpgrade(ftp, data_filename): signature_filename = '%s.asc' % data_filename FtpRetrieve(ftp, signature_filename) - print 'Verifying signature...' - # If this fails for you, you probably need to import Paul Eggert's public key: - # gpg --recv-keys ED97E90E62AA7E34 - subprocess.check_call(['gpg', '--trusted-key=ED97E90E62AA7E34', '--verify', - signature_filename, data_filename]) - ExtractAndCompile(data_filename) +def HttpRetrieve(http, path, output_filename): + http.request("GET", path) + f = open(output_filename, 'wb') + f.write(http.getresponse().read()) + f.close() + + def HttpUpgrade(http, data_filename): """Downloads and repackages the given data from the given HTTP server.""" SwitchToNewTemporaryDirectory() + path = "/time-zones/repository/releases/%s" % data_filename + print 'Downloading data...' - http.request("GET", "/time-zones/repository/releases/%s" % data_filename) - f = open(data_filename, 'wb') - f.write(http.getresponse().read()) - f.close() + HttpRetrieve(http, path, data_filename) + + print 'Downloading signature...' + signature_filename = '%s.asc' % data_filename + HttpRetrieve(http, "%s.asc" % path, signature_filename) ExtractAndCompile(data_filename) @@ -105,6 +109,13 @@ def HttpUpgrade(http, data_filename): def ExtractAndCompile(data_filename): new_version = re.search('(tzdata.+)\\.tar\\.gz', data_filename).group(1) + signature_filename = '%s.asc' % data_filename + print 'Verifying signature...' + # If this fails for you, you probably need to import Paul Eggert's public key: + # gpg --recv-keys ED97E90E62AA7E34 + subprocess.check_call(['gpg', '--trusted-key=ED97E90E62AA7E34', '--verify', + signature_filename, data_filename]) + print 'Extracting...' os.mkdir('extracted') tar = tarfile.open(data_filename, 'r') |