Skip to content

Commit f1b10c6

Browse files
committed
Fix gpg.verify with python-gnupg >=0.5.1
The reported signature validity levels were bumped in vsajip/python-gnupg#205
1 parent c63a0bd commit f1b10c6

File tree

2 files changed

+51
-29
lines changed

2 files changed

+51
-29
lines changed

salt/modules/gpg.py

Lines changed: 50 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,17 @@
2929

3030
log = logging.getLogger(__name__)
3131

32-
# Define the module's virtual name
32+
try:
33+
import gnupg
34+
35+
HAS_GPG_BINDINGS = True
36+
except ImportError:
37+
HAS_GPG_BINDINGS = False
38+
39+
3340
__virtualname__ = "gpg"
3441

42+
# Map of letters indicating key validity to pretty string (for display)
3543
LETTER_TRUST_DICT = immutabletypes.freeze(
3644
{
3745
"e": "Expired",
@@ -45,6 +53,22 @@
4553
}
4654
)
4755

56+
57+
# Map of allowed `trust_level` param values in `trust_key`
58+
# to trust parameter for python-gnupg trust_keys (to manage owner trust)
59+
TRUST_KEYS_TRUST_LEVELS = immutabletypes.freeze(
60+
{
61+
"expired": "TRUST_EXPIRED",
62+
"unknown": "TRUST_UNDEFINED",
63+
"not_trusted": "TRUST_NEVER",
64+
"marginally": "TRUST_MARGINAL",
65+
"fully": "TRUST_FULLY",
66+
"ultimately": "TRUST_ULTIMATE",
67+
}
68+
)
69+
70+
# Map of allowed `trust_level` param values in `trust_key`
71+
# to owner trust numeric values
4872
NUM_TRUST_DICT = immutabletypes.freeze(
4973
{
5074
"expired": "1",
@@ -56,6 +80,7 @@
5680
}
5781
)
5882

83+
# Map of owner trust numeric values to pretty string (for display)
5984
INV_NUM_TRUST_DICT = immutabletypes.freeze(
6085
{
6186
"1": "Expired",
@@ -67,36 +92,33 @@
6792
}
6893
)
6994

70-
VERIFY_TRUST_LEVELS = immutabletypes.freeze(
71-
{
72-
"0": "Undefined",
73-
"1": "Never",
74-
"2": "Marginal",
75-
"3": "Fully",
76-
"4": "Ultimate",
77-
}
78-
)
79-
80-
TRUST_KEYS_TRUST_LEVELS = immutabletypes.freeze(
81-
{
82-
"expired": "TRUST_EXPIRED",
83-
"unknown": "TRUST_UNDEFINED",
84-
"never": "TRUST_NEVER",
85-
"marginally": "TRUST_MARGINAL",
86-
"fully": "TRUST_FULLY",
87-
"ultimately": "TRUST_ULTIMATE",
88-
}
89-
)
95+
# Map of signature validity numeric values to pretty string (for display)
96+
if not HAS_GPG_BINDINGS:
97+
VERIFY_TRUST_LEVELS = {}
98+
elif salt.utils.versions.version_cmp(gnupg.__version__, "0.5.1") >= 0:
99+
VERIFY_TRUST_LEVELS = immutabletypes.freeze(
100+
{
101+
"0": "Expired",
102+
"1": "Undefined",
103+
"2": "Never",
104+
"3": "Marginal",
105+
"4": "Fully",
106+
"5": "Ultimate",
107+
}
108+
)
109+
else:
110+
VERIFY_TRUST_LEVELS = immutabletypes.freeze(
111+
{
112+
"0": "Undefined",
113+
"1": "Never",
114+
"2": "Marginal",
115+
"3": "Fully",
116+
"4": "Ultimate",
117+
}
118+
)
90119

91120
_DEFAULT_KEY_SERVER = "keys.openpgp.org"
92121

93-
try:
94-
import gnupg
95-
96-
HAS_GPG_BINDINGS = True
97-
except ImportError:
98-
HAS_GPG_BINDINGS = False
99-
100122

101123
def _gpg():
102124
"""

tests/pytests/functional/modules/test_gpg.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -797,7 +797,7 @@ def test_verify_with_keyring(gpghome, gnupg, gpg, keyring, sig, signed_data, key
797797
@pytest.mark.usefixtures("_pubkeys_present")
798798
# Can't easily test the other signature validity levels since
799799
# we would need to sign the pubkey ourselves, which is not
800-
# exposed by python-gpg as of release 0.5.2.
800+
# exposed by python-gnupg as of release 0.5.2.
801801
@pytest.mark.parametrize(
802802
"ownertrust,text", (("TRUST_NEVER", "Undefined"), ("TRUST_ULTIMATE", "Ultimate"))
803803
)

0 commit comments

Comments
 (0)