pelican-sign

A pelican plugin for generating digests and signatures for content
git clone git://git.defalsify.org/pelican-sign.git
Info | Log | Files | Refs

sign.py (2102B)


      1 # standard imports
      2 import logging
      3 import hashlib
      4 import os
      5 import shutil
      6 
      7 # external imports
      8 import gnupg
      9 
     10 # local imports
     11 from pelican import signals
     12 
     13 logg = logging.getLogger(__name__)
     14 
     15 gpg = None
     16 gpg_keyid = None
     17 
     18 def sum_and_sign(path, context):
     19     for k in context.keys():
     20         logg.debug('context {} {}'.format(k, context[k]))
     21 
     22     if 'article' not in context.keys():
     23         return
     24 
     25     f = open(os.path.realpath(path), 'rb')
     26     b = b''
     27     while True:
     28         r = f.read()
     29         if len(r) == 0:
     30             break
     31         b += r
     32     f.close()
     33 
     34     h = hashlib.new('sha256')
     35     h.update(b)
     36     z = h.digest().hex()
     37 
     38     output_sign_path = os.path.dirname(path)
     39     try:
     40         os.mkdir(output_sign_path)
     41     except FileExistsError:
     42         pass
     43 
     44     logg.debug('using signature dir {} from {}'.format(output_sign_path, os.path.dirname(path)))
     45     os.makedirs(output_sign_path, exist_ok=True)
     46     file_name = os.path.basename(path)
     47     (stem, ext) = os.path.splitext(file_name)
     48     sig_path = os.path.join(output_sign_path, z + '.asc')
     49     gpg.sign(b,  detach=True, keyid=gpg_keyid, output=sig_path, extra_args=['--digest-algo', 'sha256'])
     50 
     51     reverse_path = os.path.join(output_sign_path, z)
     52     shutil.copy(path, reverse_path)
     53     
     54     sum_path = os.path.join(output_sign_path, stem + '.sha256')
     55     f = open(sum_path, 'w')
     56     c = 0
     57     while True:
     58         r = f.write(z[c:])
     59         if r == 0:
     60             break
     61         c += r
     62     f.write("\x09" + file_name)
     63     f.close()
     64 
     65 
     66 
     67 def set_sign_path(o):
     68     global output_sign_path
     69     global gpg
     70     global gpg_keyid 
     71 
     72     for k in o.settings.keys():
     73         logg.debug('setting {} {}'.format(k, o.settings[k]))
     74 
     75 
     76     logg.debug('opath {}'.format(o.path))
     77     gpg_dir = os.path.join(o.path, '.gnupg')
     78 
     79     try:
     80         os.mkdir(gpg_dir)
     81     except FileExistsError:
     82         pass
     83 
     84     gpg = gnupg.GPG(use_agent=True)
     85 
     86     gpg_keyid = o.settings.get('PLUGIN_SIGN_GPGKEY')
     87     logg.info('using gpg key {}'.format(gpg_keyid))
     88 
     89 
     90 def register():
     91     signals.content_written.connect(sum_and_sign)
     92     signals.initialized.connect(set_sign_path)