preparescript: Download pgp pubkey before checking btc fastsync sig

This commit is contained in:
tecnovert 2023-01-04 13:45:16 +02:00
parent 9677c48f39
commit 149616a59f
No known key found for this signature in database
GPG Key ID: 8ED6D8750C4E3F93

View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (c) 2019-2022 tecnovert # Copyright (c) 2019-2023 tecnovert
# Distributed under the MIT software license, see the accompanying # Distributed under the MIT software license, see the accompanying
# file LICENSE or http://www.opensource.org/licenses/mit-license.php. # file LICENSE or http://www.opensource.org/licenses/mit-license.php.
@ -359,6 +359,13 @@ def testOnionLink():
logger.info('Onion links work.') logger.info('Onion links work.')
def havePubkey(gpg, key_id):
for key in gpg.list_keys():
if key['keyid'] == key_id:
return True
return False
def downloadPIVXParams(output_dir): def downloadPIVXParams(output_dir):
# util/fetch-params.sh # util/fetch-params.sh
@ -1175,12 +1182,14 @@ def signal_handler(sig, frame):
def check_btc_fastsync_data(base_dir, sync_file_path): def check_btc_fastsync_data(base_dir, sync_file_path):
github_pgp_url = 'https://raw.githubusercontent.com/tecnovert/basicswap/master/pgp'
gitlab_pgp_url = 'https://gitlab.com/particl/basicswap/-/raw/master/pgp'
asc_filename = BITCOIN_FASTSYNC_FILE + '.asc' asc_filename = BITCOIN_FASTSYNC_FILE + '.asc'
asc_file_path = os.path.join(base_dir, asc_filename) asc_file_path = os.path.join(base_dir, asc_filename)
if not os.path.exists(asc_file_path): if not os.path.exists(asc_file_path):
asc_file_urls = ( asc_file_urls = (
'https://raw.githubusercontent.com/tecnovert/basicswap/master/pgp/sigs/' + asc_filename, github_pgp_url + '/sigs/' + asc_filename,
'https://gitlab.com/particl/basicswap/-/raw/master/pgp/sigs/' + asc_filename, gitlab_pgp_url + '/sigs/' + asc_filename,
) )
for url in asc_file_urls: for url in asc_file_urls:
try: try:
@ -1189,6 +1198,13 @@ def check_btc_fastsync_data(base_dir, sync_file_path):
except Exception as e: except Exception as e:
logging.warning('Download failed: %s', str(e)) logging.warning('Download failed: %s', str(e))
gpg = gnupg.GPG() gpg = gnupg.GPG()
pubkey_filename = '{}_{}.pgp'.format('particl', 'tecnovert')
pubkeyurls = [
github_pgp_url + '/keys/' + pubkey_filename,
gitlab_pgp_url + '/keys/' + pubkey_filename,
]
if not havePubkey(gpg, expected_key_ids['tecnovert'][0]):
importPubkeyFromUrls(gpg, pubkeyurls)
with open(asc_file_path, 'rb') as fp: with open(asc_file_path, 'rb') as fp:
verified = gpg.verify_file(fp, sync_file_path) verified = gpg.verify_file(fp, sync_file_path)