+ def refresh_keyring(self, fingerprint=None):
+ if fingerprint is not None:
+ print('Refreshing local keyring... Missing key: ' + fingerprint)
+ else:
+ print('Refreshing local keyring...')
+
+ # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/
+ p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
+ '--homedir', self.paths['gnupg_homedir'],
+ '--auto-key-locate', 'nodefault,wkd',
+ '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE)
+ p.wait()
+
+ for output in p.stderr.readlines():
+ match = gnupg_import_ok_pattern.match(output)
+ if match and match.group(2) == 'IMPORT_OK':
+ fingerprint = str(match.group(4))
+ if match.group(3) == '0':
+ print('Keyring refreshed successfully...')
+ print(' No key updates for key: ' + fingerprint)
+ elif match.group(3) == '4':
+ print('Keyring refreshed successfully...')
+ print(' New signatures for key: ' + fingerprint)
+ else:
+ print('Keyring refreshed successfully...')
+
+ def import_key_and_check_status(self, key):
+ """Import a GnuPG key and check that the operation was successful.
+ :param str key: A string specifying the key's filepath from
+ ``Common.paths``
+ :rtype: bool
+ :returns: ``True`` if the key is now within the keyring (or was
+ previously and hasn't changed). ``False`` otherwise.
+ """
+ with gpg.Context() as c:
+ c.set_engine_info(gpg.constants.protocol.OpenPGP, home_dir=self.paths['gnupg_homedir'])
+
+ impkey = self.paths['signing_keys'][key]
+ try:
+ c.op_import(gpg.Data(file=impkey))
+ except:
+ return False
+ else:
+ result = c.op_import_result()
+ if result and self.fingerprints[key] in result.imports[0].fpr:
+ return True
+ else:
+ return False
+