Remove pgp support

With the signatures being removed from the package DBs this is not needed anymore
2023-11-04 18:51:59 +01:00 · 2023-11-04 18:51:59 +01:00 · c746ac14b9
commit c746ac14b9
parent 875b5d8a99
6 changed files with 1 additions and 106 deletions
--- a/app/appstate.py
+++ b/app/appstate.py
@ -4,7 +4,6 @@
 from __future__ import annotations

 import re
-import base64
 import uuid
 import time
 from datetime import datetime, timezone
@ -18,7 +17,6 @@ from pydantic import BaseModel
 from .appconfig import REPOSITORIES
 from .utils import vercmp, version_is_newer_than, extract_upstream_version, split_depends, \
    split_optdepends, strip_vcs
-from .pgp import parse_signature
 from .pkgextra import PkgExtra, PkgExtraEntry


@ -246,7 +244,6 @@ class Package:
        self.builddate = int(builddate)
        self.csize = csize
        self.url = url
-        self.signature = parse_signature(base64.b64decode(pgpsig)) if pgpsig is not None else None
        self.depends = split_depends(depends)
        self.checkdepends = split_depends(checkdepends)
        self.filename = filename
--- a/app/pgp.py
+++ b/app/pgp.py
@ -1,58 +0,0 @@
-from pgpdump import BinaryData
-from pgpdump.utils import PgpdumpException
-from datetime import datetime
-from typing import NamedTuple
-import struct
-import binascii
-
-
-KNOWN_KEYS = {
-    "5F92EFC1A47D45A1": "Alexey Pavlov",
-    "4DF3B7664CA56930": "Ray Donnelly",
-    "D595C9AB2C51581E": "Martell Malone",
-    "974C8BE49078F532": "David Macek",
-    "FA11531AA0AA7F57": "Christoph Reiter",
-    "628F528CF3053E04": "David Macek",
-}
-
-
-class Signature(NamedTuple):
-    keyid: str
-    date: datetime
-
-    @property
-    def url(self) -> str:
-        return "https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x" + self.keyid
-
-    @property
-    def name(self) -> str:
-        return KNOWN_KEYS.get(self.keyid.upper(), "Unknown")
-
-
-class SigError(Exception):
-    pass
-
-
-def parse_signature(sig_data: bytes) -> Signature:
-    date = None
-    keyid = None
-
-    try:
-        parsed = BinaryData(sig_data)
-    except PgpdumpException as e:
-        raise SigError(e)
-
-    for x in parsed.packets():
-        if x.raw == 2:
-            for sub in x.subpackets:
-                if sub.subtype == 2:
-                    date = datetime.utcfromtimestamp(struct.unpack('>I', sub.data)[0])
-                if sub.subtype == 16:
-                    keyid = binascii.hexlify(sub.data).decode()
-
-    if keyid is None:
-        raise SigError("keyid missing")
-    if date is None:
-        raise SigError("date missing")
-
-    return Signature(keyid, date)
--- a/app/templates/package.html
+++ b/app/templates/package.html
@ -104,14 +104,6 @@
      <dt class="col-sm-3 text-sm-end">Build Date:</dt>
      <dd class="col-sm-9">{{ p.builddate|timestamp }}</dd>

-      {% if p.signature %}
-      <dt class="col-sm-3 text-sm-end">Signed By:</dt>
-      <dd class="col-sm-9"><a href="{{ p.signature.url }}">{{ p.signature.name }}</a></dd>
-
-      <dt class="col-sm-3 text-sm-end">Signature Date:</dt>
-      <dd class="col-sm-9">{{ p.signature.date }}</dd>
-      {% endif %}
-
      <dt class="col-sm-3 text-sm-end">Package Size:</dt>
      <dd class="col-sm-9">{{ p.csize|filesize }}</dd>

--- a/poetry.lock
+++ b/poetry.lock
@ -707,16 +707,6 @@ files = [
    {file = "packaging-23.2.tar.gz", hash = "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5"},
 ]

-[[package]]
-name = "pgpdump"
-version = "1.5"
-description = "PGP packet parser library"
-optional = false
-python-versions = "*"
-files = [
-    {file = "pgpdump-1.5.tar.gz", hash = "sha256:1c4700857bf7ba735b08cfe4101aa3a4f5fd839657af249c17b2697c20829668"},
-]
-
 [[package]]
 name = "pluggy"
 version = "1.3.0"
@ -1423,4 +1413,4 @@ cffi = ["cffi (>=1.11)"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.10"
-content-hash = "63317fcb0c858f668a0081a76231980cba9c13c4a7d444c35238e436afad0687"
+content-hash = "1b24715072edbdc34499b2d4e0615e878d43b2515f32c968dcf161ff4f90dc69"
--- a/pyproject.toml
+++ b/pyproject.toml
@ -13,7 +13,6 @@ uvicorn = {extras = ["standard"], version = "^0.23.0"}
 aiofiles = "^23.1.0"
 jinja2 = "^3.1.2"
 fastapi-etag = "^0.4.0"
-pgpdump = "^1.5"
 gunicorn = "^21.0.1"
 aiolimiter = "^1.0.0-beta.1"
 pydantic = "^2.0.3"
--- a/tests/test_main.py
+++ b/tests/test_main.py
@ -1,8 +1,6 @@
 # type: ignore

 import os
-import base64
-import datetime

 os.environ["NO_MIDDLEWARE"] = "1"

@ -10,7 +8,6 @@ import pytest
 from app import app
 from app.appstate import SrcInfoPackage, parse_packager
 from app.fetch import parse_cygwin_versions
-from app.pgp import parse_signature, SigError, Signature
 from app.utils import split_optdepends, strip_vcs, vercmp
 from app.pkgextra import extra_to_pkgextra_entry
 from fastapi.testclient import TestClient
@ -120,28 +117,6 @@ build-depends: cygport
    assert versions["headers"].version == "11.0.1"


-EXAMPLE_SIG = (
-    "iHUEABEIAB0WIQStNRxQrghXdetZMztfku/BpH1FoQUCXlOY5wAKCRBfku"
-    "/BpH1FodQoAP4nQnPNLnx5MVIJgZgCwW/hplW7Ai9MqkmFBqD8/+EXfAD/"
-    "Rgxtz2XH7RZ1JKh7PN5NsVz9UlBM7977PjFg9WptNGU=")
-
-
-def test_pgp():
-    with pytest.raises(SigError):
-        parse_signature(b"")
-
-    with pytest.raises(SigError):
-        parse_signature(b"foobar")
-
-    data = base64.b64decode(EXAMPLE_SIG)
-    sig = parse_signature(data)
-    assert isinstance(sig, Signature)
-    assert sig.keyid == "5f92efc1a47d45a1"
-    assert sig.date == datetime.datetime(2020, 2, 24, 9, 35, 35)
-    assert sig.name == "Alexey Pavlov"
-    assert sig.url == "https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x5f92efc1a47d45a1"
-
-
 def test_parse_packager():
    info = parse_packager("foobar")
    assert info.name == "foobar"