+def process_gpgv_output(status):
+ # Process the status-fd output
+ keywords = {}
+ internal_error = ""
+ for line in status.split('\n'):
+ line = line.strip()
+ if line == "":
+ continue
+ split = line.split()
+ if len(split) < 2:
+ internal_error += "gpgv status line is malformed (< 2 atoms) ['%s'].\n" % (line)
+ continue
+ (gnupg, keyword) = split[:2]
+ if gnupg != "[GNUPG:]":
+ internal_error += "gpgv status line is malformed (incorrect prefix '%s').\n" % (gnupg)
+ continue
+ args = split[2:]
+ if keywords.has_key(keyword) and (keyword != "NODATA" and keyword != "SIGEXPIRED"):
+ internal_error += "found duplicate status token ('%s').\n" % (keyword)
+ continue
+ else:
+ keywords[keyword] = args
+
+ return (keywords, internal_error)
+
+################################################################################
+
+def retrieve_key (filename, keyserver=None, keyring=None):
+ """Retrieve the key that signed 'filename' from 'keyserver' and
+add it to 'keyring'. Returns nothing on success, or an error message
+on error."""
+
+ # Defaults for keyserver and keyring
+ if not keyserver:
+ keyserver = Cnf["Dinstall::KeyServer"]
+ if not keyring:
+ keyring = Cnf["Dinstall::GPGKeyring"]
+
+ # Ensure the filename contains no shell meta-characters or other badness
+ if not re_taint_free.match(filename):
+ return "%s: tainted filename" % (filename)
+
+ # Invoke gpgv on the file
+ status_read, status_write = os.pipe();
+ cmd = "gpgv --status-fd %s --keyring /dev/null %s" % (status_write, filename)
+ (_, status, _) = gpgv_get_status_output(cmd, status_read, status_write)