x[hSrSSKrSSKrSSKrSSKrSSKrSSKJr SSKJ r J r SSK J r \R"\5rSr"SS5rg) z0gpg.py - Collection of gpg key related functionsN)TemporaryDirectory)DictOptional)subp GNUPGHOMEc\rSrSrSrSr\S\\\44Sj5r Sr SSjr S \S\ \4S jr S \S\4S jrSS \S\4S jjrSS \S\SS4SjjrS \SS4SjrSS\S\S\ \4SjjrSSjrSrg)GPGc>SUl0Ul[5Ulg)NF) gpg_started_envrtemp_dirselfs //usr/lib/python3/dist-packages/cloudinit/gpg.py__init__ GPG.__init__s  *, cU$Nrs r __enter__ GPG.__enter__s rreturncUR(a UR$SUl[URR0UlUR$)zwhen this env property gets invoked, set up our temporary directory, and also set gpg_started to tell the cleanup() method whether or not why put this here and not in __init__? pytest seems unhappy and it's not obvious how to work around it T)r r HOMErnamers renvGPG.env"s= 9999 4==--. yyrc$UR5 gr)cleanup)rexc_typ exc_value tracebacks r__exit__ GPG.__exit__1s  rNcUR5 UR(aT[RR URR 5(aURR 5 ggg)z0cleanup the gpg temporary directory and kill gpgN)kill_gpgrospathisdirrr!rs rr! GPG.cleanup4sE  ==RWW]]4==+=+=>> MM ! ! #?=rkeyc[R"SSSU/SURS9R$![Ra n[R SX5 SnAgSnAff=f)z*Export gpg key, armoured key gets returnedgpgz--exportz--armourTcapture update_env&Failed to export armoured key "%s": %sN)rrstdoutProcessExecutionErrorLOGdebugrr-errors r export_armourGPG.export_armour:se L99 J488f   )) L II> K K Ls-0A$AA$c\[R"SS/USURS9R$)zvDearmor gpg key, dearmored key gets returned note: man gpg(1) makes no mention of an --armour spelling, only --armor r/z --dearmorF)datadecoder2)rrr4)rr-s rdearmor GPG.dearmorGs, yy K s5TXX & rkey_filec/SQnU(dURS5 URU5 [R"X0RSS9upEU(a[R SX5 U$)zList keys from a keyring with fingerprints. Default to a stable machine parseable format. @param key_file: a string containing a filepath to a key @param human_output: return output intended for human parsing )r/z --no-optionsz--with-fingerprintz--no-default-keyringz --list-keysz --keyringz --with-colonsT)r2r1r3)appendrrr6warning)rrA human_outputcmdr4stderrs r list_keys GPG.list_keysPsW  JJ ' 8388TJ  KK8(  r keyserverc[RSX5 SnSn[U=(d /5nUS- n[R"SSSU-S U/SURS 9 [RS UUU5 g![R a nUnSnAOSnAff=f[ U5n[RS URU5 [R"U5 O#![an[S XXE4-5UeSnAff=fM)aReceive gpg key from the specified keyserver. Retries are done by default because keyservers can be unreliable. Additionally, there is no way to determine the difference between a non-existent key and a failure. In both cases gpg (at least 2.2.4) exits with status 2 and stderr: "keyserver receive failed: No data" It is assumed that a key provided to cloud-init exists on the keyserver so re-trying makes better sense than failing. @param key: a string key fingerprint (as passed to gpg --recv-keys). @param keyserver: the keyserver to request keys from. @param retries: an iterable of sleep lengths for retries. Use None to indicate no retries.z&Importing key '%s' from keyserver '%s'rNTr/z--no-ttyz--keyserver=%sz --recv-keysr0z/Imported key '%s' from keyserver '%s' on try %dz6Import failed with exit code %d, will try again in %ssz@Failed to import key '%s' from keyserver '%s' after %d tries: %s) r6r7iterrrr5next exit_codetimesleep StopIteration ValueError) rr-rJretriestrynumr9sleepsenaplens rrecv_key GPG.recv_keyjs :CKgm$ aKF  "(94% !#xx  E  --   f LOO  6"   ),/F+JK ?s1AA77B BBAC C>(C99C>c[R"SSSSU/SURS9 g![Ra n[R SX5 SnAgSnAff=f) z0Delete the specified key from the local gpg ringr/z--batchz--yesz --delete-keysTr0zFailed delete key "%s": %sN)rrr5r6rDr8s r delete_keyGPG.delete_keysX B II 7OSA88  )) B KK4c A A Bs%(AAAkeyidcURU5nU(d5URXS9 URU5nUR U5 U$U$![a [R SU5 ef=f!UR U5 f=f)zget gpg keyid from keyserver)rJzFailed to obtain gpg key %s)r:rYrSr6 exceptionr\)rr^rJarmours r getkeybyidGPG.getkeybyids##E* ' e 9++E2& v   ;UC  &s A"A22A55BcUR(dg[R"S5(a-[R"/SQSURS9Rng[R"/SQSSS/S 9Rn[ R "S U5nUVs/sHo3SS :XdM [US5PM nnU(a[RS U5 UH(n[R"U[R5 M* gs snf![Ra n[RS U5 SnAgSnAff=f)zkilling with gpgconf is best practice, but when it isn't available failover is possible GH: 4344 - stop gpg-agent/dirmgr daemons spawned by gpg key imports. Daemons spawned by cloud-config.service on systemd v253 report (running) Ngpgconf)rez--killallTr0) psz-ozppid,pid-Ckeyboxdrhdirmngrrhz gpg-agentrrL)r1rcsz(?P\d+)\s+(?P\d+)1z&Killing gpg-agent and dirmngr pids: %sz"Failed to clean up gpg process: %s)r rwhichrr4refindallintr6r7r)killsignalSIGKILLr5rD)rgpg_process_outgpg_pidspid root_gpg_pidsgpg_pidrWs rr( GPG.kill_gpgs& A##zz)$$"&))0 #xx#&  #')) !A#& ::3_,4!+3C1v}KCAK8!!II@- -GGGGV^^4 -!)) A KKrsE7 '! !SASAr