[fedor] fix gpg signature when hash algo is not SHA-1. Fixes #7569

fbf8fd7c · Yann Leboulanger · 90847091 · fbf8fd7c
Commit fbf8fd7c authored 11 years ago by Yann Leboulanger
--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@@ -80,14 +80,21 @@ if HAVE_GPG:
        def verify(self, str_, sign):
            if str_ is None:
                return ''
-            data = '-----BEGIN PGP SIGNED MESSAGE-----' + os.linesep
-            data = data + 'Hash: SHA1' + os.linesep + os.linesep
-            data = data + str_ + os.linesep
-            data = data + self._addHeaderFooter(sign, 'SIGNATURE')
-            result = super(GnuPG, self).verify(data)
-
-            if result.valid:
-                return result.key_id
+            # Hash algorithm is not transfered in the signed presence stanza so try
+            # all algorithms. Text name for hash algorithms from RFC 4880 - section 9.4
+            hash_algorithms = ['SHA512', 'SHA384', 'SHA256', 'SHA224', 'SHA1', 'RIPEMD160']
+            for algo in hash_algorithms:
+                data = os.linesep.join(
+                    ['-----BEGIN PGP SIGNED MESSAGE-----',
+                     'Hash: ' + algo,
+                     '',
+                     str_,
+                     self._addHeaderFooter(sign, 'SIGNATURE')]
+                    )
+                result = super(GnuPG, self).verify(data)
+                if result.valid:
+                    return result.key_id
+
            return ''

        def get_keys(self, secret=False):