From fbf8fd7ca0b55fd73ddf218378a9d7fe100f67b7 Mon Sep 17 00:00:00 2001
From: Yann Leboulanger <asterix@lagaule.org>
Date: Sat, 30 Nov 2013 10:10:39 +0100
Subject: [PATCH] [fedor] fix gpg signature when hash algo is not SHA-1. Fixes
 #7569

---
 src/common/gpg.py | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/common/gpg.py b/src/common/gpg.py
index fa158aa24b..bee9d004a5 100644
--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@@ -80,14 +80,21 @@ if HAVE_GPG:
         def verify(self, str_, sign):
             if str_ is None:
                 return ''
-            data = '-----BEGIN PGP SIGNED MESSAGE-----' + os.linesep
-            data = data + 'Hash: SHA1' + os.linesep + os.linesep
-            data = data + str_ + os.linesep
-            data = data + self._addHeaderFooter(sign, 'SIGNATURE')
-            result = super(GnuPG, self).verify(data)
-
-            if result.valid:
-                return result.key_id
+            # Hash algorithm is not transfered in the signed presence stanza so try
+            # all algorithms. Text name for hash algorithms from RFC 4880 - section 9.4
+            hash_algorithms = ['SHA512', 'SHA384', 'SHA256', 'SHA224', 'SHA1', 'RIPEMD160']
+            for algo in hash_algorithms:
+                data = os.linesep.join(
+                    ['-----BEGIN PGP SIGNED MESSAGE-----',
+                     'Hash: ' + algo,
+                     '',
+                     str_,
+                     self._addHeaderFooter(sign, 'SIGNATURE')]
+                    )
+                result = super(GnuPG, self).verify(data)
+                if result.valid:
+                    return result.key_id
+
             return ''
 
         def get_keys(self, secret=False):
-- 
GitLab