From a1186a8f25a48e91c70f341b421e7cdaa1e25674 Mon Sep 17 00:00:00 2001 From: James Falcon Date: Wed, 18 Sep 2024 15:03:52 -0500 Subject: [PATCH] stderr bad --- cloudinit/gpg.py | 17 +++++++++++++---- tests/integration_tests/userdata/test_pgp.py | 5 +---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/cloudinit/gpg.py b/cloudinit/gpg.py index e1d3f658b1a..792d39c4895 100644 --- a/cloudinit/gpg.py +++ b/cloudinit/gpg.py @@ -101,6 +101,19 @@ def decrypt(self, data: str, *, require_signature=False) -> str: :return: decrypted data :raises: ProcessExecutionError if gpg fails to decrypt data """ + if require_signature: + try: + subp.subp( + ["gpg", "--verify"], + data=data, + update_env=self.env, + ) + except subp.ProcessExecutionError as e: + if e.exit_code == 2: + raise GpgVerificationError( + "Signature verification failed" + ) from e + raise result = subp.subp( [ "gpg", @@ -109,10 +122,6 @@ def decrypt(self, data: str, *, require_signature=False) -> str: data=data, update_env=self.env, ) - if require_signature and "gpg: Good signature" not in result.stderr: - raise GpgVerificationError( - "Signature verification required, but no signature found" - ) return result.stdout def dearmor(self, key: str) -> str: diff --git a/tests/integration_tests/userdata/test_pgp.py b/tests/integration_tests/userdata/test_pgp.py index 713dc220826..c14529468e6 100644 --- a/tests/integration_tests/userdata/test_pgp.py +++ b/tests/integration_tests/userdata/test_pgp.py @@ -353,7 +353,4 @@ def test_encrypted_message_but_required_signature( result = client.execute("cloud-init status --format=json") assert result.failed - assert ( - "Signature verification required, but no signature found" - in result.stdout - ) + assert "Signature verification failed" in result.stdout