From 261f237dc77ebe65eed9e5a359789600e737b536 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 3 Apr 2020 15:57:10 +0200 Subject: [PATCH] Initialize public key for online repo only when needed --- usr/lib/python3.8/spoc/repo_online.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/usr/lib/python3.8/spoc/repo_online.py b/usr/lib/python3.8/spoc/repo_online.py index 41d28a9..3f7d66a 100644 --- a/usr/lib/python3.8/spoc/repo_online.py +++ b/usr/lib/python3.8/spoc/repo_online.py @@ -15,11 +15,14 @@ from cryptography.hazmat.primitives.serialization import load_pem_public_key from .exceptions import AppNotFoundError, ImageNotFoundError from .config import ONLINE_PUBKEY, ONLINE_REPO_URL, ONLINE_SIG_URL, TYPE_APP, TYPE_IMAGE -def get_pubkey(): - pubkey = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----' - return load_pem_public_key(pubkey.encode(), default_backend()) +public_key = None -PUBLIC_KEY = get_pubkey() +def get_public_key(): + global public_key + if not public_key: + pem = f'-----BEGIN PUBLIC KEY-----\n{ONLINE_PUBKEY}\n-----END PUBLIC KEY-----' + public_key = load_pem_public_key(pem.encode(), default_backend()) + return public_key def verify_fileobj(fileobj, expected_hash): hasher = hashes.Hash(hashes.SHA512(), default_backend()) @@ -28,7 +31,7 @@ def verify_fileobj(fileobj, expected_hash): if not data: break hasher.update(data) - PUBLIC_KEY.verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512()))) + get_public_key().verify(bytes.fromhex(expected_hash), hasher.finalize(), ec.ECDSA(utils.Prehashed(hashes.SHA512()))) def download_archive(archive_url, archive_path, expected_hash, observer=None): # Check if an archive needs to be downloaded via http(s) @@ -97,7 +100,7 @@ def load(): resource = session.get(ONLINE_SIG_URL, timeout=5) resource.raise_for_status() packages_sig = resource.content - PUBLIC_KEY.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512())) + get_public_key().verify(packages_sig, packages, ec.ECDSA(hashes.SHA512())) data = json.loads(packages.decode()) mtime = time.time()