tgpg signing of Release files (using python-gnupg) - amprolla - devuan's apt repo merger
(HTM) git clone git://parazyd.org/amprolla.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 0454dba27c9b281b9eaca4b75184a8bc1f54cf15
(DIR) parent 94adcf6b6e35c9bbe6dbae6f3db6c15472ba3d65
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Mon, 5 Jun 2017 21:10:06 +0200
gpg signing of Release files (using python-gnupg)
Diffstat:
M lib/config.py | 10 +++++-----
M lib/package.py | 16 ++++++++--------
M lib/release.py | 22 +++++++++++++++++++++-
M orchestrate.py | 4 +++-
4 files changed, 37 insertions(+), 15 deletions(-)
---
(DIR) diff --git a/lib/config.py b/lib/config.py
t@@ -7,7 +7,7 @@ amprolla configuration file
from hashlib import md5, sha1, sha256
spooldir = './spool'
-sign_key = 'fa1b0274'
+signingkey = 'B876CB44FA1B0274'
mergedir = './merged'
mergesubdir = 'dists'
banpkgs = {'systemd', 'systemd-sysv'}
t@@ -111,16 +111,16 @@ mainrepofiles = [
]
pkgfiles = [
- # 'Packages',
+ 'Packages',
'Packages.gz',
- # 'Packages.xz',
+ 'Packages.xz',
'Release'
]
srcfiles = [
- # 'Sources',
+ 'Sources',
'Sources.gz',
- # 'Sources.xz,
+ 'Sources.xz',
'Release'
]
(DIR) diff --git a/lib/package.py b/lib/package.py
t@@ -30,8 +30,8 @@ def write_packages(packages, filename, sort=True, sources=False):
copyfile(rl.replace(mergedir, join(spooldir, 'devuan')), rl)
gzf = gzip_open(filename, 'w')
- #xzf = lzma_open(filename.replace('.gz', '.xz'), 'w')
- #f = open(filename.replace('.gz', ''), 'w')
+ xzf = lzma_open(filename.replace('.gz', '.xz'), 'w')
+ f = open(filename.replace('.gz', ''), 'w')
pkg_items = packages.items()
if sort:
t@@ -47,15 +47,15 @@ def write_packages(packages, filename, sort=True, sources=False):
if key in pkg_contents:
s = '%s: %s\n' % (key, pkg_contents[key])
gzf.write(s.encode('utf-8'))
- #xzf.write(s.encode('utf-8'))
- #f.write(s)
+ xzf.write(s.encode('utf-8'))
+ f.write(s)
gzf.write(b'\n')
- #xzf.write(b'\n')
- #f.write('\n')
+ xzf.write(b'\n')
+ f.write('\n')
gzf.close()
- #xzf.close()
- #f.close()
+ xzf.close()
+ f.close()
def load_packages_file(filename):
(DIR) diff --git a/lib/release.py b/lib/release.py
t@@ -6,8 +6,9 @@ Release file functions and helpers
from datetime import datetime, timedelta
from os.path import getsize
+import gnupg
-from lib.config import release_keys, checksums
+from lib.config import release_keys, checksums, signingkey
from lib.parse import parse_release_head
t@@ -47,3 +48,22 @@ def write_release(oldrel, newrel, filelist, r):
getsize(f), f.replace(r+'/', '')))
new.close()
+
+ sign_release(newrel)
+
+def sign_release(infile):
+ """
+ Signs both the clearsign and the detached signature of a Release file
+ """
+ gpg = gnupg.GPG()
+
+ stream = open(infile, 'rb')
+
+ # Clearsign
+ signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=True,
+ detach=False,
+ output=infile.replace('Release', 'InRelease'))
+
+ # Detached signature (somewhat broken?)
+ # signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=False,
+ # detach=True, output=infile + '.gpg')
(DIR) diff --git a/orchestrate.py b/orchestrate.py
t@@ -44,6 +44,7 @@ def gen_release(s):
for suite in suites[s]:
filelist = []
+ print('Crawling %s' % suite)
rootdir = join(mergedir, mergesubdir, suite)
for cat in categories:
for arch in arches:
t@@ -62,8 +63,9 @@ def gen_release(s):
oldrfl = newrfl.replace(join(mergedir, mergesubdir),
join(spooldir, repos['devuan']['dists']))
+ print('Writing Release')
write_release(oldrfl, newrfl, filelist, rootdir)
- break
+ # break
do_merge()