tgpg signing of Release files (using python-gnupg) - amprolla - devuan's apt repo merger (HTM) git clone git://parazyd.org/amprolla.git (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 0454dba27c9b281b9eaca4b75184a8bc1f54cf15 (DIR) parent 94adcf6b6e35c9bbe6dbae6f3db6c15472ba3d65 (HTM) Author: parazyd <parazyd@dyne.org> Date: Mon, 5 Jun 2017 21:10:06 +0200 gpg signing of Release files (using python-gnupg) Diffstat: M lib/config.py | 10 +++++----- M lib/package.py | 16 ++++++++-------- M lib/release.py | 22 +++++++++++++++++++++- M orchestrate.py | 4 +++- 4 files changed, 37 insertions(+), 15 deletions(-) --- (DIR) diff --git a/lib/config.py b/lib/config.py t@@ -7,7 +7,7 @@ amprolla configuration file from hashlib import md5, sha1, sha256 spooldir = './spool' -sign_key = 'fa1b0274' +signingkey = 'B876CB44FA1B0274' mergedir = './merged' mergesubdir = 'dists' banpkgs = {'systemd', 'systemd-sysv'} t@@ -111,16 +111,16 @@ mainrepofiles = [ ] pkgfiles = [ - # 'Packages', + 'Packages', 'Packages.gz', - # 'Packages.xz', + 'Packages.xz', 'Release' ] srcfiles = [ - # 'Sources', + 'Sources', 'Sources.gz', - # 'Sources.xz, + 'Sources.xz', 'Release' ] (DIR) diff --git a/lib/package.py b/lib/package.py t@@ -30,8 +30,8 @@ def write_packages(packages, filename, sort=True, sources=False): copyfile(rl.replace(mergedir, join(spooldir, 'devuan')), rl) gzf = gzip_open(filename, 'w') - #xzf = lzma_open(filename.replace('.gz', '.xz'), 'w') - #f = open(filename.replace('.gz', ''), 'w') + xzf = lzma_open(filename.replace('.gz', '.xz'), 'w') + f = open(filename.replace('.gz', ''), 'w') pkg_items = packages.items() if sort: t@@ -47,15 +47,15 @@ def write_packages(packages, filename, sort=True, sources=False): if key in pkg_contents: s = '%s: %s\n' % (key, pkg_contents[key]) gzf.write(s.encode('utf-8')) - #xzf.write(s.encode('utf-8')) - #f.write(s) + xzf.write(s.encode('utf-8')) + f.write(s) gzf.write(b'\n') - #xzf.write(b'\n') - #f.write('\n') + xzf.write(b'\n') + f.write('\n') gzf.close() - #xzf.close() - #f.close() + xzf.close() + f.close() def load_packages_file(filename): (DIR) diff --git a/lib/release.py b/lib/release.py t@@ -6,8 +6,9 @@ Release file functions and helpers from datetime import datetime, timedelta from os.path import getsize +import gnupg -from lib.config import release_keys, checksums +from lib.config import release_keys, checksums, signingkey from lib.parse import parse_release_head t@@ -47,3 +48,22 @@ def write_release(oldrel, newrel, filelist, r): getsize(f), f.replace(r+'/', ''))) new.close() + + sign_release(newrel) + +def sign_release(infile): + """ + Signs both the clearsign and the detached signature of a Release file + """ + gpg = gnupg.GPG() + + stream = open(infile, 'rb') + + # Clearsign + signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=True, + detach=False, + output=infile.replace('Release', 'InRelease')) + + # Detached signature (somewhat broken?) + # signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=False, + # detach=True, output=infile + '.gpg') (DIR) diff --git a/orchestrate.py b/orchestrate.py t@@ -44,6 +44,7 @@ def gen_release(s): for suite in suites[s]: filelist = [] + print('Crawling %s' % suite) rootdir = join(mergedir, mergesubdir, suite) for cat in categories: for arch in arches: t@@ -62,8 +63,9 @@ def gen_release(s): oldrfl = newrfl.replace(join(mergedir, mergesubdir), join(spooldir, repos['devuan']['dists'])) + print('Writing Release') write_release(oldrfl, newrfl, filelist, rootdir) - break + # break do_merge()