def sign(self):
logger.info('Starting path collection, looking for files to sign')
repos = RepoCollector(self.path)
paths = repos.debian_release_files
if paths:
logger.info('%s matching paths found' % len(paths))
# FIXME: this should spit the actual verified command
logger.info('will sign with the following commands:')
logger.info('gpg --batch --yes --armor --detach-sig --output Release.gpg Release')
logger.info('gpg --batch --yes --clearsign --output InRelease Release')
else:
logger.warning('No paths found that matched')
for path in paths:
if merfi.config.get('check'):
new_gpg_path = path.split('Release')[0]+'Release.gpg'
new_in_path = path.split('Release')[0]+'InRelease'
logger.info('[CHECKMODE] signing: %s' % path)
logger.info('[CHECKMODE] signed: %s' % new_gpg_path)
logger.info('[CHECKMODE] signed: %s' % new_in_path)
else:
os.chdir(os.path.dirname(path))
detached = ['gpg', '--batch', '--yes', '--armor', '--detach-sig', '--output', 'Release.gpg', 'Release']
clearsign = ['gpg', '--batch', '--yes', '--clearsign', '--output', 'InRelease', 'Release']
logger.info('signing: %s' % path)
util.run(detached)
util.run(clearsign)
def _run_output(cmd, verbose=False, **kw):
process = subprocess.Popen(
cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, **kw
)
stdout = [line.strip('\n') for line in process.stdout.readlines()]
stderr = [line.strip('\n') for line in process.stderr.readlines()]
if verbose:
for line in stdout:
logger.debug(line)
for line in stderr:
logger.warning(stderr)
return '\n'.join(stdout), '\n'.join(stderr), process.wait()
def _run(cmd, **kw):
stop_on_nonzero = kw.pop('stop_on_nonzero', True)
process = subprocess.Popen(
cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True,
**kw
)
while True:
reads, _, _ = select(
[process.stdout.fileno(), process.stderr.fileno()],
[], []
)
for descriptor in reads:
if descriptor == process.stdout.fileno():
read = process.stdout.readline()
if read:
logger.info(read)
sys.stdout.flush()
if descriptor == process.stderr.fileno():
read = process.stderr.readline()
if read:
logger.warning(read)
sys.stderr.flush()
if process.poll() is not None:
while True:
for descriptor in reads:
if descriptor == process.stdout.fileno():
read = process.stdout.readline()
if read:
logger.info(read)
sys.stdout.flush()
if descriptor == process.stderr.fileno():
read = process.stderr.readline()
if read:
logger.warning(read)
sys.stderr.flush()
# At this point we have gone through all the possible
# descriptors and `read` was empty, so we now can break out of
# this since all stdout/stderr has been properly flushed to
# logging
if not read:
break
break
returncode = process.wait()
if returncode != 0:
if stop_on_nonzero:
raise RuntimeError(
"command returned non-zero exit status: %s" % returncode
)
else:
logger.warning("command returned non-zero exit status: %s" % returncode)
