def sign_tarball(tarball_path):
""" Prompt the user to GPG-sign the tarball using their Apache GPG key. """
if not confirm_prompt("Would you like to GPG-sign the tarball now?"):
return
email = get_my_email()
if not email.endswith("@apache.org"):
print(
Colors.YELLOW,
"Your email address for the repository is not an @apache.org address."
)
print(
"Release signatures should typically be signed by committers with @apache.org GPG keys."
)
print(end=Colors.RESET)
if not confirm_prompt("Continue?"):
return
try:
subprocess.check_call(
["gpg", "--detach-sign", "--armor", "-u", email, tarball_path])
except subprocess.CalledProcessError:
print(Colors.RED + "GPG signing failed. Artifact will not be signed." +
Colors.RESET)
return
print(Colors.GREEN + "Generated signature:\t" + Colors.RESET,
tarball_path + ".asc")
def do_update(branch, gerrit_sha, apache_sha):
"""
Displays and performs a proposed update of the Apache repository
for branch 'branch' from 'apache_sha' to 'gerrit_sha'.
"""
# First, verify that the update is fast-forward. If it's not, then something
# must have gotten committed to Apache outside of gerrit, and we'd need some
# manual intervention.
if not is_fast_forward(apache_sha, gerrit_sha):
print >> sys.stderr, "Cannot update branch '%s' from gerrit:" % branch
print >> sys.stderr, "Apache revision %s is not an ancestor of gerrit revision %s" % (
apache_sha[:8], gerrit_sha[:8])
print >> sys.stderr, "Something must have been committed to Apache and bypassed gerrit."
print >> sys.stderr, "Manual intervention is required."
sys.exit(1)
# List the commits that are going to be pushed to the ASF, so that the committer
# can verify and "sign off".
commits = rev_list("%s..%s" % (apache_sha, gerrit_sha))
commits.reverse() # Display from oldest to newest.
print "-" * 60
print Colors.GREEN + ("%d commit(s) need to be pushed from Gerrit to ASF:"
% len(commits)) + Colors.RESET
push_sha = None
for sha in commits:
oneline = describe_commit(sha)
print " ", oneline
committer = get_committer_email(sha)
if committer != get_my_email():
print Colors.RED + " !!! Committed by someone else (%s) !!!" % committer, Colors.RESET
if not confirm_prompt(
Colors.RED +
" !!! Are you sure you want to push on behalf of another committer?"
+ Colors.RESET):
# Even if they don't want to push this commit, we could still push any
# earlier commits that the user _did_ author.
if push_sha is not None:
print "... will still update to prior commit %s..." % push_sha
break
push_sha = sha
if push_sha is None:
print "Nothing to push"
return
# Everything has been confirmed. Do the actual push
cmd = ['git', 'push', 'apache']
if OPTIONS.dry_run:
cmd.append('--dry-run')
cmd.append('%s:refs/heads/%s' % (push_sha, branch))
print Colors.GREEN + "Running: " + Colors.RESET + " ".join(cmd)
subprocess.check_call(cmd)
print Colors.GREEN + "Successfully updated %s to %s" % (
branch, gerrit_sha) + Colors.RESET
print
def do_update(branch, gerrit_sha, apache_sha):
"""
Displays and performs a proposed update of the Apache repository
for branch 'branch' from 'apache_sha' to 'gerrit_sha'.
"""
# First, verify that the update is fast-forward. If it's not, then something
# must have gotten committed to Apache outside of gerrit, and we'd need some
# manual intervention.
if not is_fast_forward(apache_sha, gerrit_sha):
print >>sys.stderr, "Cannot update branch '%s' from gerrit:" % branch
print >>sys.stderr, "Apache revision %s is not an ancestor of gerrit revision %s" % (
apache_sha[:8], gerrit_sha[:8])
print >>sys.stderr, "Something must have been committed to Apache and bypassed gerrit."
print >>sys.stderr, "Manual intervention is required."
sys.exit(1)
# List the commits that are going to be pushed to the ASF, so that the committer
# can verify and "sign off".
commits = rev_list("%s..%s" % (apache_sha, gerrit_sha))
commits.reverse() # Display from oldest to newest.
print "-" * 60
print Colors.GREEN + ("%d commit(s) need to be pushed from Gerrit to ASF:" % len(commits)) + Colors.RESET
push_sha = None
for sha in commits:
oneline = describe_commit(sha)
print " ", oneline
committer = get_committer_email(sha)
if committer != get_my_email():
print Colors.RED + " !!! Committed by someone else (%s) !!!" % committer, Colors.RESET
if not confirm_prompt(
Colors.RED + " !!! Are you sure you want to push on behalf of another committer?" + Colors.RESET):
# Even if they don't want to push this commit, we could still push any
# earlier commits that the user _did_ author.
if push_sha is not None:
print "... will still update to prior commit %s..." % push_sha
break
push_sha = sha
if push_sha is None:
print "Nothing to push"
return
# Everything has been confirmed. Do the actual push
cmd = ['git', 'push', 'apache']
if OPTIONS.dry_run:
cmd.append('--dry-run')
cmd.append('%s:refs/heads/%s' % (push_sha, branch))
print Colors.GREEN + "Running: " + Colors.RESET + " ".join(cmd)
subprocess.check_call(cmd)
print Colors.GREEN + "Successfully updated %s to %s" % (branch, gerrit_sha) + Colors.RESET
print
def sign_tarball(tarball_path):
""" Prompt the user to GPG-sign the tarball using their Apache GPG key. """
if not confirm_prompt("Would you like to GPG-sign the tarball now?"):
return
email = get_my_email()
if not email.endswith("@apache.org"):
print(Colors.YELLOW, "Your email address for the repository is not an @apache.org address.")
print("Release signatures should typically be signed by committers with @apache.org GPG keys.")
print(end=Colors.RESET)
if not confirm_prompt("Continue?"):
return
try:
subprocess.check_call(["gpg", "--detach-sign", "--armor", "-u", email, tarball_path])
except subprocess.CalledProcessError:
print(Colors.RED + "GPG signing failed. Artifact will not be signed." + Colors.RESET)
return
print(Colors.GREEN + "Generated signature:\t" + Colors.RESET, tarball_path + ".asc")
