def _run(cmd, **kw):
stop_on_nonzero = kw.pop('stop_on_nonzero', True)
process = subprocess.Popen(
cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True,
**kw
)
while True:
reads, _, _ = select(
[process.stdout.fileno(), process.stderr.fileno()],
[], []
)
for descriptor in reads:
if descriptor == process.stdout.fileno():
read = process.stdout.readline()
if read:
logger.info(read)
sys.stdout.flush()
if descriptor == process.stderr.fileno():
read = process.stderr.readline()
if read:
logger.warning(read)
sys.stderr.flush()
if process.poll() is not None:
while True:
for descriptor in reads:
if descriptor == process.stdout.fileno():
read = process.stdout.readline()
if read:
logger.info(read)
sys.stdout.flush()
if descriptor == process.stderr.fileno():
read = process.stderr.readline()
if read:
logger.warning(read)
sys.stderr.flush()
# At this point we have gone through all the possible
# descriptors and `read` was empty, so we now can break out of
# this since all stdout/stderr has been properly flushed to
# logging
if not read:
break
break
returncode = process.wait()
if returncode != 0:
if stop_on_nonzero:
raise RuntimeError(
"command returned non-zero exit status: %s" % returncode
)
else:
logger.warning("command returned non-zero exit status: %s" % returncode)
def run_output(command, **kw):
logger.info('Running command: %s' % ' '.join(command))
return _run_output(command, **kw)
def run(command, **kw):
logger.info('Running command: %s' % ' '.join(command))
_run(command, stop_on_nonzero=True, **kw)
def sign(self):
logger.info('Starting path collection, looking for files to sign')
repos = RepoCollector(self.path)
paths = repos.debian_release_files
if paths:
logger.info('%s matching paths found' % len(paths))
# FIXME: this should spit the actual verified command
logger.info('will sign with the following commands:')
logger.info('gpg --batch --yes --armor --detach-sig --output Release.gpg Release')
logger.info('gpg --batch --yes --clearsign --output InRelease Release')
else:
logger.warning('No paths found that matched')
for path in paths:
if merfi.config.get('check'):
new_gpg_path = path.split('Release')[0]+'Release.gpg'
new_in_path = path.split('Release')[0]+'InRelease'
logger.info('[CHECKMODE] signing: %s' % path)
logger.info('[CHECKMODE] signed: %s' % new_gpg_path)
logger.info('[CHECKMODE] signed: %s' % new_in_path)
else:
os.chdir(os.path.dirname(path))
detached = ['gpg', '--batch', '--yes', '--armor', '--detach-sig', '--output', 'Release.gpg', 'Release']
clearsign = ['gpg', '--batch', '--yes', '--clearsign', '--output', 'InRelease', 'Release']
logger.info('signing: %s' % path)
util.run(detached)
util.run(clearsign)