def export_key(dir, signing_key): assert signing_key is not None paths.ensure_dir(dir) # Convert signing_key to key ID keyID = None keys_output = subprocess.check_output(['gpg', '--with-colons', '--list-keys', signing_key]) for line in keys_output.split('\n'): parts = line.split(':') if parts[0] == 'pub': if keyID: raise Exception('Two key IDs returned from GPG!') keyID = parts[4] assert keyID, "Can't find GPG key '%s'" % signing_key key_file = os.path.join(dir, keyID + '.gpg') if not os.path.isfile(key_file): with open(key_file, 'w') as key_stream: subprocess.check_call(["gpg", "-a", "--export", signing_key], stdout = key_stream) print("Exported public key as '%s'" % key_file) return key_file
def process_method(config, incoming_dir, impl, method, required_digest): archives = [] if not isinstance(method, model.Recipe): # turn an individual method into a single-step Recipe step = method method = model.Recipe() method.steps.append(step) has_external_archives = False for step in method.steps: if not hasattr(step, 'url'): continue archive = step.url if '/' in archive: has_external_archives = True url = archive actual_size = urltest.get_size(url) if actual_size != step.size: raise SafeException("External archive {url} has size {actual}, but expected {expected} bytes".format( url = url, actual = actual_size, expected = step.size)) continue # Hosted externally if not valid_simple_name.match(archive): raise SafeException("Illegal archive name '{name}'".format(name = archive)) archive_path = join(incoming_dir, archive) if not os.path.isfile(archive_path): raise SafeException("Referenced upload '{path}' not found".format(path = archive_path)) existing = config.archive_db.entries.get(archive, None) if existing is not None: new_sha1 = get_sha1(archive_path) if new_sha1 != existing.sha1: raise SafeException("A different archive with basename '{name}' is " "already in the repository: {archive}".format(name = archive, archive = existing)) else: archive_rel_url = paths.get_archive_rel_url(config, archive, impl) # Copy to archives directory backup_dir = config.LOCAL_ARCHIVES_BACKUP_DIR # note: may be relative; that's OK backup_target_dir = join(backup_dir, dirname(archive_rel_url)) paths.ensure_dir(backup_target_dir) copy_path = join(backup_dir, archive_rel_url) shutil.copyfile(archive_path, copy_path) stored_archive = Archive(abspath(copy_path), archive_rel_url, step.size, archive_path) actual_size = os.path.getsize(stored_archive.source_path) if step.size != actual_size: raise SafeException("Archive '{archive}' has size '{actual}', but XML says size should be {expected}".format( archive = archive, actual = actual_size, expected = step.size)) archives.append(stored_archive) step.url = os.path.abspath(archive_path) # (just used below to test it) if not has_external_archives: # Check archives unpack to give the correct digests impl.feed.local_path = "/is-local-hack.xml" try: blocker = config.zconfig.fetcher.cook(required_digest, method, config.zconfig.stores, impl_hint = impl, dry_run = True, may_use_mirror = False) tasks.wait_for_blocker(blocker) finally: impl.feed.local_path = None return archives
def process_method(config, incoming_dir, impl, method, required_digest): archives = [] if not isinstance(method, model.Recipe): # turn an individual method into a single-step Recipe step = method method = model.Recipe() method.steps.append(step) has_external_archives = False for step in method.steps: if not hasattr(step, 'url'): continue archive = step.url if '/' in archive: has_external_archives = True test_archive = getattr(config, 'check_external_archive', _default_archive_test) test_archive(step, archive) continue # Hosted externally if not valid_simple_name.match(archive): raise SafeException("Illegal archive name '{name}'".format(name = archive)) archive_path = join(incoming_dir, archive) if not os.path.isfile(archive_path): raise SafeException("Referenced upload '{path}' not found".format(path = archive_path)) existing = config.archive_db.entries.get(archive, None) if existing is not None: new_sha1 = get_sha1(archive_path) _assert_identical_archives(archive, sha1=new_sha1, existing=existing) else: archive_rel_url = paths.get_archive_rel_url(config, archive, impl) # Copy to archives directory backup_dir = config.LOCAL_ARCHIVES_BACKUP_DIR # note: may be relative; that's OK backup_target_dir = join(backup_dir, dirname(archive_rel_url)) paths.ensure_dir(backup_target_dir) copy_path = join(backup_dir, archive_rel_url) shutil.copyfile(archive_path, copy_path) stored_archive = Archive(abspath(copy_path), archive_rel_url, step.size, archive_path) actual_size = os.path.getsize(stored_archive.source_path) if step.size != actual_size: raise SafeException("Archive '{archive}' has size '{actual}', but XML says size should be {expected}".format( archive = archive, actual = actual_size, expected = step.size)) archives.append(stored_archive) step.url = os.path.abspath(archive_path) # (just used below to test it) if not has_external_archives and getattr(config, 'CHECK_DIGESTS', True) and os.name != 'nt': # Check archives unpack to give the correct digests impl.feed.local_path = "/is-local-hack.xml" try: blocker = config.zconfig.fetcher.cook(required_digest, method, config.zconfig.stores, impl_hint = impl, dry_run = True, may_use_mirror = False) tasks.wait_for_blocker(blocker) finally: impl.feed.local_path = None return archives