def export_key(dir, signing_key):
assert signing_key is not None
paths.ensure_dir(dir)
# Convert signing_key to key ID
keyID = None
keys_output = subprocess.check_output(['gpg', '--with-colons', '--list-keys', signing_key])
for line in keys_output.split('\n'):
parts = line.split(':')
if parts[0] == 'pub':
if keyID:
raise Exception('Two key IDs returned from GPG!')
keyID = parts[4]
assert keyID, "Can't find GPG key '%s'" % signing_key
key_file = os.path.join(dir, keyID + '.gpg')
if not os.path.isfile(key_file):
with open(key_file, 'w') as key_stream:
subprocess.check_call(["gpg", "-a", "--export", signing_key], stdout = key_stream)
print("Exported public key as '%s'" % key_file)
return key_file
def export_key(dir, signing_key):
assert signing_key is not None
paths.ensure_dir(dir)
# Convert signing_key to key ID
keyID = None
keys_output = subprocess.check_output(['gpg', '--with-colons', '--list-keys', signing_key])
for line in keys_output.split('\n'):
parts = line.split(':')
if parts[0] == 'pub':
if keyID:
raise Exception('Two key IDs returned from GPG!')
keyID = parts[4]
assert keyID, "Can't find GPG key '%s'" % signing_key
key_file = os.path.join(dir, keyID + '.gpg')
if not os.path.isfile(key_file):
with open(key_file, 'w') as key_stream:
subprocess.check_call(["gpg", "-a", "--export", signing_key], stdout = key_stream)
print("Exported public key as '%s'" % key_file)
return key_file
def process_method(config, incoming_dir, impl, method, required_digest):
archives = []
if not isinstance(method, model.Recipe):
# turn an individual method into a single-step Recipe
step = method
method = model.Recipe()
method.steps.append(step)
has_external_archives = False
for step in method.steps:
if not hasattr(step, 'url'): continue
archive = step.url
if '/' in archive:
has_external_archives = True
url = archive
actual_size = urltest.get_size(url)
if actual_size != step.size:
raise SafeException("External archive {url} has size {actual}, but expected {expected} bytes".format(
url = url, actual = actual_size, expected = step.size))
continue # Hosted externally
if not valid_simple_name.match(archive):
raise SafeException("Illegal archive name '{name}'".format(name = archive))
archive_path = join(incoming_dir, archive)
if not os.path.isfile(archive_path):
raise SafeException("Referenced upload '{path}' not found".format(path = archive_path))
existing = config.archive_db.entries.get(archive, None)
if existing is not None:
new_sha1 = get_sha1(archive_path)
if new_sha1 != existing.sha1:
raise SafeException("A different archive with basename '{name}' is "
"already in the repository: {archive}".format(name = archive, archive = existing))
else:
archive_rel_url = paths.get_archive_rel_url(config, archive, impl)
# Copy to archives directory
backup_dir = config.LOCAL_ARCHIVES_BACKUP_DIR # note: may be relative; that's OK
backup_target_dir = join(backup_dir, dirname(archive_rel_url))
paths.ensure_dir(backup_target_dir)
copy_path = join(backup_dir, archive_rel_url)
shutil.copyfile(archive_path, copy_path)
stored_archive = Archive(abspath(copy_path), archive_rel_url, step.size, archive_path)
actual_size = os.path.getsize(stored_archive.source_path)
if step.size != actual_size:
raise SafeException("Archive '{archive}' has size '{actual}', but XML says size should be {expected}".format(
archive = archive,
actual = actual_size,
expected = step.size))
archives.append(stored_archive)
step.url = os.path.abspath(archive_path) # (just used below to test it)
if not has_external_archives:
# Check archives unpack to give the correct digests
impl.feed.local_path = "/is-local-hack.xml"
try:
blocker = config.zconfig.fetcher.cook(required_digest, method,
config.zconfig.stores, impl_hint = impl, dry_run = True, may_use_mirror = False)
tasks.wait_for_blocker(blocker)
finally:
impl.feed.local_path = None
return archives
def process_method(config, incoming_dir, impl, method, required_digest):
archives = []
if not isinstance(method, model.Recipe):
# turn an individual method into a single-step Recipe
step = method
method = model.Recipe()
method.steps.append(step)
has_external_archives = False
for step in method.steps:
if not hasattr(step, 'url'): continue
archive = step.url
if '/' in archive:
has_external_archives = True
test_archive = getattr(config, 'check_external_archive', _default_archive_test)
test_archive(step, archive)
continue # Hosted externally
if not valid_simple_name.match(archive):
raise SafeException("Illegal archive name '{name}'".format(name = archive))
archive_path = join(incoming_dir, archive)
if not os.path.isfile(archive_path):
raise SafeException("Referenced upload '{path}' not found".format(path = archive_path))
existing = config.archive_db.entries.get(archive, None)
if existing is not None:
new_sha1 = get_sha1(archive_path)
_assert_identical_archives(archive, sha1=new_sha1, existing=existing)
else:
archive_rel_url = paths.get_archive_rel_url(config, archive, impl)
# Copy to archives directory
backup_dir = config.LOCAL_ARCHIVES_BACKUP_DIR # note: may be relative; that's OK
backup_target_dir = join(backup_dir, dirname(archive_rel_url))
paths.ensure_dir(backup_target_dir)
copy_path = join(backup_dir, archive_rel_url)
shutil.copyfile(archive_path, copy_path)
stored_archive = Archive(abspath(copy_path), archive_rel_url, step.size, archive_path)
actual_size = os.path.getsize(stored_archive.source_path)
if step.size != actual_size:
raise SafeException("Archive '{archive}' has size '{actual}', but XML says size should be {expected}".format(
archive = archive,
actual = actual_size,
expected = step.size))
archives.append(stored_archive)
step.url = os.path.abspath(archive_path) # (just used below to test it)
if not has_external_archives and getattr(config, 'CHECK_DIGESTS', True) and os.name != 'nt':
# Check archives unpack to give the correct digests
impl.feed.local_path = "/is-local-hack.xml"
try:
blocker = config.zconfig.fetcher.cook(required_digest, method,
config.zconfig.stores, impl_hint = impl, dry_run = True, may_use_mirror = False)
tasks.wait_for_blocker(blocker)
finally:
impl.feed.local_path = None
return archives
