def _makeSignatures(self, signatures, log=None): """Make a sequence of signatures. This abstraction is useful in the case where we're using an in-process `GPGHandler`, since it avoids having to import the secret key more than once. :param signatures: A sequence of (input path, output path, `SigningMode`, suite) tuples. Note that some backends may make a policy decision not to produce all the requested output paths. :param log: An optional logger. :return: A list of output paths that were produced. """ if not self.can_sign: raise CannotSignArchive("No signing key available for %s" % self.archive.displayname) if self.archive.signing_key is not None: secret_key_path = self.getPathForSecretKey( self.archive.signing_key) with open(secret_key_path) as secret_key_file: secret_key_export = secret_key_file.read() gpghandler = getUtility(IGPGHandler) secret_key = gpghandler.importSecretKey(secret_key_export) output_paths = [] for input_path, output_path, mode, suite in signatures: if self.archive.signing_key is not None: with open(input_path) as input_file: input_content = input_file.read() signature = gpghandler.signContent(input_content, secret_key, mode=self.gpgme_modes[mode]) with open(output_path, "w") as output_file: output_file.write(signature) output_paths.append(output_path) elif find_run_parts_dir(self.archive.distribution.name, "sign.d") is not None: remove_if_exists(output_path) env = { "ARCHIVEROOT": self.pubconf.archiveroot, "INPUT_PATH": input_path, "OUTPUT_PATH": output_path, "MODE": mode.name.lower(), "DISTRIBUTION": self.archive.distribution.name, "SUITE": suite, } run_parts(self.archive.distribution.name, "sign.d", log=log, env=env) if os.path.exists(output_path): output_paths.append(output_path) else: raise AssertionError("No signing key available for %s" % self.archive.displayname) return output_paths
def can_sign(self): """See `ISignableArchive`.""" return (self.archive.signing_key is not None or find_run_parts_dir( self.archive.distribution.name, "sign.d") is not None)
def test_ignores_none_config(self): self.enableRunParts("none") self.assertIs(None, find_run_parts_dir("ubuntu", "finalize.d"))
def test_ignores_nonexistent_directory(self): self.enableRunParts() self.assertIs(None, find_run_parts_dir("nonexistent", "finalize.d"))
def test_finds_runparts_directory(self): self.enableRunParts() self.assertEqual( os.path.join(config.root, self.parts_directory, "ubuntu", "finalize.d"), find_run_parts_dir("ubuntu", "finalize.d"))