def batch_sign(paths, uid=gpg_key, passphrase=password, is_iso=False): """ Batch sign several files with the key matching the given UID. If no passphrase is given then the user is prompted for one. The passphrase is returned to avoid further prompts. :param paths: :param uid: :param passphrase: """ if not isinstance(paths, list): logger.error('paths must be a list') return False for path in paths: db.publish('build-output', 'Creating detached signature for %s' % path) logger.info('[SIGN PKG] Creating detached signature for %s' % path) # Verify existing signatures. This fails if the sig is invalid or # non-existent. Either way a new one will be needed. cmd = [GPG_BIN, '--verify', path + SIG_EXT] with open(os.devnull, 'w') as f: p = subprocess.Popen(cmd, stdout=f, stderr=f) e = p.wait() if e == 0: continue sigpath = path + '.sig' try: os.remove(sigpath) except OSError: pass db.publish('build-output', 'Signing %s' % path) logger.info('[SIGN PKG] Signing %s' % path) if not passphrase: return False # passphrase = getpass.getpass("Enter passphrase for %s: " % uid).encode('utf-8') cmd = [GPG_BIN, '-sbu', 'Antergos', '--batch', '--passphrase-fd', '0', path] p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = p.communicate(passphrase) if len(out) > 0: db.publish('build-output', 'GPG OUTPUT is: %s' % out) logger.info('GPG OUTPUT is: %s' % out) if len(err) > 0: db.publish('build-output', 'Signing FAILED for %s. Error output: %s' % (path, err)) logger.error('[SIGN PKG] Signing FAILED for %s. Error output: %s' % (path, err)) paths = [p for p in paths if not os.path.isdir(p) and not is_iso] for p in paths: remove(p) remove(p + '.sig') return False return True
def sign_packages(pkgname=None): """ :param pkgname: :return: """ if pkgname: db.publish('build-output', 'Signing package..') pkgs2sign = glob.glob( '/srv/antergos.info/repo/iso/testing/uefi/antergos-staging/x86_64/%s-***.xz' % pkgname) pkgs2sign32 = glob.glob( '/srv/antergos.info/repo/iso/testing/uefi/antergos-staging/i686/%s-***.xz' % pkgname) pkgs2sign = pkgs2sign + pkgs2sign32 logger.info('[PKGS TO SIGN] %s' % pkgs2sign) if pkgs2sign is not None and pkgs2sign != []: return batch_sign(pkgs2sign) return False