def sign(self): logger.info('Starting path collection, looking for files to sign') repos = RepoCollector(self.path) paths = repos.debian_release_files if paths: logger.info('%s matching paths found' % len(paths)) # FIXME: this should spit the actual verified command logger.info('will sign with the following commands:') logger.info('gpg --batch --yes --armor --detach-sig --output Release.gpg Release') logger.info('gpg --batch --yes --clearsign --output InRelease Release') else: logger.warning('No paths found that matched') for path in paths: if merfi.config.get('check'): new_gpg_path = path.split('Release')[0]+'Release.gpg' new_in_path = path.split('Release')[0]+'InRelease' logger.info('[CHECKMODE] signing: %s' % path) logger.info('[CHECKMODE] signed: %s' % new_gpg_path) logger.info('[CHECKMODE] signed: %s' % new_in_path) else: os.chdir(os.path.dirname(path)) detached = ['gpg', '--batch', '--yes', '--armor', '--detach-sig', '--output', 'Release.gpg', 'Release'] clearsign = ['gpg', '--batch', '--yes', '--clearsign', '--output', 'InRelease', 'Release'] logger.info('signing: %s' % path) util.run(detached) util.run(clearsign)
def _run_output(cmd, verbose=False, **kw): process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, **kw ) stdout = [line.strip('\n') for line in process.stdout.readlines()] stderr = [line.strip('\n') for line in process.stderr.readlines()] if verbose: for line in stdout: logger.debug(line) for line in stderr: logger.warning(stderr) return '\n'.join(stdout), '\n'.join(stderr), process.wait()
def _run(cmd, **kw): stop_on_nonzero = kw.pop('stop_on_nonzero', True) process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, **kw ) while True: reads, _, _ = select( [process.stdout.fileno(), process.stderr.fileno()], [], [] ) for descriptor in reads: if descriptor == process.stdout.fileno(): read = process.stdout.readline() if read: logger.info(read) sys.stdout.flush() if descriptor == process.stderr.fileno(): read = process.stderr.readline() if read: logger.warning(read) sys.stderr.flush() if process.poll() is not None: while True: for descriptor in reads: if descriptor == process.stdout.fileno(): read = process.stdout.readline() if read: logger.info(read) sys.stdout.flush() if descriptor == process.stderr.fileno(): read = process.stderr.readline() if read: logger.warning(read) sys.stderr.flush() # At this point we have gone through all the possible # descriptors and `read` was empty, so we now can break out of # this since all stdout/stderr has been properly flushed to # logging if not read: break break returncode = process.wait() if returncode != 0: if stop_on_nonzero: raise RuntimeError( "command returned non-zero exit status: %s" % returncode ) else: logger.warning("command returned non-zero exit status: %s" % returncode)