Пример #1
0
def batch_sign(paths, uid=gpg_key, passphrase=password, is_iso=False):
    """
    Batch sign several files with the key matching the given UID.

    If no passphrase is given then the user is prompted for one.

    The passphrase is returned to avoid further prompts.
    :param paths:
    :param uid:
    :param passphrase:
    """
    if not isinstance(paths, list):
        logger.error('paths must be a list')
        return False
    for path in paths:
        db.publish('build-output', 'Creating detached signature for %s' % path)
        logger.info('[SIGN PKG] Creating detached signature for %s' % path)
        # Verify existing signatures. This fails if the sig is invalid or
        # non-existent. Either way a new one will be needed.
        cmd = [GPG_BIN, '--verify', path + SIG_EXT]
        with open(os.devnull, 'w') as f:
            p = subprocess.Popen(cmd, stdout=f, stderr=f)
            e = p.wait()
            if e == 0:
                continue

        sigpath = path + '.sig'
        try:
            os.remove(sigpath)
        except OSError:
            pass

        db.publish('build-output', 'Signing %s' % path)
        logger.info('[SIGN PKG] Signing %s' % path)
        if not passphrase:
            return False
            # passphrase = getpass.getpass("Enter passphrase for %s: " % uid).encode('utf-8')
        cmd = [GPG_BIN, '-sbu', 'Antergos', '--batch', '--passphrase-fd', '0', path]
        p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        out, err = p.communicate(passphrase)
        if len(out) > 0:
            db.publish('build-output', 'GPG OUTPUT is: %s' % out)
            logger.info('GPG OUTPUT is: %s' % out)
        if len(err) > 0:
            db.publish('build-output', 'Signing FAILED for %s. Error output: %s' % (path, err))
            logger.error('[SIGN PKG] Signing FAILED for %s. Error output: %s' % (path, err))
            paths = [p for p in paths if not os.path.isdir(p) and not is_iso]
            for p in paths:
                remove(p)
                remove(p + '.sig')
            return False

    return True
Пример #2
0
def sign_packages(pkgname=None):
    """

    :param pkgname:
    :return:
    """
    if pkgname:
        db.publish('build-output', 'Signing package..')
        pkgs2sign = glob.glob(
            '/srv/antergos.info/repo/iso/testing/uefi/antergos-staging/x86_64/%s-***.xz' % pkgname)
        pkgs2sign32 = glob.glob(
            '/srv/antergos.info/repo/iso/testing/uefi/antergos-staging/i686/%s-***.xz' % pkgname)
        pkgs2sign = pkgs2sign + pkgs2sign32
        logger.info('[PKGS TO SIGN] %s' % pkgs2sign)

        if pkgs2sign is not None and pkgs2sign != []:
            return batch_sign(pkgs2sign)

    return False