From 0531df3688e30949108eeb727a8f6606c8c934e1 Mon Sep 17 00:00:00 2001 From: Evgeniy Alekseev Date: Sun, 7 Mar 2021 16:12:39 +0300 Subject: [PATCH] sign by repo* commands --- package/archlinux/PKGBUILD | 2 +- src/ahriman/application/application.py | 2 +- src/ahriman/core/repo/repo_wrapper.py | 14 +++++++++++--- src/ahriman/core/repository.py | 4 +--- src/ahriman/core/sign/gpg_wrapper.py | 6 +++++- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/package/archlinux/PKGBUILD b/package/archlinux/PKGBUILD index 075c8e63..dae345d0 100644 --- a/package/archlinux/PKGBUILD +++ b/package/archlinux/PKGBUILD @@ -16,7 +16,7 @@ source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$ 'ahriman.sudoers' 'ahriman.sysusers' 'ahriman.tmpfiles') -sha512sums=('b2ed7733fc73156edc0ff81db7626a3790a1c63ba89621890526f424c2bea8c4d52a4840702a679bfba80fe28244da86ae676f22b357dfa52ef9f543d2cfbb41' +sha512sums=('67a6b6432ca8985491e398b8f2b374cf7cfd40bb69ad844913d9d45d3b510fba2910dfc21fd33a4faf4f2035bb005909cf815523180436c3a30e512757c268e7' '8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167' '13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075' '55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4') diff --git a/src/ahriman/application/application.py b/src/ahriman/application/application.py index ea912601..668ecbf0 100644 --- a/src/ahriman/application/application.py +++ b/src/ahriman/application/application.py @@ -48,7 +48,7 @@ class Application: if not no_aur: updates.extend(self.repository.updates_aur(checked)) if not no_manual: - updates.extend(self.repository.updates_aur(checked)) + updates.extend(self.repository.updates_manual(checked)) for package in updates: log_fn(f'{package.name} = {package.version}') diff --git a/src/ahriman/core/repo/repo_wrapper.py b/src/ahriman/core/repo/repo_wrapper.py index fda11dd1..1127583a 100644 --- a/src/ahriman/core/repo/repo_wrapper.py +++ b/src/ahriman/core/repo/repo_wrapper.py @@ -20,6 +20,8 @@ import logging import os +from typing import List, Optional + from ahriman.core.exceptions import BuildFailed from ahriman.core.util import check_output from ahriman.models.repository_paths import RepositoryPaths @@ -27,18 +29,23 @@ from ahriman.models.repository_paths import RepositoryPaths class RepoWrapper: - def __init__(self, name: str, paths: RepositoryPaths) -> None: + def __init__(self, name: str, paths: RepositoryPaths, pgp_key: Optional[str]) -> None: self.logger = logging.getLogger('build_details') self.name = name self.paths = paths + self.pgp_key = pgp_key @property def repo_path(self) -> str: return os.path.join(self.paths.repository, f'{self.name}.db.tar.gz') + def _with_sign(self, cmd: List[str]) -> List[str]: + return (cmd + ['-s', '-k', self.pgp_key]) if self.pgp_key else cmd + def add(self, path: str) -> None: + cmd = self._with_sign(['repo-add']) check_output( - 'repo-add', '-R', self.repo_path, path, + *cmd, '-R', self.repo_path, path, exception=BuildFailed(path), cwd=self.paths.repository, logger=self.logger) @@ -48,8 +55,9 @@ class RepoWrapper: sign_path = f'{path}.sig' if os.path.exists(sign_path): os.remove(sign_path) + cmd = self._with_sign(['repo-remove']) check_output( - 'repo-remove', self.repo_path, package, + *cmd, self.repo_path, package, exception=BuildFailed(path), cwd=self.paths.repository, logger=self.logger) diff --git a/src/ahriman/core/repository.py b/src/ahriman/core/repository.py index 737ab453..740c2567 100644 --- a/src/ahriman/core/repository.py +++ b/src/ahriman/core/repository.py @@ -47,7 +47,7 @@ class Repository: self.paths.create_tree() self.sign = GPGWrapper(config) - self.wrapper = RepoWrapper(self.name, self.paths) + self.wrapper = RepoWrapper(self.name, self.paths, self.sign.repository_sign_key) def _clear_build(self) -> None: for package in os.listdir(self.paths.sources): @@ -114,7 +114,6 @@ class Repository: self.logger.exception(f'could not load package from {fn}', exc_info=True) continue - self.sign.sign_repository(self.wrapper.repo_path) return self.wrapper.repo_path def process_report(self, targets: Optional[List[str]]) -> None: @@ -139,7 +138,6 @@ class Repository: self.wrapper.add(package_fn) self._clear_packages() - self.sign.sign_repository(self.wrapper.repo_path) return self.wrapper.repo_path def updates_aur(self, checked: List[str]) -> List[Package]: diff --git a/src/ahriman/core/sign/gpg_wrapper.py b/src/ahriman/core/sign/gpg_wrapper.py index 552c4e3a..34e369b9 100644 --- a/src/ahriman/core/sign/gpg_wrapper.py +++ b/src/ahriman/core/sign/gpg_wrapper.py @@ -20,7 +20,7 @@ import logging import os -from typing import List +from typing import List, Optional from ahriman.core.configuration import Configuration from ahriman.core.exceptions import BuildFailed @@ -36,6 +36,10 @@ class GPGWrapper: self.key = config.get('sign', 'key', fallback=None) self.sign = SignSettings.from_option(config.get('sign', 'enabled')) + @property + def repository_sign_key(self) -> Optional[str]: + return self.key if self.sign == SignSettings.SignRepository else None + def process(self, path: str) -> List[str]: check_output( *self.sign_cmd(path),