sign by repo* commands

2025-04-24 07:17:17 +00:00 · 2021-03-07 16:12:39 +03:00 · 2021-03-07 16:12:39 +03:00 · 0531df3688
commit 0531df3688
parent e4317469d1
5 changed files with 19 additions and 9 deletions
--- a/package/archlinux/PKGBUILD
+++ b/package/archlinux/PKGBUILD
@ -16,7 +16,7 @@ source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$
        'ahriman.sudoers'
        'ahriman.sysusers'
        'ahriman.tmpfiles')
-sha512sums=('b2ed7733fc73156edc0ff81db7626a3790a1c63ba89621890526f424c2bea8c4d52a4840702a679bfba80fe28244da86ae676f22b357dfa52ef9f543d2cfbb41'
+sha512sums=('67a6b6432ca8985491e398b8f2b374cf7cfd40bb69ad844913d9d45d3b510fba2910dfc21fd33a4faf4f2035bb005909cf815523180436c3a30e512757c268e7'
            '8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167'
            '13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075'
            '55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4')
--- a/src/ahriman/application/application.py
+++ b/src/ahriman/application/application.py
@ -48,7 +48,7 @@ class Application:
        if not no_aur:
            updates.extend(self.repository.updates_aur(checked))
        if not no_manual:
-            updates.extend(self.repository.updates_aur(checked))
+            updates.extend(self.repository.updates_manual(checked))

        for package in updates:
            log_fn(f'{package.name} = {package.version}')
--- a/src/ahriman/core/repo/repo_wrapper.py
+++ b/src/ahriman/core/repo/repo_wrapper.py
@ -20,6 +20,8 @@
 import logging
 import os

+from typing import List, Optional
+
 from ahriman.core.exceptions import BuildFailed
 from ahriman.core.util import check_output
 from ahriman.models.repository_paths import RepositoryPaths
@ -27,18 +29,23 @@ from ahriman.models.repository_paths import RepositoryPaths

 class RepoWrapper:

-    def __init__(self, name: str, paths: RepositoryPaths) -> None:
+    def __init__(self, name: str, paths: RepositoryPaths, pgp_key: Optional[str]) -> None:
        self.logger = logging.getLogger('build_details')
        self.name = name
        self.paths = paths
+        self.pgp_key = pgp_key

    @property
    def repo_path(self) -> str:
        return os.path.join(self.paths.repository, f'{self.name}.db.tar.gz')

+    def _with_sign(self, cmd: List[str]) -> List[str]:
+        return (cmd + ['-s', '-k', self.pgp_key]) if self.pgp_key else cmd
+
    def add(self, path: str) -> None:
+        cmd = self._with_sign(['repo-add'])
        check_output(
-            'repo-add', '-R', self.repo_path, path,
+            *cmd, '-R', self.repo_path, path,
            exception=BuildFailed(path),
            cwd=self.paths.repository,
            logger=self.logger)
@ -48,8 +55,9 @@ class RepoWrapper:
        sign_path = f'{path}.sig'
        if os.path.exists(sign_path):
            os.remove(sign_path)
+        cmd = self._with_sign(['repo-remove'])
        check_output(
-            'repo-remove', self.repo_path, package,
+            *cmd, self.repo_path, package,
            exception=BuildFailed(path),
            cwd=self.paths.repository,
            logger=self.logger)
--- a/src/ahriman/core/repository.py
+++ b/src/ahriman/core/repository.py
@ -47,7 +47,7 @@ class Repository:
        self.paths.create_tree()

        self.sign = GPGWrapper(config)
-        self.wrapper = RepoWrapper(self.name, self.paths)
+        self.wrapper = RepoWrapper(self.name, self.paths, self.sign.repository_sign_key)

    def _clear_build(self) -> None:
        for package in os.listdir(self.paths.sources):
@ -114,7 +114,6 @@ class Repository:
                self.logger.exception(f'could not load package from {fn}', exc_info=True)
                continue

-        self.sign.sign_repository(self.wrapper.repo_path)
        return self.wrapper.repo_path

    def process_report(self, targets: Optional[List[str]]) -> None:
@ -139,7 +138,6 @@ class Repository:
            self.wrapper.add(package_fn)
        self._clear_packages()

-        self.sign.sign_repository(self.wrapper.repo_path)
        return self.wrapper.repo_path

    def updates_aur(self, checked: List[str]) -> List[Package]:
--- a/src/ahriman/core/sign/gpg_wrapper.py
+++ b/src/ahriman/core/sign/gpg_wrapper.py
@ -20,7 +20,7 @@
 import logging
 import os

-from typing import List
+from typing import List, Optional

 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import BuildFailed
@ -36,6 +36,10 @@ class GPGWrapper:
        self.key = config.get('sign', 'key', fallback=None)
        self.sign = SignSettings.from_option(config.get('sign', 'enabled'))

+    @property
+    def repository_sign_key(self) -> Optional[str]:
+        return self.key if self.sign == SignSettings.SignRepository else None
+
    def process(self, path: str) -> List[str]:
        check_output(
            *self.sign_cmd(path),