From 262d8d8647de0872917ce1469d65cd194b7b4666 Mon Sep 17 00:00:00 2001
From: Evgeniy Alekseev <i@arcanis.me>
Date: Thu, 11 Mar 2021 01:39:45 +0300
Subject: [PATCH] multisign option

---
 CONFIGURING.md                          |  4 ++--
 package/archlinux/PKGBUILD              |  2 +-
 package/etc/ahriman.ini                 |  2 +-
 package/share/ahriman/repo-index.jinja2 |  7 ++++---
 src/ahriman/core/configuration.py       |  2 +-
 src/ahriman/core/report/dummy.py        | 26 -------------------------
 src/ahriman/core/report/html.py         |  8 ++++----
 src/ahriman/core/report/report.py       |  5 ++---
 src/ahriman/core/sign/gpg_wrapper.py    | 10 +++++-----
 src/ahriman/core/upload/dummy.py        | 26 -------------------------
 src/ahriman/core/upload/uploader.py     |  5 ++---
 src/ahriman/models/sign_settings.py     |  5 +----
 12 files changed, 23 insertions(+), 79 deletions(-)
 delete mode 100644 src/ahriman/core/report/dummy.py
 delete mode 100644 src/ahriman/core/upload/dummy.py

diff --git a/CONFIGURING.md b/CONFIGURING.md
index df103949..ba9a0dd5 100644
--- a/CONFIGURING.md
+++ b/CONFIGURING.md
@@ -36,8 +36,8 @@ Base repository settings:
 
 Settings for signing packages or repository:
 
-* `enabled` - configuration flag to enable signing, string, required. Allowed values are `disabled`, `package` (sign each package separately), `repository` (sign repository database file).
-* `key` - PGP key, string, optional.
+* `target` - configuration flag to enable signing, space separated list of strings, required. Allowed values are `package` (sign each package separately), `repository` (sign repository database file).
+* `key` - PGP key, string, required.
 
 ## `report` group
 
diff --git a/package/archlinux/PKGBUILD b/package/archlinux/PKGBUILD
index 94a55d5a..3b161512 100644
--- a/package/archlinux/PKGBUILD
+++ b/package/archlinux/PKGBUILD
@@ -24,7 +24,7 @@ source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$
         'ahriman.sudoers'
         'ahriman.sysusers'
         'ahriman.tmpfiles')
-sha512sums=('bc4880fc2f4196dc959f14a199135bbf09c75fbaad722709c1ca7c1fdae0475b3cfcdff5bf33bc9bcdf4f17a0e29b42bd26de7b3d551356dd63a705ec496e111'
+sha512sums=('c1051769f0ce307c9a9a69ba721a3e5abe0a0df0e7ce07f1e482f931a52e715820cda69186c8d65ee8407f1f013c51c2633b15f35e1964732af3c4d3e137665a'
             '8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167'
             '13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075'
             '55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4')
diff --git a/package/etc/ahriman.ini b/package/etc/ahriman.ini
index 008f5d83..0ff9e0fc 100644
--- a/package/etc/ahriman.ini
+++ b/package/etc/ahriman.ini
@@ -17,7 +17,7 @@ name = aur-clone
 root = /var/lib/ahriman
 
 [sign]
-enabled = disabled
+target =
 key =
 
 [report]
diff --git a/package/share/ahriman/repo-index.jinja2 b/package/share/ahriman/repo-index.jinja2
index 7758fb8d..e1ebf615 100644
--- a/package/share/ahriman/repo-index.jinja2
+++ b/package/share/ahriman/repo-index.jinja2
@@ -5,16 +5,17 @@
     </head>
 
     <body>
-        <h1>{{ repository|e }} ArchLinux custom repository</h1>
+        <h1>ArchLinux custom repository</h1>
 
         {% if pgp_key is not none %}
-            <p>All packages are signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
+            <p>This repository is signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
         {% endif %}
 
         <code>
             $ cat /etc/pacman.conf<br>
             [{{ repository|e }}]<br>
-            Server = {{ link_path|e }}
+            Server = {{ link_path|e }}<br>
+            SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Package{% if has_package_signed %}Required{% else %}Never{% endif %} TrustedOnly
         </code>
 
         <p>Packages:</p>
diff --git a/src/ahriman/core/configuration.py b/src/ahriman/core/configuration.py
index b23016ae..cd4ad95b 100644
--- a/src/ahriman/core/configuration.py
+++ b/src/ahriman/core/configuration.py
@@ -21,7 +21,7 @@ import configparser
 import os
 
 from logging.config import fileConfig
-from typing import List, Optional
+from typing import List, Optional, Set
 
 
 # built-in configparser extension
diff --git a/src/ahriman/core/report/dummy.py b/src/ahriman/core/report/dummy.py
deleted file mode 100644
index 9caec0ce..00000000
--- a/src/ahriman/core/report/dummy.py
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# Copyright (c) 2021 Evgenii Alekseev.
-#
-# This file is part of ahriman 
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from ahriman.core.report.report import Report
-
-
-class Dummy(Report):
-
-    def generate(self, path: str) -> None:
-        pass
diff --git a/src/ahriman/core/report/html.py b/src/ahriman/core/report/html.py
index b66bf3ee..054d55dd 100644
--- a/src/ahriman/core/report/html.py
+++ b/src/ahriman/core/report/html.py
@@ -39,10 +39,8 @@ class HTML(Report):
         self.template_path = config.get(section, 'template_path')
 
         # base template vars
-        if SignSettings.from_option(config.get('sign', 'enabled')) != SignSettings.Disabled:
-            self.pgp_key = config.get('sign', 'key', fallback=None)
-        else:
-            self.pgp_key = None
+        self.sign_targets = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
+        self.pgp_key = config.get('sign', 'key', fallback=None)
         self.homepage = config.get(section, 'homepage', fallback=None)
         self.repository = config.get('repository', 'name')
 
@@ -62,6 +60,8 @@ class HTML(Report):
         html = template.render(
             homepage=self.homepage,
             link_path=self.link_path,
+            has_package_signed=SignSettings.SignPackages in self.sign_targets,
+            has_repo_signed=SignSettings.SignRepository in self.sign_targets,
             packages=packages,
             pgp_key=self.pgp_key,
             repository=self.repository)
diff --git a/src/ahriman/core/report/report.py b/src/ahriman/core/report/report.py
index e2828329..bceab960 100644
--- a/src/ahriman/core/report/report.py
+++ b/src/ahriman/core/report/report.py
@@ -38,8 +38,7 @@ class Report:
             from ahriman.core.report.html import HTML
             report: Report = HTML(architecture, config)
         else:
-            from ahriman.core.report.dummy import Dummy
-            report = Dummy(architecture, config)
+            report = Report(architecture, config)
 
         try:
             report.generate(path)
@@ -47,4 +46,4 @@ class Report:
             raise ReportFailed(e) from e
 
     def generate(self, path: str) -> None:
-        raise NotImplementedError
\ No newline at end of file
+        pass
\ No newline at end of file
diff --git a/src/ahriman/core/sign/gpg_wrapper.py b/src/ahriman/core/sign/gpg_wrapper.py
index b89ad5d3..e0b0d8c1 100644
--- a/src/ahriman/core/sign/gpg_wrapper.py
+++ b/src/ahriman/core/sign/gpg_wrapper.py
@@ -33,12 +33,12 @@ class GPGWrapper:
     def __init__(self, config: Configuration) -> None:
         self.logger = logging.getLogger('build_details')
 
-        self.key = config.get('sign', 'key', fallback=None)
-        self.sign = SignSettings.from_option(config.get('sign', 'enabled'))
+        self.target = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
+        self.key = config.get('sign', 'key') if self.target else None
 
     @property
     def repository_sign_args(self) -> List[str]:
-        if self.sign != SignSettings.SignRepository:
+        if SignSettings.SignRepository not in self.target:
             return []
         return ['--sign', '--key', self.key] if self.key else ['--sign']
 
@@ -58,11 +58,11 @@ class GPGWrapper:
         return cmd
 
     def sign_package(self, path: str) -> List[str]:
-        if self.sign != SignSettings.SignPackages:
+        if SignSettings.SignPackages not in self.target:
             return [path]
         return self.process(path)
 
     def sign_repository(self, path: str) -> List[str]:
-        if self.sign != SignSettings.SignRepository:
+        if SignSettings.SignRepository not in self.target:
             return [path]
         return self.process(path)
\ No newline at end of file
diff --git a/src/ahriman/core/upload/dummy.py b/src/ahriman/core/upload/dummy.py
deleted file mode 100644
index 32471dc3..00000000
--- a/src/ahriman/core/upload/dummy.py
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# Copyright (c) 2021 Evgenii Alekseev.
-#
-# This file is part of ahriman 
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from ahriman.core.upload.uploader import Uploader
-
-
-class Dummy(Uploader):
-
-    def sync(self, path: str) -> None:
-        pass
diff --git a/src/ahriman/core/upload/uploader.py b/src/ahriman/core/upload/uploader.py
index 3f6d79a4..caeeda4e 100644
--- a/src/ahriman/core/upload/uploader.py
+++ b/src/ahriman/core/upload/uploader.py
@@ -41,8 +41,7 @@ class Uploader:
             from ahriman.core.upload.s3 import S3
             uploader = S3(architecture, config)
         else:
-            from ahriman.core.upload.dummy import Dummy
-            uploader = Dummy(architecture, config)
+            uploader = Uploader(architecture, config)
 
         try:
             uploader.sync(path)
@@ -50,4 +49,4 @@ class Uploader:
             raise SyncFailed(e) from e
 
     def sync(self, path: str) -> None:
-        raise NotImplementedError
+        pass
diff --git a/src/ahriman/models/sign_settings.py b/src/ahriman/models/sign_settings.py
index 44874b04..2426cf8d 100644
--- a/src/ahriman/models/sign_settings.py
+++ b/src/ahriman/models/sign_settings.py
@@ -25,15 +25,12 @@ from ahriman.core.exceptions import InvalidOptionException
 
 
 class SignSettings(Enum):
-    Disabled = auto()
     SignPackages = auto()
     SignRepository = auto()
 
     @staticmethod
     def from_option(value: str) -> SignSettings:
-        if value.lower() in ('no', 'disabled'):
-            return SignSettings.Disabled
-        elif value.lower() in ('package', 'packages', 'sign-package'):
+        if value.lower() in ('package', 'packages', 'sign-package'):
             return SignSettings.SignPackages
         elif value.lower() in ('repository', 'sign-repository'):
             return SignSettings.SignRepository