mirror of
https://github.com/arcan1s/ahriman.git
synced 2025-04-24 07:17:17 +00:00
multisign option
This commit is contained in:
parent
fd2049b334
commit
262d8d8647
@ -36,8 +36,8 @@ Base repository settings:
|
|||||||
|
|
||||||
Settings for signing packages or repository:
|
Settings for signing packages or repository:
|
||||||
|
|
||||||
* `enabled` - configuration flag to enable signing, string, required. Allowed values are `disabled`, `package` (sign each package separately), `repository` (sign repository database file).
|
* `target` - configuration flag to enable signing, space separated list of strings, required. Allowed values are `package` (sign each package separately), `repository` (sign repository database file).
|
||||||
* `key` - PGP key, string, optional.
|
* `key` - PGP key, string, required.
|
||||||
|
|
||||||
## `report` group
|
## `report` group
|
||||||
|
|
||||||
|
|||||||
@ -24,7 +24,7 @@ source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$
|
|||||||
'ahriman.sudoers'
|
'ahriman.sudoers'
|
||||||
'ahriman.sysusers'
|
'ahriman.sysusers'
|
||||||
'ahriman.tmpfiles')
|
'ahriman.tmpfiles')
|
||||||
sha512sums=('bc4880fc2f4196dc959f14a199135bbf09c75fbaad722709c1ca7c1fdae0475b3cfcdff5bf33bc9bcdf4f17a0e29b42bd26de7b3d551356dd63a705ec496e111'
|
sha512sums=('c1051769f0ce307c9a9a69ba721a3e5abe0a0df0e7ce07f1e482f931a52e715820cda69186c8d65ee8407f1f013c51c2633b15f35e1964732af3c4d3e137665a'
|
||||||
'8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167'
|
'8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167'
|
||||||
'13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075'
|
'13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075'
|
||||||
'55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4')
|
'55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4')
|
||||||
|
|||||||
@ -17,7 +17,7 @@ name = aur-clone
|
|||||||
root = /var/lib/ahriman
|
root = /var/lib/ahriman
|
||||||
|
|
||||||
[sign]
|
[sign]
|
||||||
enabled = disabled
|
target =
|
||||||
key =
|
key =
|
||||||
|
|
||||||
[report]
|
[report]
|
||||||
|
|||||||
@ -5,16 +5,17 @@
|
|||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
<h1>{{ repository|e }} ArchLinux custom repository</h1>
|
<h1>ArchLinux custom repository</h1>
|
||||||
|
|
||||||
{% if pgp_key is not none %}
|
{% if pgp_key is not none %}
|
||||||
<p>All packages are signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
|
<p>This repository is signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<code>
|
<code>
|
||||||
$ cat /etc/pacman.conf<br>
|
$ cat /etc/pacman.conf<br>
|
||||||
[{{ repository|e }}]<br>
|
[{{ repository|e }}]<br>
|
||||||
Server = {{ link_path|e }}
|
Server = {{ link_path|e }}<br>
|
||||||
|
SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Package{% if has_package_signed %}Required{% else %}Never{% endif %} TrustedOnly
|
||||||
</code>
|
</code>
|
||||||
|
|
||||||
<p>Packages:</p>
|
<p>Packages:</p>
|
||||||
|
|||||||
@ -21,7 +21,7 @@ import configparser
|
|||||||
import os
|
import os
|
||||||
|
|
||||||
from logging.config import fileConfig
|
from logging.config import fileConfig
|
||||||
from typing import List, Optional
|
from typing import List, Optional, Set
|
||||||
|
|
||||||
|
|
||||||
# built-in configparser extension
|
# built-in configparser extension
|
||||||
|
|||||||
@ -1,26 +0,0 @@
|
|||||||
#
|
|
||||||
# Copyright (c) 2021 Evgenii Alekseev.
|
|
||||||
#
|
|
||||||
# This file is part of ahriman
|
|
||||||
# (see https://github.com/arcan1s/ahriman).
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
from ahriman.core.report.report import Report
|
|
||||||
|
|
||||||
|
|
||||||
class Dummy(Report):
|
|
||||||
|
|
||||||
def generate(self, path: str) -> None:
|
|
||||||
pass
|
|
||||||
@ -39,10 +39,8 @@ class HTML(Report):
|
|||||||
self.template_path = config.get(section, 'template_path')
|
self.template_path = config.get(section, 'template_path')
|
||||||
|
|
||||||
# base template vars
|
# base template vars
|
||||||
if SignSettings.from_option(config.get('sign', 'enabled')) != SignSettings.Disabled:
|
self.sign_targets = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
|
||||||
self.pgp_key = config.get('sign', 'key', fallback=None)
|
self.pgp_key = config.get('sign', 'key', fallback=None)
|
||||||
else:
|
|
||||||
self.pgp_key = None
|
|
||||||
self.homepage = config.get(section, 'homepage', fallback=None)
|
self.homepage = config.get(section, 'homepage', fallback=None)
|
||||||
self.repository = config.get('repository', 'name')
|
self.repository = config.get('repository', 'name')
|
||||||
|
|
||||||
@ -62,6 +60,8 @@ class HTML(Report):
|
|||||||
html = template.render(
|
html = template.render(
|
||||||
homepage=self.homepage,
|
homepage=self.homepage,
|
||||||
link_path=self.link_path,
|
link_path=self.link_path,
|
||||||
|
has_package_signed=SignSettings.SignPackages in self.sign_targets,
|
||||||
|
has_repo_signed=SignSettings.SignRepository in self.sign_targets,
|
||||||
packages=packages,
|
packages=packages,
|
||||||
pgp_key=self.pgp_key,
|
pgp_key=self.pgp_key,
|
||||||
repository=self.repository)
|
repository=self.repository)
|
||||||
|
|||||||
@ -38,8 +38,7 @@ class Report:
|
|||||||
from ahriman.core.report.html import HTML
|
from ahriman.core.report.html import HTML
|
||||||
report: Report = HTML(architecture, config)
|
report: Report = HTML(architecture, config)
|
||||||
else:
|
else:
|
||||||
from ahriman.core.report.dummy import Dummy
|
report = Report(architecture, config)
|
||||||
report = Dummy(architecture, config)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
report.generate(path)
|
report.generate(path)
|
||||||
@ -47,4 +46,4 @@ class Report:
|
|||||||
raise ReportFailed(e) from e
|
raise ReportFailed(e) from e
|
||||||
|
|
||||||
def generate(self, path: str) -> None:
|
def generate(self, path: str) -> None:
|
||||||
raise NotImplementedError
|
pass
|
||||||
@ -33,12 +33,12 @@ class GPGWrapper:
|
|||||||
def __init__(self, config: Configuration) -> None:
|
def __init__(self, config: Configuration) -> None:
|
||||||
self.logger = logging.getLogger('build_details')
|
self.logger = logging.getLogger('build_details')
|
||||||
|
|
||||||
self.key = config.get('sign', 'key', fallback=None)
|
self.target = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
|
||||||
self.sign = SignSettings.from_option(config.get('sign', 'enabled'))
|
self.key = config.get('sign', 'key') if self.target else None
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def repository_sign_args(self) -> List[str]:
|
def repository_sign_args(self) -> List[str]:
|
||||||
if self.sign != SignSettings.SignRepository:
|
if SignSettings.SignRepository not in self.target:
|
||||||
return []
|
return []
|
||||||
return ['--sign', '--key', self.key] if self.key else ['--sign']
|
return ['--sign', '--key', self.key] if self.key else ['--sign']
|
||||||
|
|
||||||
@ -58,11 +58,11 @@ class GPGWrapper:
|
|||||||
return cmd
|
return cmd
|
||||||
|
|
||||||
def sign_package(self, path: str) -> List[str]:
|
def sign_package(self, path: str) -> List[str]:
|
||||||
if self.sign != SignSettings.SignPackages:
|
if SignSettings.SignPackages not in self.target:
|
||||||
return [path]
|
return [path]
|
||||||
return self.process(path)
|
return self.process(path)
|
||||||
|
|
||||||
def sign_repository(self, path: str) -> List[str]:
|
def sign_repository(self, path: str) -> List[str]:
|
||||||
if self.sign != SignSettings.SignRepository:
|
if SignSettings.SignRepository not in self.target:
|
||||||
return [path]
|
return [path]
|
||||||
return self.process(path)
|
return self.process(path)
|
||||||
@ -1,26 +0,0 @@
|
|||||||
#
|
|
||||||
# Copyright (c) 2021 Evgenii Alekseev.
|
|
||||||
#
|
|
||||||
# This file is part of ahriman
|
|
||||||
# (see https://github.com/arcan1s/ahriman).
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
from ahriman.core.upload.uploader import Uploader
|
|
||||||
|
|
||||||
|
|
||||||
class Dummy(Uploader):
|
|
||||||
|
|
||||||
def sync(self, path: str) -> None:
|
|
||||||
pass
|
|
||||||
@ -41,8 +41,7 @@ class Uploader:
|
|||||||
from ahriman.core.upload.s3 import S3
|
from ahriman.core.upload.s3 import S3
|
||||||
uploader = S3(architecture, config)
|
uploader = S3(architecture, config)
|
||||||
else:
|
else:
|
||||||
from ahriman.core.upload.dummy import Dummy
|
uploader = Uploader(architecture, config)
|
||||||
uploader = Dummy(architecture, config)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
uploader.sync(path)
|
uploader.sync(path)
|
||||||
@ -50,4 +49,4 @@ class Uploader:
|
|||||||
raise SyncFailed(e) from e
|
raise SyncFailed(e) from e
|
||||||
|
|
||||||
def sync(self, path: str) -> None:
|
def sync(self, path: str) -> None:
|
||||||
raise NotImplementedError
|
pass
|
||||||
|
|||||||
@ -25,15 +25,12 @@ from ahriman.core.exceptions import InvalidOptionException
|
|||||||
|
|
||||||
|
|
||||||
class SignSettings(Enum):
|
class SignSettings(Enum):
|
||||||
Disabled = auto()
|
|
||||||
SignPackages = auto()
|
SignPackages = auto()
|
||||||
SignRepository = auto()
|
SignRepository = auto()
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def from_option(value: str) -> SignSettings:
|
def from_option(value: str) -> SignSettings:
|
||||||
if value.lower() in ('no', 'disabled'):
|
if value.lower() in ('package', 'packages', 'sign-package'):
|
||||||
return SignSettings.Disabled
|
|
||||||
elif value.lower() in ('package', 'packages', 'sign-package'):
|
|
||||||
return SignSettings.SignPackages
|
return SignSettings.SignPackages
|
||||||
elif value.lower() in ('repository', 'sign-repository'):
|
elif value.lower() in ('repository', 'sign-repository'):
|
||||||
return SignSettings.SignRepository
|
return SignSettings.SignRepository
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user