multisign option

2025-04-24 07:17:17 +00:00 · 2021-03-11 01:39:45 +03:00 · 2021-03-11 01:39:45 +03:00 · 262d8d8647
commit 262d8d8647
parent fd2049b334
12 changed files with 23 additions and 79 deletions
--- a/CONFIGURING.md
+++ b/CONFIGURING.md
@ -36,8 +36,8 @@ Base repository settings:

 Settings for signing packages or repository:

-* `enabled` - configuration flag to enable signing, string, required. Allowed values are `disabled`, `package` (sign each package separately), `repository` (sign repository database file).
-* `key` - PGP key, string, optional.
+* `target` - configuration flag to enable signing, space separated list of strings, required. Allowed values are `package` (sign each package separately), `repository` (sign repository database file).
+* `key` - PGP key, string, required.

 ## `report` group

--- a/package/archlinux/PKGBUILD
+++ b/package/archlinux/PKGBUILD
@ -24,7 +24,7 @@ source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$
        'ahriman.sudoers'
        'ahriman.sysusers'
        'ahriman.tmpfiles')
-sha512sums=('bc4880fc2f4196dc959f14a199135bbf09c75fbaad722709c1ca7c1fdae0475b3cfcdff5bf33bc9bcdf4f17a0e29b42bd26de7b3d551356dd63a705ec496e111'
+sha512sums=('c1051769f0ce307c9a9a69ba721a3e5abe0a0df0e7ce07f1e482f931a52e715820cda69186c8d65ee8407f1f013c51c2633b15f35e1964732af3c4d3e137665a'
            '8c9b5b63ac3f7b4d9debaf801a1e9c060877c33d3ecafe18010fcca778e5fa2f2e46909d3d0ff1b229ff8aa978445d8243fd36e1fc104117ed678d5e21901167'
            '13718afec2c6786a18f0b223ef8e58dccf0688bca4cdbe203f14071f5031ed20120eb0ce38b52c76cfd6e8b6581a9c9eaa2743eb11abbaca637451a84c33f075'
            '55b20f6da3d66e7bbf2add5d95a3b60632df121717d25a993e56e737d14f51fe063eb6f1b38bd81cc32e05db01c0c1d80aaa720c45cde87f238d8b46cdb8cbc4')
--- a/package/etc/ahriman.ini
+++ b/package/etc/ahriman.ini
@ -17,7 +17,7 @@ name = aur-clone
 root = /var/lib/ahriman

 [sign]
-enabled = disabled
+target =
 key =

 [report]
--- a/package/share/ahriman/repo-index.jinja2
+++ b/package/share/ahriman/repo-index.jinja2
@ -5,16 +5,17 @@
    </head>

    <body>
-        <h1>{{ repository|e }} ArchLinux custom repository</h1>
+        <h1>ArchLinux custom repository</h1>

        {% if pgp_key is not none %}
-            <p>All packages are signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
+            <p>This repository is signed with <a href="http://keys.gnupg.net/pks/lookup?search=0x{{ pgp_key|e }}" title="key search">{{ pgp_key|e }}</a>.</p>
        {% endif %}

        <code>
            $ cat /etc/pacman.conf<br>
            [{{ repository|e }}]<br>
-            Server = {{ link_path|e }}
+            Server = {{ link_path|e }}<br>
+            SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Package{% if has_package_signed %}Required{% else %}Never{% endif %} TrustedOnly
        </code>

        <p>Packages:</p>
--- a/src/ahriman/core/configuration.py
+++ b/src/ahriman/core/configuration.py
@ -21,7 +21,7 @@ import configparser
 import os

 from logging.config import fileConfig
-from typing import List, Optional
+from typing import List, Optional, Set


 # built-in configparser extension
--- a/src/ahriman/core/report/dummy.py
+++ b/src/ahriman/core/report/dummy.py
@ -1,26 +0,0 @@
-#
-# Copyright (c) 2021 Evgenii Alekseev.
-#
-# This file is part of ahriman 
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from ahriman.core.report.report import Report
-
-
-class Dummy(Report):
-
-    def generate(self, path: str) -> None:
-        pass
--- a/src/ahriman/core/report/html.py
+++ b/src/ahriman/core/report/html.py
@ -39,10 +39,8 @@ class HTML(Report):
        self.template_path = config.get(section, 'template_path')

        # base template vars
-        if SignSettings.from_option(config.get('sign', 'enabled')) != SignSettings.Disabled:
-            self.pgp_key = config.get('sign', 'key', fallback=None)
-        else:
-            self.pgp_key = None
+        self.sign_targets = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
+        self.pgp_key = config.get('sign', 'key', fallback=None)
        self.homepage = config.get(section, 'homepage', fallback=None)
        self.repository = config.get('repository', 'name')

@ -62,6 +60,8 @@ class HTML(Report):
        html = template.render(
            homepage=self.homepage,
            link_path=self.link_path,
+            has_package_signed=SignSettings.SignPackages in self.sign_targets,
+            has_repo_signed=SignSettings.SignRepository in self.sign_targets,
            packages=packages,
            pgp_key=self.pgp_key,
            repository=self.repository)
--- a/src/ahriman/core/report/report.py
+++ b/src/ahriman/core/report/report.py
@ -38,8 +38,7 @@ class Report:
            from ahriman.core.report.html import HTML
            report: Report = HTML(architecture, config)
        else:
-            from ahriman.core.report.dummy import Dummy
-            report = Dummy(architecture, config)
+            report = Report(architecture, config)

        try:
            report.generate(path)
@ -47,4 +46,4 @@ class Report:
            raise ReportFailed(e) from e

    def generate(self, path: str) -> None:
-        raise NotImplementedError
+        pass
--- a/src/ahriman/core/sign/gpg_wrapper.py
+++ b/src/ahriman/core/sign/gpg_wrapper.py
@ -33,12 +33,12 @@ class GPGWrapper:
    def __init__(self, config: Configuration) -> None:
        self.logger = logging.getLogger('build_details')

-        self.key = config.get('sign', 'key', fallback=None)
-        self.sign = SignSettings.from_option(config.get('sign', 'enabled'))
+        self.target = [SignSettings.from_option(opt) for opt in config.get_list('sign', 'target')]
+        self.key = config.get('sign', 'key') if self.target else None

    @property
    def repository_sign_args(self) -> List[str]:
-        if self.sign != SignSettings.SignRepository:
+        if SignSettings.SignRepository not in self.target:
            return []
        return ['--sign', '--key', self.key] if self.key else ['--sign']

@ -58,11 +58,11 @@ class GPGWrapper:
        return cmd

    def sign_package(self, path: str) -> List[str]:
-        if self.sign != SignSettings.SignPackages:
+        if SignSettings.SignPackages not in self.target:
            return [path]
        return self.process(path)

    def sign_repository(self, path: str) -> List[str]:
-        if self.sign != SignSettings.SignRepository:
+        if SignSettings.SignRepository not in self.target:
            return [path]
        return self.process(path)
--- a/src/ahriman/core/upload/dummy.py
+++ b/src/ahriman/core/upload/dummy.py
@ -1,26 +0,0 @@
-#
-# Copyright (c) 2021 Evgenii Alekseev.
-#
-# This file is part of ahriman 
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from ahriman.core.upload.uploader import Uploader
-
-
-class Dummy(Uploader):
-
-    def sync(self, path: str) -> None:
-        pass
--- a/src/ahriman/core/upload/uploader.py
+++ b/src/ahriman/core/upload/uploader.py
@ -41,8 +41,7 @@ class Uploader:
            from ahriman.core.upload.s3 import S3
            uploader = S3(architecture, config)
        else:
-            from ahriman.core.upload.dummy import Dummy
-            uploader = Dummy(architecture, config)
+            uploader = Uploader(architecture, config)

        try:
            uploader.sync(path)
@ -50,4 +49,4 @@ class Uploader:
            raise SyncFailed(e) from e

    def sync(self, path: str) -> None:
-        raise NotImplementedError
+        pass
--- a/src/ahriman/models/sign_settings.py
+++ b/src/ahriman/models/sign_settings.py
@ -25,15 +25,12 @@ from ahriman.core.exceptions import InvalidOptionException


 class SignSettings(Enum):
-    Disabled = auto()
    SignPackages = auto()
    SignRepository = auto()

    @staticmethod
    def from_option(value: str) -> SignSettings:
-        if value.lower() in ('no', 'disabled'):
-            return SignSettings.Disabled
-        elif value.lower() in ('package', 'packages', 'sign-package'):
+        if value.lower() in ('package', 'packages', 'sign-package'):
            return SignSettings.SignPackages
        elif value.lower() in ('repository', 'sign-repository'):
            return SignSettings.SignRepository