amprolla

devuan's apt repo merger
git clone git://parazyd.org/amprolla.git
Log | Files | Refs | README | LICENSE
commit 0454dba27c9b281b9eaca4b75184a8bc1f54cf15
parent 94adcf6b6e35c9bbe6dbae6f3db6c15472ba3d65
Author: parazyd <parazyd@dyne.org>
Date:   Mon,  5 Jun 2017 21:10:06 +0200

gpg signing of Release files (using python-gnupg)

Diffstat:

Mlib/config.py | 10+++++-----


Mlib/package.py | 16++++++++--------


Mlib/release.py | 22+++++++++++++++++++++-


Morchestrate.py | 4+++-


4 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/lib/config.py b/lib/config.py
@@ -7,7 +7,7 @@ amprolla configuration file
 from hashlib import md5, sha1, sha256
 
 spooldir = './spool'
-sign_key = 'fa1b0274'
+signingkey = 'B876CB44FA1B0274'
 mergedir = './merged'
 mergesubdir = 'dists'
 banpkgs = {'systemd', 'systemd-sysv'}
@@ -111,16 +111,16 @@ mainrepofiles = [
 ]
 
 pkgfiles = [
-    # 'Packages',
+    'Packages',
     'Packages.gz',
-    # 'Packages.xz',
+    'Packages.xz',
     'Release'
 ]
 
 srcfiles = [
-    # 'Sources',
+    'Sources',
     'Sources.gz',
-    # 'Sources.xz,
+    'Sources.xz',
     'Release'
 ]
 
diff --git a/lib/package.py b/lib/package.py
@@ -30,8 +30,8 @@ def write_packages(packages, filename, sort=True, sources=False):
         copyfile(rl.replace(mergedir, join(spooldir, 'devuan')), rl)
 
     gzf = gzip_open(filename, 'w')
-    #xzf = lzma_open(filename.replace('.gz', '.xz'), 'w')
-    #f = open(filename.replace('.gz', ''), 'w')
+    xzf = lzma_open(filename.replace('.gz', '.xz'), 'w')
+    f = open(filename.replace('.gz', ''), 'w')
 
     pkg_items = packages.items()
     if sort:
@@ -47,15 +47,15 @@ def write_packages(packages, filename, sort=True, sources=False):
             if key in pkg_contents:
                 s = '%s: %s\n' % (key, pkg_contents[key])
                 gzf.write(s.encode('utf-8'))
-                #xzf.write(s.encode('utf-8'))
-                #f.write(s)
+                xzf.write(s.encode('utf-8'))
+                f.write(s)
         gzf.write(b'\n')
-        #xzf.write(b'\n')
-        #f.write('\n')
+        xzf.write(b'\n')
+        f.write('\n')
 
     gzf.close()
-    #xzf.close()
-    #f.close()
+    xzf.close()
+    f.close()
 
 
 def load_packages_file(filename):
diff --git a/lib/release.py b/lib/release.py
@@ -6,8 +6,9 @@ Release file functions and helpers
 
 from datetime import datetime, timedelta
 from os.path import getsize
+import gnupg
 
-from lib.config import release_keys, checksums
+from lib.config import release_keys, checksums, signingkey
 from lib.parse import parse_release_head
 
 
@@ -47,3 +48,22 @@ def write_release(oldrel, newrel, filelist, r):
                                         getsize(f), f.replace(r+'/', '')))
 
     new.close()
+
+    sign_release(newrel)
+
+def sign_release(infile):
+    """
+    Signs both the clearsign and the detached signature of a Release file
+    """
+    gpg = gnupg.GPG()
+
+    stream = open(infile, 'rb')
+
+    # Clearsign
+    signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=True,
+                                detach=False,
+                                output=infile.replace('Release', 'InRelease'))
+
+    # Detached signature (somewhat broken?)
+    # signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=False,
+    #                             detach=True, output=infile + '.gpg')
diff --git a/orchestrate.py b/orchestrate.py
@@ -44,6 +44,7 @@ def gen_release(s):
 
     for suite in suites[s]:
         filelist = []
+        print('Crawling %s' % suite)
         rootdir = join(mergedir, mergesubdir, suite)
         for cat in categories:
             for arch in arches:
@@ -62,8 +63,9 @@ def gen_release(s):
         oldrfl = newrfl.replace(join(mergedir, mergesubdir),
                                 join(spooldir, repos['devuan']['dists']))
 
+        print('Writing Release')
         write_release(oldrfl, newrfl, filelist, rootdir)
-        break
+        # break
 
 
 do_merge()