amprolla

devuan's apt repo merger
git clone git://parazyd.org/amprolla.git
Log | Files | Refs | README | LICENSE
commit ea2b4dd29579b36f02547ba089383cdefa463f8c
parent 57ac2b2a17fbeb08fc845bbb0b275d22c568892f
Author: parazyd <parazyd@dyne.org>
Date:   Fri, 11 Aug 2017 10:35:39 +0200

refactor sign_release to use gnupg directly via subprocess

removes the need for python-gnupg which tends to have a relatively
unstable API and doesn't work properly on some machines.

Diffstat:

MREADME.md | 8++++----


Mdoc/setup.md | 2+-


Mlib/release.py | 31+++++++++++++++++--------------


3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
@@ -19,19 +19,19 @@ of the according `Release` files.
 Dependencies
 ------------
 
-amprolla requires Python 3, and some external modules for it. The lowest
-version it's been tested on was Python 3.4.
+amprolla requires Python 3, the lowest version it's been tested on was
+Python 3.4. It also requires the python-requests library.
 
 ### Devuan/Debian
 
 ```
-rsync gnupg2 python3-requests python3-gnupg
+rsync gnupg2 python3-requests
 ```
 
 ### Gentoo:
 
 ```
-net-misc/rsync app-crypt/gnupg dev-python/requests dev-python/python-gnupg
+net-misc/rsync app-crypt/gnupg dev-python/requests
 ```
 
 
diff --git a/doc/setup.md b/doc/setup.md
@@ -14,7 +14,7 @@ with the extra needed dependencies is using your package manager.
 You will need the following:
 
 ```
-python3, python-gnupg, python-requests, gnupg2, rsync
+python3, python-requests, gnupg2, rsync
 ```
 
 After installing the required dependencies, clone the amprolla git repo
diff --git a/lib/release.py b/lib/release.py
@@ -7,11 +7,12 @@ Release file functions and helpers
 from datetime import datetime, timedelta
 from gzip import decompress as gzip_decomp
 from lzma import compress as lzma_comp
-from os.path import basename, getsize, isfile
-import gnupg
+from os.path import getsize, isfile
+from subprocess import Popen
 
 from lib.config import (checksums, distrolabel, gpgdir, release_aliases,
                         release_keys, signingkey)
+from lib.log import info
 from lib.parse import parse_release_head
 
 
@@ -85,19 +86,21 @@ def write_release(oldrel, newrel, filelist, r, sign=True, rewrite=True):
 
 def sign_release(infile):
     """
-    Signs both the clearsign and the detached signature of a Release file
+    Signs both the clearsign and the detached signature of a Release file.
+
+    Takes a valid path to a release file as an argument.
     """
-    gpg = gnupg.GPG(gnupghome=gpgdir)
+    args = ['gpg', '-q', '--default-key', signingkey, '--batch', '--yes',
+            '--homedir', gpgdir]
 
-    stream = open(infile, 'rb')
+    clearargs = args + ['--clearsign', '-a', '-o',
+                        infile.replace('Release', 'InRelease'), infile]
+    detachargs = args + ['-sb', '-o', infile+'.gpg', infile]
 
-    # Clearsign
-    signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=True,
-                                detach=False)
-    inrel = open(infile.replace('Release', 'InRelease'), 'wb')
-    inrel.write(signed_data.data)
-    inrel.close()
+    info('Signing Release (clearsign)')
+    cleargpg = Popen(clearargs)
+    cleargpg.wait(timeout=5)
 
-    # Detached signature (somewhat broken?)
-    # gpg.sign_file(stream, keyid=signingkey, clearsign=False, detach=True,
-    #              output=infile + '.gpg')
+    info('Signing Release (detached sign)')
+    detachgpg = Popen(detachargs)
+    detachgpg.wait(timeout=5)