4 files changed, 355 insertions, 258 deletions
diff --git a/release/sign-launcher.py b/release/sign-launcher.py
index ffe23cc5..86566122 100755
--- a/release/sign-launcher.py
+++ b/release/sign-launcher.py
@@ -28,43 +28,56 @@ import util
 def sign(opts):
-  """Sign the launcher!"""
+    """Sign the launcher!"""
-  output = ''
+    output = ""
-  for key in opts.keys:
+    for key in opts.keys:
-    # We use ! at the end of the key so that gpg uses this specific key.
+        # We use ! at the end of the key so that gpg uses this specific key.
-    # Otherwise it uses the key as a lookup into the overall key and uses the
+        # Otherwise it uses the key as a lookup into the overall key and uses
-    # default signing key.  i.e. It will see that KEYID_RSA is a subkey of
+        # the default signing key.  i.e. It will see that KEYID_RSA is a subkey
-    # another key, and use the primary key to sign instead of the subkey.
+        # of another key, and use the primary key to sign instead of the subkey.
-    cmd = ['gpg', '--homedir', opts.gpgdir, '-u', f'{key}!', '--batch', '--yes',
+        cmd = [
-           '--armor', '--detach-sign', '--output', '-', opts.launcher]
+            "gpg",
-    ret = util.run(opts, cmd, encoding='utf-8', stdout=subprocess.PIPE)
+            "--homedir",
-    output += ret.stdout
+            opts.gpgdir,
+            "-u",
-  # Save the combined signatures into one file.
+            f"{key}!",
-  with open(f'{opts.launcher}.asc', 'w', encoding='utf-8') as fp:
+            "--batch",
-    fp.write(output)
+            "--yes",
+            "--armor",
+            "--detach-sign",
+            "--output",
+            "-",
+            opts.launcher,
+        ]
+        ret = util.run(opts, cmd, encoding="utf-8", stdout=subprocess.PIPE)
+        output += ret.stdout
+    # Save the combined signatures into one file.
+    with open(f"{opts.launcher}.asc", "w", encoding="utf-8") as fp:
+        fp.write(output)
 def check(opts):
-  """Check the signature."""
+    """Check the signature."""
-  util.run(opts, ['gpg', '--verify', f'{opts.launcher}.asc'])
+    util.run(opts, ["gpg", "--verify", f"{opts.launcher}.asc"])
 def get_version(opts):
-  """Get the version from |launcher|."""
+    """Get the version from |launcher|."""
-  # Make sure we don't search $PATH when signing the "repo" file in the cwd.
+    # Make sure we don't search $PATH when signing the "repo" file in the cwd.
-  launcher = os.path.join('.', opts.launcher)
+    launcher = os.path.join(".", opts.launcher)
-  cmd = [launcher, '--version']
+    cmd = [launcher, "--version"]
-  ret = util.run(opts, cmd, encoding='utf-8', stdout=subprocess.PIPE)
+    ret = util.run(opts, cmd, encoding="utf-8", stdout=subprocess.PIPE)
-  m = re.search(r'repo launcher version ([0-9.]+)', ret.stdout)
+    m = re.search(r"repo launcher version ([0-9.]+)", ret.stdout)
-  if not m:
+    if not m:
-    sys.exit(f'{opts.launcher}: unable to detect repo version')
+        sys.exit(f"{opts.launcher}: unable to detect repo version")
-  return m.group(1)
+    return m.group(1)
 def postmsg(opts, version):
-  """Helpful info to show at the end for release manager."""
+    """Helpful info to show at the end for release manager."""
-  print(f"""
+    print(
+        f"""
 Repo launcher bucket:
  gs://git-repo-downloads/
@@ -81,55 +94,72 @@ NB: If a rollback is necessary, the GS bucket archives old versions, and may be
  gsutil ls -la gs://git-repo-downloads/repo gs://git-repo-downloads/repo.asc
  gsutil cp -a public-read gs://git-repo-downloads/repo#<unique id> gs://git-repo-downloads/repo
  gsutil cp -a public-read gs://git-repo-downloads/repo.asc#<unique id> gs://git-repo-downloads/repo.asc
-""")
+"""  # noqa: E501
+    )
 def get_parser():
-  """Get a CLI parser."""
+    """Get a CLI parser."""
-  parser = argparse.ArgumentParser(description=__doc__)
+    parser = argparse.ArgumentParser(description=__doc__)
-  parser.add_argument('-n', '--dry-run',
+    parser.add_argument(
-                      dest='dryrun', action='store_true',
+        "-n",
-                      help='show everything that would be done')
+        "--dry-run",
-  parser.add_argument('--gpgdir',
+        dest="dryrun",
-                      default=os.path.join(util.HOMEDIR, '.gnupg', 'repo'),
+        action="store_true",
-                      help='path to dedicated gpg dir with release keys '
+        help="show everything that would be done",
-                           '(default: ~/.gnupg/repo/)')
+    )
-  parser.add_argument('--keyid', dest='keys', default=[], action='append',
+    parser.add_argument(
-                      help='alternative signing keys to use')
+        "--gpgdir",
-  parser.add_argument('launcher',
+        default=os.path.join(util.HOMEDIR, ".gnupg", "repo"),
-                      default=os.path.join(util.TOPDIR, 'repo'), nargs='?',
+        help="path to dedicated gpg dir with release keys "
-                      help='the launcher script to sign')
+        "(default: ~/.gnupg/repo/)",
-  return parser
+    )
+    parser.add_argument(
+        "--keyid",
+        dest="keys",
+        default=[],
+        action="append",
+        help="alternative signing keys to use",
+    )
+    parser.add_argument(
+        "launcher",
+        default=os.path.join(util.TOPDIR, "repo"),
+        nargs="?",
+        help="the launcher script to sign",
+    )
+    return parser
 def main(argv):
-  """The main func!"""
+    """The main func!"""
-  parser = get_parser()
+    parser = get_parser()
-  opts = parser.parse_args(argv)
+    opts = parser.parse_args(argv)
-  if not os.path.exists(opts.gpgdir):
+    if not os.path.exists(opts.gpgdir):
-    parser.error(f'--gpgdir does not exist: {opts.gpgdir}')
+        parser.error(f"--gpgdir does not exist: {opts.gpgdir}")
-  if not os.path.exists(opts.launcher):
+    if not os.path.exists(opts.launcher):
-    parser.error(f'launcher does not exist: {opts.launcher}')
+        parser.error(f"launcher does not exist: {opts.launcher}")
-  opts.launcher = os.path.relpath(opts.launcher)
+    opts.launcher = os.path.relpath(opts.launcher)
-  print(f'Signing "{opts.launcher}" launcher script and saving to '
+    print(
-        f'"{opts.launcher}.asc"')
+        f'Signing "{opts.launcher}" launcher script and saving to '
+        f'"{opts.launcher}.asc"'
-  if opts.keys:
+    )
-    print(f'Using custom keys to sign: {" ".join(opts.keys)}')
-  else:
+    if opts.keys:
-    print('Using official Repo release keys to sign')
+        print(f'Using custom keys to sign: {" ".join(opts.keys)}')
-    opts.keys = [util.KEYID_DSA, util.KEYID_RSA, util.KEYID_ECC]
+    else:
-    util.import_release_key(opts)
+        print("Using official Repo release keys to sign")
+        opts.keys = [util.KEYID_DSA, util.KEYID_RSA, util.KEYID_ECC]
-  version = get_version(opts)
+        util.import_release_key(opts)
-  sign(opts)
-  check(opts)
+    version = get_version(opts)
-  postmsg(opts, version)
+    sign(opts)
+    check(opts)
-  return 0
+    postmsg(opts, version)
+    return 0
-if __name__ == '__main__':
-  sys.exit(main(sys.argv[1:]))
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
diff --git a/release/sign-tag.py b/release/sign-tag.py
index 605437c9..fbfe7b26 100755
--- a/release/sign-tag.py
+++ b/release/sign-tag.py
@@ -35,46 +35,61 @@ import util
 KEYID = util.KEYID_DSA
 # Regular expression to validate tag names.
-RE_VALID_TAG = r'^v([0-9]+[.])+[0-9]+$'
+RE_VALID_TAG = r"^v([0-9]+[.])+[0-9]+$"
 def sign(opts):
-  """Tag the commit & sign it!"""
+    """Tag the commit & sign it!"""
-  # We use ! at the end of the key so that gpg uses this specific key.
+    # We use ! at the end of the key so that gpg uses this specific key.
-  # Otherwise it uses the key as a lookup into the overall key and uses the
+    # Otherwise it uses the key as a lookup into the overall key and uses the
-  # default signing key.  i.e. It will see that KEYID_RSA is a subkey of
+    # default signing key.  i.e. It will see that KEYID_RSA is a subkey of
-  # another key, and use the primary key to sign instead of the subkey.
+    # another key, and use the primary key to sign instead of the subkey.
-  cmd = ['git', 'tag', '-s', opts.tag, '-u', f'{opts.key}!',
+    cmd = [
-         '-m', f'repo {opts.tag}', opts.commit]
+        "git",
+        "tag",
-  key = 'GNUPGHOME'
+        "-s",
-  print('+', f'export {key}="{opts.gpgdir}"')
+        opts.tag,
-  oldvalue = os.getenv(key)
+        "-u",
-  os.putenv(key, opts.gpgdir)
+        f"{opts.key}!",
-  util.run(opts, cmd)
+        "-m",
-  if oldvalue is None:
+        f"repo {opts.tag}",
-    os.unsetenv(key)
+        opts.commit,
-  else:
+    ]
-    os.putenv(key, oldvalue)
+    key = "GNUPGHOME"
+    print("+", f'export {key}="{opts.gpgdir}"')
+    oldvalue = os.getenv(key)
+    os.putenv(key, opts.gpgdir)
+    util.run(opts, cmd)
+    if oldvalue is None:
+        os.unsetenv(key)
+    else:
+        os.putenv(key, oldvalue)
 def check(opts):
-  """Check the signature."""
+    """Check the signature."""
-  util.run(opts, ['git', 'tag', '--verify', opts.tag])
+    util.run(opts, ["git", "tag", "--verify", opts.tag])
 def postmsg(opts):
-  """Helpful info to show at the end for release manager."""
+    """Helpful info to show at the end for release manager."""
-  cmd = ['git', 'rev-parse', 'remotes/origin/stable']
+    cmd = ["git", "rev-parse", "remotes/origin/stable"]
-  ret = util.run(opts, cmd, encoding='utf-8', stdout=subprocess.PIPE)
+    ret = util.run(opts, cmd, encoding="utf-8", stdout=subprocess.PIPE)
-  current_release = ret.stdout.strip()
+    current_release = ret.stdout.strip()
-  cmd = ['git', 'log', '--format=%h (%aN) %s', '--no-merges',
+    cmd = [
-         f'remotes/origin/stable..{opts.tag}']
+        "git",
-  ret = util.run(opts, cmd, encoding='utf-8', stdout=subprocess.PIPE)
+        "log",
-  shortlog = ret.stdout.strip()
+        "--format=%h (%aN) %s",
+        "--no-merges",
-  print(f"""
+        f"remotes/origin/stable..{opts.tag}",
+    ]
+    ret = util.run(opts, cmd, encoding="utf-8", stdout=subprocess.PIPE)
+    shortlog = ret.stdout.strip()
+    print(
+        f"""
 Here's the short log since the last release.
 {shortlog}
@@ -84,57 +99,69 @@ NB: People will start upgrading to this version immediately.
 To roll back a release:
  git push origin --force {current_release}:stable -n
-""")
+"""
+    )
 def get_parser():
-  """Get a CLI parser."""
+    """Get a CLI parser."""
-  parser = argparse.ArgumentParser(
+    parser = argparse.ArgumentParser(
-      description=__doc__,
+        description=__doc__,
-      formatter_class=argparse.RawDescriptionHelpFormatter)
+        formatter_class=argparse.RawDescriptionHelpFormatter,
-  parser.add_argument('-n', '--dry-run',
+    )
-                      dest='dryrun', action='store_true',
+    parser.add_argument(
-                      help='show everything that would be done')
+        "-n",
-  parser.add_argument('--gpgdir',
+        "--dry-run",
-                      default=os.path.join(util.HOMEDIR, '.gnupg', 'repo'),
+        dest="dryrun",
-                      help='path to dedicated gpg dir with release keys '
+        action="store_true",
-                           '(default: ~/.gnupg/repo/)')
+        help="show everything that would be done",
-  parser.add_argument('-f', '--force', action='store_true',
+    )
-                      help='force signing of any tag')
+    parser.add_argument(
-  parser.add_argument('--keyid', dest='key',
+        "--gpgdir",
-                      help='alternative signing key to use')
+        default=os.path.join(util.HOMEDIR, ".gnupg", "repo"),
-  parser.add_argument('tag',
+        help="path to dedicated gpg dir with release keys "
-                      help='the tag to create (e.g. "v2.0")')
+        "(default: ~/.gnupg/repo/)",
-  parser.add_argument('commit', default='HEAD', nargs='?',
+    )
-                      help='the commit to tag')
+    parser.add_argument(
-  return parser
+        "-f", "--force", action="store_true", help="force signing of any tag"
+    )
+    parser.add_argument(
+        "--keyid", dest="key", help="alternative signing key to use"
+    )
+    parser.add_argument("tag", help='the tag to create (e.g. "v2.0")')
+    parser.add_argument(
+        "commit", default="HEAD", nargs="?", help="the commit to tag"
+    )
+    return parser
 def main(argv):
-  """The main func!"""
+    """The main func!"""
-  parser = get_parser()
+    parser = get_parser()
-  opts = parser.parse_args(argv)
+    opts = parser.parse_args(argv)
-  if not os.path.exists(opts.gpgdir):
+    if not os.path.exists(opts.gpgdir):
-    parser.error(f'--gpgdir does not exist: {opts.gpgdir}')
+        parser.error(f"--gpgdir does not exist: {opts.gpgdir}")
-  if not opts.force and not re.match(RE_VALID_TAG, opts.tag):
+    if not opts.force and not re.match(RE_VALID_TAG, opts.tag):
-    parser.error(f'tag "{opts.tag}" does not match regex "{RE_VALID_TAG}"; '
+        parser.error(
-                 'use --force to sign anyways')
+            f'tag "{opts.tag}" does not match regex "{RE_VALID_TAG}"; '
+            "use --force to sign anyways"
+        )
-  if opts.key:
+    if opts.key:
-    print(f'Using custom key to sign: {opts.key}')
+        print(f"Using custom key to sign: {opts.key}")
-  else:
+    else:
-    print('Using official Repo release key to sign')
+        print("Using official Repo release key to sign")
-    opts.key = KEYID
+        opts.key = KEYID
-    util.import_release_key(opts)
+        util.import_release_key(opts)
-  sign(opts)
+    sign(opts)
-  check(opts)
+    check(opts)
-  postmsg(opts)
+    postmsg(opts)
-  return 0
+    return 0
-if __name__ == '__main__':
+if __name__ == "__main__":
-  sys.exit(main(sys.argv[1:]))
+    sys.exit(main(sys.argv[1:]))
diff --git a/release/update_manpages.py b/release/update_manpages.py
index d1bf8928..cd2acc01 100644
--- a/release/update_manpages.py
+++ b/release/update_manpages.py
@@ -29,91 +29,125 @@ import sys
 import tempfile
 TOPDIR = Path(__file__).resolve().parent.parent
-MANDIR = TOPDIR.joinpath('man')
+MANDIR = TOPDIR.joinpath("man")
 # Load repo local modules.
 sys.path.insert(0, str(TOPDIR))
 from git_command import RepoSourceVersion
 import subcmds
 def worker(cmd, **kwargs):
-  subprocess.run(cmd, **kwargs)
+    subprocess.run(cmd, **kwargs)
 def main(argv):
-  parser = argparse.ArgumentParser(description=__doc__)
+    parser = argparse.ArgumentParser(description=__doc__)
-  opts = parser.parse_args(argv)
+    parser.parse_args(argv)
-  if not shutil.which('help2man'):
+    if not shutil.which("help2man"):
-    sys.exit('Please install help2man to continue.')
+        sys.exit("Please install help2man to continue.")
-  # Let repo know we're generating man pages so it can avoid some dynamic
+    # Let repo know we're generating man pages so it can avoid some dynamic
-  # behavior (like probing active number of CPUs).  We use a weird name &
+    # behavior (like probing active number of CPUs).  We use a weird name &
-  # value to make it less likely for users to set this var themselves.
+    # value to make it less likely for users to set this var themselves.
-  os.environ['_REPO_GENERATE_MANPAGES_'] = ' indeed! '
+    os.environ["_REPO_GENERATE_MANPAGES_"] = " indeed! "
-  # "repo branch" is an alias for "repo branches".
+    # "repo branch" is an alias for "repo branches".
-  del subcmds.all_commands['branch']
+    del subcmds.all_commands["branch"]
-  (MANDIR / 'repo-branch.1').write_text('.so man1/repo-branches.1')
+    (MANDIR / "repo-branch.1").write_text(".so man1/repo-branches.1")
-  version = RepoSourceVersion()
+    version = RepoSourceVersion()
-  cmdlist = [['help2man', '-N', '-n', f'repo {cmd} - manual page for repo {cmd}',
+    cmdlist = [
-    '-S', f'repo {cmd}', '-m', 'Repo Manual', f'--version-string={version}',
+        [
-    '-o', MANDIR.joinpath(f'repo-{cmd}.1.tmp'), './repo',
+            "help2man",
-    '-h', f'help {cmd}'] for cmd in subcmds.all_commands]
+            "-N",
-  cmdlist.append(['help2man', '-N', '-n', 'repository management tool built on top of git',
+            "-n",
-    '-S', 'repo', '-m', 'Repo Manual', f'--version-string={version}',
+            f"repo {cmd} - manual page for repo {cmd}",
-    '-o', MANDIR.joinpath('repo.1.tmp'), './repo',
+            "-S",
-    '-h', '--help-all'])
+            f"repo {cmd}",
+            "-m",
-  with tempfile.TemporaryDirectory() as tempdir:
+            "Repo Manual",
-    tempdir = Path(tempdir)
+            f"--version-string={version}",
-    repo_dir = tempdir / '.repo'
+            "-o",
-    repo_dir.mkdir()
+            MANDIR.joinpath(f"repo-{cmd}.1.tmp"),
-    (repo_dir / 'repo').symlink_to(TOPDIR)
+            "./repo",
+            "-h",
-    # Create a repo wrapper using the active Python executable.  We can't pass
+            f"help {cmd}",
-    # this directly to help2man as it's too simple, so insert it via shebang.
+        ]
-    data = (TOPDIR / 'repo').read_text(encoding='utf-8')
+        for cmd in subcmds.all_commands
-    tempbin = tempdir / 'repo'
+    ]
-    tempbin.write_text(f'#!{sys.executable}\n' + data, encoding='utf-8')
+    cmdlist.append(
-    tempbin.chmod(0o755)
+        [
+            "help2man",
-    # Run all cmd in parallel, and wait for them to finish.
+            "-N",
-    with multiprocessing.Pool() as pool:
+            "-n",
-      pool.map(partial(worker, cwd=tempdir, check=True), cmdlist)
+            "repository management tool built on top of git",
+            "-S",
-  for tmp_path in MANDIR.glob('*.1.tmp'):
+            "repo",
-    path = tmp_path.parent / tmp_path.stem
+            "-m",
-    old_data = path.read_text() if path.exists() else ''
+            "Repo Manual",
+            f"--version-string={version}",
-    data = tmp_path.read_text()
+            "-o",
-    tmp_path.unlink()
+            MANDIR.joinpath("repo.1.tmp"),
+            "./repo",
-    data = replace_regex(data)
+            "-h",
+            "--help-all",
-    # If the only thing that changed was the date, don't refresh.  This avoids
+        ]
-    # a lot of noise when only one file actually updates.
+    )
-    old_data = re.sub(r'^(\.TH REPO "1" ")([^"]+)', r'\1', old_data, flags=re.M)
-    new_data = re.sub(r'^(\.TH REPO "1" ")([^"]+)', r'\1', data, flags=re.M)
+    with tempfile.TemporaryDirectory() as tempdir:
-    if old_data != new_data:
+        tempdir = Path(tempdir)
-      path.write_text(data)
+        repo_dir = tempdir / ".repo"
+        repo_dir.mkdir()
+        (repo_dir / "repo").symlink_to(TOPDIR)
+        # Create a repo wrapper using the active Python executable.  We can't
+        # pass this directly to help2man as it's too simple, so insert it via
+        # shebang.
+        data = (TOPDIR / "repo").read_text(encoding="utf-8")
+        tempbin = tempdir / "repo"
+        tempbin.write_text(f"#!{sys.executable}\n" + data, encoding="utf-8")
+        tempbin.chmod(0o755)
+        # Run all cmd in parallel, and wait for them to finish.
+        with multiprocessing.Pool() as pool:
+            pool.map(partial(worker, cwd=tempdir, check=True), cmdlist)
+    for tmp_path in MANDIR.glob("*.1.tmp"):
+        path = tmp_path.parent / tmp_path.stem
+        old_data = path.read_text() if path.exists() else ""
+        data = tmp_path.read_text()
+        tmp_path.unlink()
+        data = replace_regex(data)
+        # If the only thing that changed was the date, don't refresh.  This
+        # avoids a lot of noise when only one file actually updates.
+        old_data = re.sub(
+            r'^(\.TH REPO "1" ")([^"]+)', r"\1", old_data, flags=re.M
+        )
+        new_data = re.sub(r'^(\.TH REPO "1" ")([^"]+)', r"\1", data, flags=re.M)
+        if old_data != new_data:
+            path.write_text(data)
 def replace_regex(data):
-  """Replace semantically null regexes in the data.
+    """Replace semantically null regexes in the data.
-  Args:
+    Args:
-    data: manpage text.
+        data: manpage text.
-  Returns:
+    Returns:
-    Updated manpage text.
+        Updated manpage text.
-  """
+    """
-  regex = (
+    regex = (
-      (r'(It was generated by help2man) [0-9.]+', r'\g<1>.'),
+        (r"(It was generated by help2man) [0-9.]+", r"\g<1>."),
-      (r'^\033\[[0-9;]*m([^\033]*)\033\[m', r'\g<1>'),
+        (r"^\033\[[0-9;]*m([^\033]*)\033\[m", r"\g<1>"),
-      (r'^\.IP\n(.*:)\n', r'.SS \g<1>\n'),
+        (r"^\.IP\n(.*:)\n", r".SS \g<1>\n"),
-      (r'^\.PP\nDescription', r'.SH DETAILS'),
+        (r"^\.PP\nDescription", r".SH DETAILS"),
-  )
+    )
-  for pattern, replacement in regex:
+    for pattern, replacement in regex:
-    data = re.sub(pattern, replacement, data, flags=re.M)
+        data = re.sub(pattern, replacement, data, flags=re.M)
-  return data
+    return data
diff --git a/release/util.py b/release/util.py
index 9d0eb1dc..df7a5638 100644
--- a/release/util.py
+++ b/release/util.py
@@ -20,54 +20,60 @@ import subprocess
 import sys
-assert sys.version_info >= (3, 6), 'This module requires Python 3.6+'
+assert sys.version_info >= (3, 6), "This module requires Python 3.6+"
 TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-HOMEDIR = os.path.expanduser('~')
+HOMEDIR = os.path.expanduser("~")
 # These are the release keys we sign with.
-KEYID_DSA = '8BB9AD793E8E6153AF0F9A4416530D5E920F5C65'
+KEYID_DSA = "8BB9AD793E8E6153AF0F9A4416530D5E920F5C65"
-KEYID_RSA = 'A34A13BE8E76BFF46A0C022DA2E75A824AAB9624'
+KEYID_RSA = "A34A13BE8E76BFF46A0C022DA2E75A824AAB9624"
-KEYID_ECC = 'E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39'
+KEYID_ECC = "E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39"
 def cmdstr(cmd):
-  """Get a nicely quoted shell command."""
+    """Get a nicely quoted shell command."""
-  ret = []
+    ret = []
-  for arg in cmd:
+    for arg in cmd:
-    if not re.match(r'^[a-zA-Z0-9/_.=-]+$', arg):
+        if not re.match(r"^[a-zA-Z0-9/_.=-]+$", arg):
-      arg = f'"{arg}"'
+            arg = f'"{arg}"'
-    ret.append(arg)
+        ret.append(arg)
-  return ' '.join(ret)
+    return " ".join(ret)
 def run(opts, cmd, check=True, **kwargs):
-  """Helper around subprocess.run to include logging."""
+    """Helper around subprocess.run to include logging."""
-  print('+', cmdstr(cmd))
+    print("+", cmdstr(cmd))
-  if opts.dryrun:
+    if opts.dryrun:
-    cmd = ['true', '--'] + cmd
+        cmd = ["true", "--"] + cmd
-  try:
+    try:
-    return subprocess.run(cmd, check=check, **kwargs)
+        return subprocess.run(cmd, check=check, **kwargs)
-  except subprocess.CalledProcessError as e:
+    except subprocess.CalledProcessError as e:
-    print(f'aborting: {e}', file=sys.stderr)
+        print(f"aborting: {e}", file=sys.stderr)
-    sys.exit(1)
+        sys.exit(1)
 def import_release_key(opts):
-  """Import the public key of the official release repo signing key."""
+    """Import the public key of the official release repo signing key."""
-  # Extract the key from our repo launcher.
+    # Extract the key from our repo launcher.
-  launcher = getattr(opts, 'launcher', os.path.join(TOPDIR, 'repo'))
+    launcher = getattr(opts, "launcher", os.path.join(TOPDIR, "repo"))
-  print(f'Importing keys from "{launcher}" launcher script')
+    print(f'Importing keys from "{launcher}" launcher script')
-  with open(launcher, encoding='utf-8') as fp:
+    with open(launcher, encoding="utf-8") as fp:
-    data = fp.read()
+        data = fp.read()
-  keys = re.findall(
+    keys = re.findall(
-      r'\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*'
+        r"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*"
-      r'\n-----END PGP PUBLIC KEY BLOCK-----\n', data, flags=re.M)
+        r"\n-----END PGP PUBLIC KEY BLOCK-----\n",
-  run(opts, ['gpg', '--import'], input='\n'.join(keys).encode('utf-8'))
+        data,
+        flags=re.M,
-  print('Marking keys as fully trusted')
+    )
-  run(opts, ['gpg', '--import-ownertrust'],
+    run(opts, ["gpg", "--import"], input="\n".join(keys).encode("utf-8"))
-      input=f'{KEYID_DSA}:6:\n'.encode('utf-8'))
+    print("Marking keys as fully trusted")
+    run(
+        opts,
+        ["gpg", "--import-ownertrust"],
+        input=f"{KEYID_DSA}:6:\n".encode("utf-8"),
+    )