From 8c268c0e7bd18d1e2f4f526cd406c569312a5f23 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Thu, 20 Feb 2020 15:13:51 -0500 Subject: release: import some helper scripts for managing official releases Change-Id: I9abebfef5ad19f6a637bc3b12effea9dd6d0269d Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/256234 Tested-by: Mike Frysinger Reviewed-by: David Pursehouse --- release/util.py | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 release/util.py (limited to 'release/util.py') diff --git a/release/util.py b/release/util.py new file mode 100644 index 00000000..9d0eb1dc --- /dev/null +++ b/release/util.py @@ -0,0 +1,73 @@ +# Copyright (C) 2020 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Random utility code for release tools.""" + +import os +import re +import subprocess +import sys + + +assert sys.version_info >= (3, 6), 'This module requires Python 3.6+' + + +TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +HOMEDIR = os.path.expanduser('~') + + +# These are the release keys we sign with. +KEYID_DSA = '8BB9AD793E8E6153AF0F9A4416530D5E920F5C65' +KEYID_RSA = 'A34A13BE8E76BFF46A0C022DA2E75A824AAB9624' +KEYID_ECC = 'E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39' + + +def cmdstr(cmd): + """Get a nicely quoted shell command.""" + ret = [] + for arg in cmd: + if not re.match(r'^[a-zA-Z0-9/_.=-]+$', arg): + arg = f'"{arg}"' + ret.append(arg) + return ' '.join(ret) + + +def run(opts, cmd, check=True, **kwargs): + """Helper around subprocess.run to include logging.""" + print('+', cmdstr(cmd)) + if opts.dryrun: + cmd = ['true', '--'] + cmd + try: + return subprocess.run(cmd, check=check, **kwargs) + except subprocess.CalledProcessError as e: + print(f'aborting: {e}', file=sys.stderr) + sys.exit(1) + + +def import_release_key(opts): + """Import the public key of the official release repo signing key.""" + # Extract the key from our repo launcher. + launcher = getattr(opts, 'launcher', os.path.join(TOPDIR, 'repo')) + print(f'Importing keys from "{launcher}" launcher script') + with open(launcher, encoding='utf-8') as fp: + data = fp.read() + + keys = re.findall( + r'\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*' + r'\n-----END PGP PUBLIC KEY BLOCK-----\n', data, flags=re.M) + run(opts, ['gpg', '--import'], input='\n'.join(keys).encode('utf-8')) + + print('Marking keys as fully trusted') + run(opts, ['gpg', '--import-ownertrust'], + input=f'{KEYID_DSA}:6:\n'.encode('utf-8')) -- cgit v1.2.3-54-g00ecf