extras-buildsys/utils/pushscript Push.py,1.58,1.59

Sat Mar 21 09:43:56 UTC 2009

Author: mschwendt

Update of /cvs/fedora/extras-buildsys/utils/pushscript
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10222

Modified Files:
	Push.py 
Log Message:
- add optional "rpmsigncmds" dictionary to config file, so one can
override the RPM sign commands for individual dists and e.g. use SHA-256
- enhance the sign-key checker to check all needed keys: it examines
the sign-commandline for GPG options -u or --local-user to find a
specified sign-key name automatically
- import rpmUtils.miscutils, rpmUtils.transaction here, too, for Python compatibility



Index: Push.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/utils/pushscript/Push.py,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59

--- Push.py	7 Nov 2008 15:25:10 -0000	1.58
+++ Push.py	21 Mar 2009 09:43:55 -0000	1.59
@@ -19,11 +19,11 @@
 import fcntl, fnmatch
 import os, sys
 import re
-import rpmUtils
 import shutil
 import string
 import tempfile
 import time
+import rpmUtils, rpmUtils.miscutils, rpmUtils.transaction
 
 import Utils, MultiLib, Comps, WhatsNew, BlackList
 import RepoBuild, RepoPrune, RepoView
@@ -60,7 +60,7 @@
     return hdr['excludearch']
 
 
-def sign_pkgs(filelist):
+def sign_pkgs(filelist,cmd=None):
     """gpg sign all the rpms"""
     numfiles = len(filelist)
     if numfiles < 1:
@@ -76,7 +76,9 @@
             filelist = []
     
         foo = string.join(files)
-        result = os.system('echo %s | xargs rpm --define "_gpg_name %s" --resign' % (foo, cfg.signkeyname))
+        if not cmd:
+            cmd = 'rpm --define "_gpg_name %s" --resign' % cfg.signkeyname
+        result = os.system( 'echo %s | xargs %s' % (foo,cmd) )
         if result != 0:
             return result
         numfiles = len(filelist)
@@ -274,7 +276,14 @@
         
         print "Signing Packages:"
         while (True):
-            rv = sign_pkgs( Utils.find_files(signtmpdir,'*.rpm') )
+            if hasattr(cfg,'rpmsigncmds'):
+                if dist in cfg.rpmsigncmds.keys():
+                    signcmd = cfg.rpmsigncmds[dist]
+                elif 'DEFAULT' in cfg.rpmsigncmds.keys():
+                    signcmd = cfg.rpmsigncmds['DEFAULT']
+            else:
+                signcmd = None  # use the old hardcoded default
+            rv = sign_pkgs( Utils.find_files(signtmpdir,'*.rpm'), cmd=signcmd )
             if not rv:
                 break
             while (True):
@@ -408,8 +417,6 @@
 
     os.umask(cfg.signersumask)
     Utils.signer_gid_check(cfg.signersgid)
-    if cfg.opts.signkeycheck:
-        Utils.sign_key_check(cfg.signkeyname)
 
     if '-c' in sys.argv[2:]:
         sys.argv.remove('-c')
@@ -436,6 +443,20 @@
     if not len(diststopush):
         usage()
 
+    if cfg.opts.signkeycheck:
+        # Check old single sign-key, if defined.
+        if hasattr(cfg,'signkeyname'):
+            Utils.sign_key_check(cfg.signkeyname)
+        # Check any sign-keys defined in new config dict.
+        if hasattr(cfg,'rpmsigncmds'):
+            for d in diststopush+['DEFAULT']:
+                if d in cfg.rpmsigncmds.keys():
+                    _cmdargs = cfg.rpmsigncmds[d].split()
+                    for i in range( len(_cmdargs) ):
+                        _arg = _cmdargs[i]
+                        if (_arg=='-u' or _arg=='--local-user') and ((i+1)<len(_cmdargs)):
+                            Utils.sign_key_check(_cmdargs[i+1])
+
     if not os.path.exists(cfg.rundir):
         os.makedirs(cfg.rundir)
     lockfile = os.path.join(cfg.rundir,'pushscript.lock')


