repo-updater/sign-pkg.py

#!/usr/bin/python3
# -*- coding=utf-8
from os import listdir, path
from sys import argv, exit, stdout
from pgpy import PGPKey
from logging import info, basicConfig, INFO
from argparse import ArgumentParser


def LoadKey(key: str) -> PGPKey:
	signer = PGPKey.from_file(key)[0]
	if signer.is_public:
		raise Exception("signer not a private key")
	if not signer.is_protected:
		raise Exception("private key unprotected")
	info("loaded key %s" % key)
	return signer


def SignPackage(signer: PGPKey, pwd: str, file: str, sign: str = None):
	if sign is None:
		sign = file + ".sig"
	info("signing %s" % file)
	with signer.unlock(pwd):
		with open(file, "rb") as r:
			msg = signer.sign(r.read())
			with open(sign, "wb") as w:
				w.write(bytes(msg))
	info("wrote signature %s" % sign)


def SignOnePackage(key: str, pwd: str, file: str, sign: str = None):
	SignPackage(LoadKey(key), pwd, file, sign)


def main(args: list) -> int:
	prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")
	prs.add_argument("-d", "--dir",  help="Package folder",   required=False)
	prs.add_argument("-f", "--file", help="Package file",     required=False)
	prs.add_argument("-s", "--sign", help="Signature file",   required=False)
	prs.add_argument("-k", "--key",  help="Private key",      required=True)
	prs.add_argument("-p", "--pwd",  help="Key passphrase",   required=True)
	ps = prs.parse_args(args[1:])
	basicConfig(level=INFO, stream=stdout)
	key = LoadKey(ps.key)
	cnt = 0
	if ps.file:
		SignPackage(key, ps.pwd, ps.file, ps.sign)
		cnt += 1
	elif ps.dir:
		exts = [".pkg.tar.gz", ".pkg.tar.xz", ".pkg.tar.zst"]
		for f in listdir(ps.dir):
			full = path.join(ps.dir, f)
			if any(f.endswith(ext) for ext in exts):
				SignPackage(key, ps.pwd, full)
				cnt += 1
	if cnt <= 0:
		raise Exception("no any package found")
	return 0


if __name__ == '__main__':
	exit(main(argv))
initial commit 2024-09-19 22:36:34 +08:00			`#!/usr/bin/python3`
			`# -*- coding=utf-8`
			`from os import listdir, path`
			`from sys import argv, exit, stdout`
			`from pgpy import PGPKey`
			`from logging import info, basicConfig, INFO`
			`from argparse import ArgumentParser`


			`def LoadKey(key: str) -> PGPKey:`
			`signer = PGPKey.from_file(key)[0]`
			`if signer.is_public:`
			`raise Exception("signer not a private key")`
			`if not signer.is_protected:`
			`raise Exception("private key unprotected")`
			`info("loaded key %s" % key)`
			`return signer`


			`def SignPackage(signer: PGPKey, pwd: str, file: str, sign: str = None):`
			`if sign is None:`
			`sign = file + ".sig"`
			`info("signing %s" % file)`
			`with signer.unlock(pwd):`
			`with open(file, "rb") as r:`
			`msg = signer.sign(r.read())`
			`with open(sign, "wb") as w:`
			`w.write(bytes(msg))`
			`info("wrote signature %s" % sign)`


			`def SignOnePackage(key: str, pwd: str, file: str, sign: str = None):`
			`SignPackage(LoadKey(key), pwd, file, sign)`


			`def main(args: list) -> int:`
			`prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")`
			`prs.add_argument("-d", "--dir", help="Package folder", required=False)`
			`prs.add_argument("-f", "--file", help="Package file", required=False)`
			`prs.add_argument("-s", "--sign", help="Signature file", required=False)`
			`prs.add_argument("-k", "--key", help="Private key", required=True)`
			`prs.add_argument("-p", "--pwd", help="Key passphrase", required=True)`
			`ps = prs.parse_args(args[1:])`
			`basicConfig(level=INFO, stream=stdout)`
			`key = LoadKey(ps.key)`
			`cnt = 0`
			`if ps.file:`
			`SignPackage(key, ps.pwd, ps.file, ps.sign)`
			`cnt += 1`
			`elif ps.dir:`
			`exts = [".pkg.tar.gz", ".pkg.tar.xz", ".pkg.tar.zst"]`
			`for f in listdir(ps.dir):`
			`full = path.join(ps.dir, f)`
			`if any(f.endswith(ext) for ext in exts):`
			`SignPackage(key, ps.pwd, full)`
			`cnt += 1`
			`if cnt <= 0:`
			`raise Exception("no any package found")`
			`return 0`


			`if __name__ == '__main__':`
			`exit(main(argv))`