jenkins-utils/sign-pkg.py

64 lines
1.8 KiB
Python
Raw Permalink Normal View History

2023-12-14 14:20:44 +08:00
#!/usr/bin/python3
# -*- coding=utf-8
2023-12-14 14:37:07 +08:00
from os import listdir, path
from sys import argv, exit, stdout
2023-12-14 14:20:44 +08:00
from pgpy import PGPKey
2023-12-14 14:37:07 +08:00
from logging import info, basicConfig, INFO
2023-12-14 14:20:44 +08:00
from argparse import ArgumentParser
2023-12-14 14:37:07 +08:00
def LoadKey(key: str) -> PGPKey:
2023-12-14 14:20:44 +08:00
signer = PGPKey.from_file(key)[0]
if signer.is_public:
raise Exception("signer not a private key")
if not signer.is_protected:
raise Exception("private key unprotected")
2023-12-14 14:37:07 +08:00
info("loaded key %s" % key)
return signer
def SignPackage(signer: PGPKey, pwd: str, file: str, sign: str = None):
if sign is None:
sign = file + ".sig"
info("signing %s" % file)
2023-12-14 14:20:44 +08:00
with signer.unlock(pwd):
with open(file, "rb") as r:
msg = signer.sign(r.read())
with open(sign, "wb") as w:
w.write(bytes(msg))
2023-12-14 14:37:07 +08:00
info("wrote signature %s" % sign)
def SignOnePackage(key: str, pwd: str, file: str, sign: str = None):
SignPackage(LoadKey(key), pwd, file, sign)
2023-12-14 14:20:44 +08:00
def main(args: list) -> int:
prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")
2023-12-14 14:37:07 +08:00
prs.add_argument("-d", "--dir", help="Package folder", required=False)
prs.add_argument("-f", "--file", help="Package file", required=False)
2023-12-14 14:20:44 +08:00
prs.add_argument("-s", "--sign", help="Signature file", required=False)
prs.add_argument("-k", "--key", help="Private key", required=True)
prs.add_argument("-p", "--pwd", help="Key passphrase", required=True)
ps = prs.parse_args(args[1:])
2023-12-14 14:37:07 +08:00
basicConfig(level=INFO, stream=stdout)
key = LoadKey(ps.key)
cnt = 0
if ps.file:
SignPackage(key, ps.pwd, ps.file, ps.sign)
cnt += 1
elif ps.dir:
exts = [".pkg.tar.gz", ".pkg.tar.xz", ".pkg.tar.zst"]
for f in listdir(ps.dir):
full = path.join(ps.dir, f)
if any(f.endswith(ext) for ext in exts):
SignPackage(key, ps.pwd, full)
cnt += 1
if cnt <= 0:
raise Exception("no any package found")
2023-12-14 14:20:44 +08:00
return 0
if __name__ == '__main__':
exit(main(argv))