Update sign-pkg.py
This commit is contained in:
parent
110e50bc37
commit
15db34e1dc
40
sign-pkg.py
40
sign-pkg.py
@ -1,33 +1,61 @@
|
|||||||
#!/usr/bin/python3
|
#!/usr/bin/python3
|
||||||
# -*- coding=utf-8
|
# -*- coding=utf-8
|
||||||
from sys import argv, exit
|
from os import listdir, path
|
||||||
|
from sys import argv, exit, stdout
|
||||||
from pgpy import PGPKey
|
from pgpy import PGPKey
|
||||||
|
from logging import info, basicConfig, INFO
|
||||||
from argparse import ArgumentParser
|
from argparse import ArgumentParser
|
||||||
|
|
||||||
|
|
||||||
def SignPackage(key: str, pwd: str, file: str, sign: str = None):
|
def LoadKey(key: str) -> PGPKey:
|
||||||
if sign is None:
|
|
||||||
sign = file + ".sig"
|
|
||||||
signer = PGPKey.from_file(key)[0]
|
signer = PGPKey.from_file(key)[0]
|
||||||
if signer.is_public:
|
if signer.is_public:
|
||||||
raise Exception("signer not a private key")
|
raise Exception("signer not a private key")
|
||||||
if not signer.is_protected:
|
if not signer.is_protected:
|
||||||
raise Exception("private key unprotected")
|
raise Exception("private key unprotected")
|
||||||
|
info("loaded key %s" % key)
|
||||||
|
return signer
|
||||||
|
|
||||||
|
|
||||||
|
def SignPackage(signer: PGPKey, pwd: str, file: str, sign: str = None):
|
||||||
|
if sign is None:
|
||||||
|
sign = file + ".sig"
|
||||||
|
info("signing %s" % file)
|
||||||
with signer.unlock(pwd):
|
with signer.unlock(pwd):
|
||||||
with open(file, "rb") as r:
|
with open(file, "rb") as r:
|
||||||
msg = signer.sign(r.read())
|
msg = signer.sign(r.read())
|
||||||
with open(sign, "wb") as w:
|
with open(sign, "wb") as w:
|
||||||
w.write(bytes(msg))
|
w.write(bytes(msg))
|
||||||
|
info("wrote signature %s" % sign)
|
||||||
|
|
||||||
|
|
||||||
|
def SignOnePackage(key: str, pwd: str, file: str, sign: str = None):
|
||||||
|
SignPackage(LoadKey(key), pwd, file, sign)
|
||||||
|
|
||||||
|
|
||||||
def main(args: list) -> int:
|
def main(args: list) -> int:
|
||||||
prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")
|
prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")
|
||||||
prs.add_argument("-f", "--file", help="Package file", required=True)
|
prs.add_argument("-d", "--dir", help="Package folder", required=False)
|
||||||
|
prs.add_argument("-f", "--file", help="Package file", required=False)
|
||||||
prs.add_argument("-s", "--sign", help="Signature file", required=False)
|
prs.add_argument("-s", "--sign", help="Signature file", required=False)
|
||||||
prs.add_argument("-k", "--key", help="Private key", required=True)
|
prs.add_argument("-k", "--key", help="Private key", required=True)
|
||||||
prs.add_argument("-p", "--pwd", help="Key passphrase", required=True)
|
prs.add_argument("-p", "--pwd", help="Key passphrase", required=True)
|
||||||
ps = prs.parse_args(args[1:])
|
ps = prs.parse_args(args[1:])
|
||||||
SignPackage(ps.key, ps.pwd, ps.file, ps.sign)
|
basicConfig(level=INFO, stream=stdout)
|
||||||
|
key = LoadKey(ps.key)
|
||||||
|
cnt = 0
|
||||||
|
if ps.file:
|
||||||
|
SignPackage(key, ps.pwd, ps.file, ps.sign)
|
||||||
|
cnt += 1
|
||||||
|
elif ps.dir:
|
||||||
|
exts = [".pkg.tar.gz", ".pkg.tar.xz", ".pkg.tar.zst"]
|
||||||
|
for f in listdir(ps.dir):
|
||||||
|
full = path.join(ps.dir, f)
|
||||||
|
if any(f.endswith(ext) for ext in exts):
|
||||||
|
SignPackage(key, ps.pwd, full)
|
||||||
|
cnt += 1
|
||||||
|
if cnt <= 0:
|
||||||
|
raise Exception("no any package found")
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user