jenkins-utils/sign-pkg.py
2023-12-14 06:37:07 +00:00

64 lines
1.8 KiB
Python

#!/usr/bin/python3
# -*- coding=utf-8
from os import listdir, path
from sys import argv, exit, stdout
from pgpy import PGPKey
from logging import info, basicConfig, INFO
from argparse import ArgumentParser
def LoadKey(key: str) -> PGPKey:
signer = PGPKey.from_file(key)[0]
if signer.is_public:
raise Exception("signer not a private key")
if not signer.is_protected:
raise Exception("private key unprotected")
info("loaded key %s" % key)
return signer
def SignPackage(signer: PGPKey, pwd: str, file: str, sign: str = None):
if sign is None:
sign = file + ".sig"
info("signing %s" % file)
with signer.unlock(pwd):
with open(file, "rb") as r:
msg = signer.sign(r.read())
with open(sign, "wb") as w:
w.write(bytes(msg))
info("wrote signature %s" % sign)
def SignOnePackage(key: str, pwd: str, file: str, sign: str = None):
SignPackage(LoadKey(key), pwd, file, sign)
def main(args: list) -> int:
prs = ArgumentParser("Renegade Project Arch Linux Repo Uploader")
prs.add_argument("-d", "--dir", help="Package folder", required=False)
prs.add_argument("-f", "--file", help="Package file", required=False)
prs.add_argument("-s", "--sign", help="Signature file", required=False)
prs.add_argument("-k", "--key", help="Private key", required=True)
prs.add_argument("-p", "--pwd", help="Key passphrase", required=True)
ps = prs.parse_args(args[1:])
basicConfig(level=INFO, stream=stdout)
key = LoadKey(ps.key)
cnt = 0
if ps.file:
SignPackage(key, ps.pwd, ps.file, ps.sign)
cnt += 1
elif ps.dir:
exts = [".pkg.tar.gz", ".pkg.tar.xz", ".pkg.tar.zst"]
for f in listdir(ps.dir):
full = path.join(ps.dir, f)
if any(f.endswith(ext) for ext in exts):
SignPackage(key, ps.pwd, full)
cnt += 1
if cnt <= 0:
raise Exception("no any package found")
return 0
if __name__ == '__main__':
exit(main(argv))