| Mike Frysinger | 8c268c0 | 2020-02-20 15:13:51 -0500 | [diff] [blame] | 1 | # Copyright (C) 2020 The Android Open Source Project |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | """Random utility code for release tools.""" |
| 16 | |
| 17 | import os |
| 18 | import re |
| 19 | import subprocess |
| 20 | import sys |
| 21 | |
| 22 | |
| 23 | assert sys.version_info >= (3, 6), 'This module requires Python 3.6+' |
| 24 | |
| 25 | |
| 26 | TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) |
| 27 | HOMEDIR = os.path.expanduser('~') |
| 28 | |
| 29 | |
| 30 | # These are the release keys we sign with. |
| 31 | KEYID_DSA = '8BB9AD793E8E6153AF0F9A4416530D5E920F5C65' |
| 32 | KEYID_RSA = 'A34A13BE8E76BFF46A0C022DA2E75A824AAB9624' |
| 33 | KEYID_ECC = 'E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39' |
| 34 | |
| 35 | |
| 36 | def cmdstr(cmd): |
| 37 | """Get a nicely quoted shell command.""" |
| 38 | ret = [] |
| 39 | for arg in cmd: |
| 40 | if not re.match(r'^[a-zA-Z0-9/_.=-]+$', arg): |
| 41 | arg = f'"{arg}"' |
| 42 | ret.append(arg) |
| 43 | return ' '.join(ret) |
| 44 | |
| 45 | |
| 46 | def run(opts, cmd, check=True, **kwargs): |
| 47 | """Helper around subprocess.run to include logging.""" |
| 48 | print('+', cmdstr(cmd)) |
| 49 | if opts.dryrun: |
| 50 | cmd = ['true', '--'] + cmd |
| 51 | try: |
| 52 | return subprocess.run(cmd, check=check, **kwargs) |
| 53 | except subprocess.CalledProcessError as e: |
| 54 | print(f'aborting: {e}', file=sys.stderr) |
| 55 | sys.exit(1) |
| 56 | |
| 57 | |
| 58 | def import_release_key(opts): |
| 59 | """Import the public key of the official release repo signing key.""" |
| 60 | # Extract the key from our repo launcher. |
| 61 | launcher = getattr(opts, 'launcher', os.path.join(TOPDIR, 'repo')) |
| 62 | print(f'Importing keys from "{launcher}" launcher script') |
| 63 | with open(launcher, encoding='utf-8') as fp: |
| 64 | data = fp.read() |
| 65 | |
| 66 | keys = re.findall( |
| 67 | r'\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*' |
| 68 | r'\n-----END PGP PUBLIC KEY BLOCK-----\n', data, flags=re.M) |
| 69 | run(opts, ['gpg', '--import'], input='\n'.join(keys).encode('utf-8')) |
| 70 | |
| 71 | print('Marking keys as fully trusted') |
| 72 | run(opts, ['gpg', '--import-ownertrust'], |
| 73 | input=f'{KEYID_DSA}:6:\n'.encode('utf-8')) |