2020-02-20 20:13:51 +00:00
|
|
|
# Copyright (C) 2020 The Android Open Source Project
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
"""Random utility code for release tools."""
|
|
|
|
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
|
|
|
|
|
2023-03-11 06:46:20 +00:00
|
|
|
assert sys.version_info >= (3, 6), "This module requires Python 3.6+"
|
2020-02-20 20:13:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
2023-03-11 06:46:20 +00:00
|
|
|
HOMEDIR = os.path.expanduser("~")
|
2020-02-20 20:13:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
# These are the release keys we sign with.
|
2023-03-11 06:46:20 +00:00
|
|
|
KEYID_DSA = "8BB9AD793E8E6153AF0F9A4416530D5E920F5C65"
|
|
|
|
KEYID_RSA = "A34A13BE8E76BFF46A0C022DA2E75A824AAB9624"
|
|
|
|
KEYID_ECC = "E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39"
|
2020-02-20 20:13:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
def cmdstr(cmd):
|
2023-03-11 06:46:20 +00:00
|
|
|
"""Get a nicely quoted shell command."""
|
|
|
|
ret = []
|
|
|
|
for arg in cmd:
|
|
|
|
if not re.match(r"^[a-zA-Z0-9/_.=-]+$", arg):
|
|
|
|
arg = f'"{arg}"'
|
|
|
|
ret.append(arg)
|
|
|
|
return " ".join(ret)
|
2020-02-20 20:13:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
def run(opts, cmd, check=True, **kwargs):
|
2023-03-11 06:46:20 +00:00
|
|
|
"""Helper around subprocess.run to include logging."""
|
|
|
|
print("+", cmdstr(cmd))
|
|
|
|
if opts.dryrun:
|
|
|
|
cmd = ["true", "--"] + cmd
|
|
|
|
try:
|
|
|
|
return subprocess.run(cmd, check=check, **kwargs)
|
|
|
|
except subprocess.CalledProcessError as e:
|
|
|
|
print(f"aborting: {e}", file=sys.stderr)
|
|
|
|
sys.exit(1)
|
2020-02-20 20:13:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
def import_release_key(opts):
|
2023-03-11 06:46:20 +00:00
|
|
|
"""Import the public key of the official release repo signing key."""
|
|
|
|
# Extract the key from our repo launcher.
|
|
|
|
launcher = getattr(opts, "launcher", os.path.join(TOPDIR, "repo"))
|
|
|
|
print(f'Importing keys from "{launcher}" launcher script')
|
|
|
|
with open(launcher, encoding="utf-8") as fp:
|
|
|
|
data = fp.read()
|
|
|
|
|
|
|
|
keys = re.findall(
|
|
|
|
r"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*"
|
|
|
|
r"\n-----END PGP PUBLIC KEY BLOCK-----\n",
|
|
|
|
data,
|
|
|
|
flags=re.M,
|
|
|
|
)
|
|
|
|
run(opts, ["gpg", "--import"], input="\n".join(keys).encode("utf-8"))
|
|
|
|
|
|
|
|
print("Marking keys as fully trusted")
|
|
|
|
run(
|
|
|
|
opts,
|
|
|
|
["gpg", "--import-ownertrust"],
|
|
|
|
input=f"{KEYID_DSA}:6:\n".encode("utf-8"),
|
|
|
|
)
|