# Copyright (C) 2020 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Random utility code for release tools.""" import os import re import subprocess import sys assert sys.version_info >= (3, 6), "This module requires Python 3.6+" TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) HOMEDIR = os.path.expanduser("~") # These are the release keys we sign with. KEYID_DSA = "8BB9AD793E8E6153AF0F9A4416530D5E920F5C65" KEYID_RSA = "A34A13BE8E76BFF46A0C022DA2E75A824AAB9624" KEYID_ECC = "E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39" def cmdstr(cmd): """Get a nicely quoted shell command.""" ret = [] for arg in cmd: if not re.match(r"^[a-zA-Z0-9/_.=-]+$", arg): arg = f'"{arg}"' ret.append(arg) return " ".join(ret) def run(opts, cmd, check=True, **kwargs): """Helper around subprocess.run to include logging.""" print("+", cmdstr(cmd)) if opts.dryrun: cmd = ["true", "--"] + cmd try: return subprocess.run(cmd, check=check, **kwargs) except subprocess.CalledProcessError as e: print(f"aborting: {e}", file=sys.stderr) sys.exit(1) def import_release_key(opts): """Import the public key of the official release repo signing key.""" # Extract the key from our repo launcher. launcher = getattr(opts, "launcher", os.path.join(TOPDIR, "repo")) print(f'Importing keys from "{launcher}" launcher script') with open(launcher, encoding="utf-8") as fp: data = fp.read() keys = re.findall( r"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*" r"\n-----END PGP PUBLIC KEY BLOCK-----\n", data, flags=re.M, ) run(opts, ["gpg", "--import"], input="\n".join(keys).encode("utf-8")) print("Marking keys as fully trusted") run( opts, ["gpg", "--import-ownertrust"], input=f"{KEYID_DSA}:6:\n".encode(), )