| # Copyright (C) 2020 The Android Open Source Project |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| """Random utility code for release tools.""" |
| |
| import os |
| import re |
| import subprocess |
| import sys |
| |
| |
| assert sys.version_info >= (3, 6), "This module requires Python 3.6+" |
| |
| |
| TOPDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) |
| HOMEDIR = os.path.expanduser("~") |
| |
| |
| # These are the release keys we sign with. |
| KEYID_DSA = "8BB9AD793E8E6153AF0F9A4416530D5E920F5C65" |
| KEYID_RSA = "A34A13BE8E76BFF46A0C022DA2E75A824AAB9624" |
| KEYID_ECC = "E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39" |
| |
| |
| def cmdstr(cmd): |
| """Get a nicely quoted shell command.""" |
| ret = [] |
| for arg in cmd: |
| if not re.match(r"^[a-zA-Z0-9/_.=-]+$", arg): |
| arg = f'"{arg}"' |
| ret.append(arg) |
| return " ".join(ret) |
| |
| |
| def run(opts, cmd, check=True, **kwargs): |
| """Helper around subprocess.run to include logging.""" |
| print("+", cmdstr(cmd)) |
| if opts.dryrun: |
| cmd = ["true", "--"] + cmd |
| try: |
| return subprocess.run(cmd, check=check, **kwargs) |
| except subprocess.CalledProcessError as e: |
| print(f"aborting: {e}", file=sys.stderr) |
| sys.exit(1) |
| |
| |
| def import_release_key(opts): |
| """Import the public key of the official release repo signing key.""" |
| # Extract the key from our repo launcher. |
| launcher = getattr(opts, "launcher", os.path.join(TOPDIR, "repo")) |
| print(f'Importing keys from "{launcher}" launcher script') |
| with open(launcher, encoding="utf-8") as fp: |
| data = fp.read() |
| |
| keys = re.findall( |
| r"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*" |
| r"\n-----END PGP PUBLIC KEY BLOCK-----\n", |
| data, |
| flags=re.M, |
| ) |
| run(opts, ["gpg", "--import"], input="\n".join(keys).encode("utf-8")) |
| |
| print("Marking keys as fully trusted") |
| run( |
| opts, |
| ["gpg", "--import-ownertrust"], |
| input=f"{KEYID_DSA}:6:\n".encode("utf-8"), |
| ) |