Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/bin/gpkg-sign
blob: 0aa6483e7b426c3ca29b4bab7dca4ae844dae920 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

#!/usr/bin/env python
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

import argparse
import sys

import portage
import portage.exception

portage._internal_caller = True
from portage import gpkg


def main(
    gpkg_file, keep_current_signature=False, allow_unsigned=False, skip_signed=False
):
    eout = portage.output.EOutput()

    if not portage.settings.get("BINPKG_GPG_SIGNING_GPG_HOME"):
        eout.eerror("BINPKG_GPG_SIGNING_GPG_HOME is not set")
        exit(1)

    if not portage.settings.get("BINPKG_GPG_SIGNING_KEY"):
        eout.eerror("BINPKG_GPG_SIGNING_KEY is not set")
        exit(1)

    try:
        package = gpkg.gpkg(settings=portage.settings, gpkg_file=gpkg_file)
        if allow_unsigned:
            package.request_signature = False
        package._verify_binpkg()
        if skip_signed and package.signature_exist:
            eout.einfo(f"{gpkg_file} already signed, skipping.")
            return
        package.update_signature(keep_current_signature=keep_current_signature)
        eout.einfo(f"{gpkg_file} signed.")
    except portage.exception.FileNotFound:
        eout.eerror(f"File not found: {gpkg_file}")
        exit(1)
    except portage.exception.InvalidBinaryPackageFormat:
        eout.eerror(f"Invalid binary package format: {gpkg_file}")
        exit(1)
    except portage.exception.SignatureException:
        eout.eerror(f"Signature exception: {gpkg_file}")
        exit(1)


if __name__ == "__main__":
    usage = "gpkg-sign [options] <gpkg package file>"
    parser = argparse.ArgumentParser(usage=usage)
    parser.add_argument(
        "--keep-current-signature",
        action="store_true",
        help="Keep existing signature when updating signature (default: false)",
    )
    parser.add_argument(
        "--allow-unsigned",
        action="store_true",
        help="Allow signing from unsigned packages when binpkg-request-signature is enabled (default: false)",
    )
    parser.add_argument(
        "--skip-signed",
        action="store_true",
        help="Skip signing if a package is already signed (default: false)",
    )
    options, args = parser.parse_known_args(sys.argv[1:])

    if not args:
        parser.error("no GPKG oackage file specified")

    main(
        args[0],
        keep_current_signature=options.keep_current_signature,
        allow_unsigned=options.allow_unsigned,
        skip_signed=options.skip_signed,
    )