[Cryptech-Commits] [user/sra/alpha-releng/omnibus] 04/24: Simplify, particularly gpg handling; store a bit more repository info in the JSON metadata.
git at cryptech.is
git at cryptech.is
Mon Jun 27 20:38:27 UTC 2016
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository user/sra/alpha-releng/omnibus.
commit 1f4cb928a0ac606167d7df6f0435e9ad0ef95b30
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed Jun 22 13:05:26 2016 -0400
Simplify, particularly gpg handling; store a bit more repository info in the JSON metadata.
---
.gitignore | 1 +
Makefile | 18 ++++++++++--------
build-package.py | 39 +++++++++++++--------------------------
3 files changed, 24 insertions(+), 34 deletions(-)
diff --git a/.gitignore b/.gitignore
index 77d1cab..f1a0492 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+package.tar.gz
screenlog.0
diff --git a/Makefile b/Makefile
index 2b01f9d..c6654e0 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,16 @@
# basic build sequence before we start messing with packaging scripts,
# version numbers, and other forms of entertainment. Expect changes.
+export GNUPGHOME := /home/aptbot/gnupg
+
+TARBALL := package.tar.gz
+
+FIRMWARE := sw/stm32/projects/bootloader/bootloader.bin \
+ sw/stm32/projects/bootloader/bootloader.elf \
+ sw/stm32/projects/hsm/hsm.bin \
+ sw/stm32/projects/hsm/hsm.elf \
+ core/platform/alpha/build/alpha_fmc.bit
+
all: bitstream elves package
bitstream:
@@ -10,14 +20,6 @@ bitstream:
elves:
cd sw/stm32; ${MAKE} bootloader hsm
-TARBALL := package.tar.gz
-
-FIRMWARE := sw/stm32/projects/bootloader/bootloader.bin \
- sw/stm32/projects/bootloader/bootloader.elf \
- sw/stm32/projects/hsm/hsm.bin \
- sw/stm32/projects/hsm/hsm.elf \
- core/platform/alpha/build/alpha_fmc.bit
-
package: bitstream elves ${TARBALL}
${TARBALL}: ${FIRMWARE}
diff --git a/build-package.py b/build-package.py
index 4f35cff..494011e 100644
--- a/build-package.py
+++ b/build-package.py
@@ -9,39 +9,26 @@ import json
import os
parser = argparse.ArgumentParser()
-parser.add_argument("--gpgdir", default = "/home/aptbot/gnupg", help = "gpg keyring directory")
-parser.add_argument("--dir-name", help = "internal directory name for files")
-parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
-parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
+parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
+parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
args = parser.parse_args()
-tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
-
-status = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
-sha256 = {}
-
-def tar_add(fn, name = None):
- if name is None:
- name = os.path.basename(fn)
- tar.add(fn, name if args.dir_name is None else os.path.join(args.dir_name, name))
+tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
+head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip()
+time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip()
+commits = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
+sha256 = {}
for fn in args.firmware:
with open(fn, "rb") as f:
sha256[fn] = hashlib.sha256(f.read()).hexdigest()
- tar_add(fn)
+ tar.add(fn, os.path.basename(fn))
with tempfile.NamedTemporaryFile() as f:
- gpg = subprocess.Popen(("gpg",
- "--clearsign",
- "--no-random-seed-file",
- "--no-default-keyring",
- "--no-permission-warning",
- "--personal-digest-preferences", "SHA256",
- "--keyring", os.path.join(args.gpgdir, "pubring.gpg"),
- "--secret-keyring", os.path.join(args.gpgdir, "secring.gpg"),
- "--trustdb-name", os.path.join(args.gpgdir, "trustdb.gpg")),
+ gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256"),
stdin = subprocess.PIPE, stdout = f)
- json.dump(dict(commits = status, sha256 = sha256), gpg.stdin, indent = 2)
+ json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), gpg.stdin, indent = 2)
gpg.stdin.close()
- gpg.wait()
- tar_add(f.name, "MANIFEST")
+ if gpg.wait():
+ raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+ tar.add(f.name, "MANIFEST")
More information about the Commits
mailing list