[Cryptech-Commits] [user/sra/alpha-releng/omnibus] 04/24: Simplify, particularly gpg handling; store a bit more repository info in the JSON metadata.

git at cryptech.is git at cryptech.is
Mon Jun 27 20:38:27 UTC 2016

Previous message (by thread): [Cryptech-Commits] [user/sra/alpha-releng/omnibus] 03/24: Cleanup.
Next message (by thread): [Cryptech-Commits] [user/sra/alpha-releng/omnibus] 05/24: Fix script permission, and suppress gpg warning that doesn't really apply to dedicated build machine.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository user/sra/alpha-releng/omnibus.

commit 1f4cb928a0ac606167d7df6f0435e9ad0ef95b30
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed Jun 22 13:05:26 2016 -0400

    Simplify, particularly gpg handling; store a bit more repository info in the JSON metadata.
---
 .gitignore       |  1 +
 Makefile         | 18 ++++++++++--------
 build-package.py | 39 +++++++++++++--------------------------
 3 files changed, 24 insertions(+), 34 deletions(-)

diff --git a/.gitignore b/.gitignore
index 77d1cab..f1a0492 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+package.tar.gz
 screenlog.0
diff --git a/Makefile b/Makefile
index 2b01f9d..c6654e0 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,16 @@
 # basic build sequence before we start messing with packaging scripts,
 # version numbers, and other forms of entertainment.  Expect changes.
 
+export GNUPGHOME := /home/aptbot/gnupg
+
+TARBALL	 := package.tar.gz
+
+FIRMWARE := sw/stm32/projects/bootloader/bootloader.bin	\
+	    sw/stm32/projects/bootloader/bootloader.elf	\
+	    sw/stm32/projects/hsm/hsm.bin		\
+	    sw/stm32/projects/hsm/hsm.elf		\
+	    core/platform/alpha/build/alpha_fmc.bit
+
 all: bitstream elves package
 
 bitstream:
@@ -10,14 +20,6 @@ bitstream:
 elves:
 	cd sw/stm32; ${MAKE} bootloader hsm
 
-TARBALL	 :=	package.tar.gz
-
-FIRMWARE :=	sw/stm32/projects/bootloader/bootloader.bin	\
-		sw/stm32/projects/bootloader/bootloader.elf	\
-		sw/stm32/projects/hsm/hsm.bin			\
-		sw/stm32/projects/hsm/hsm.elf			\
-		core/platform/alpha/build/alpha_fmc.bit
-
 package: bitstream elves ${TARBALL}
 
 ${TARBALL}: ${FIRMWARE}
diff --git a/build-package.py b/build-package.py
index 4f35cff..494011e 100644
--- a/build-package.py
+++ b/build-package.py
@@ -9,39 +9,26 @@ import json
 import os
 
 parser = argparse.ArgumentParser()
-parser.add_argument("--gpgdir", default = "/home/aptbot/gnupg", help = "gpg keyring directory")
-parser.add_argument("--dir-name", help = "internal directory name for files")
-parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
-parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
+parser.add_argument("tarfile", type = argparse.FileType("wb"),  help = "tarball to create")
+parser.add_argument("firmware", nargs = "+",                    help = "firmware files to stuff into tarball")
 args = parser.parse_args()
 
-tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
-
-status = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
-sha256 = {}
-
-def tar_add(fn, name = None):
-    if name is None:
-        name = os.path.basename(fn)
-    tar.add(fn, name if args.dir_name is None else os.path.join(args.dir_name, name))
+tar     = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
+head    = subprocess.check_output(("git", "rev-parse", "HEAD")).strip()
+time    = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip()
+commits = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
+sha256  = {}
 
 for fn in args.firmware:
     with open(fn, "rb") as f:
         sha256[fn] = hashlib.sha256(f.read()).hexdigest()
-    tar_add(fn)
+    tar.add(fn, os.path.basename(fn))
 
 with tempfile.NamedTemporaryFile() as f:
-    gpg = subprocess.Popen(("gpg",
-                            "--clearsign",
-                            "--no-random-seed-file",
-                            "--no-default-keyring",
-                            "--no-permission-warning",
-                            "--personal-digest-preferences", "SHA256",
-                            "--keyring",        os.path.join(args.gpgdir, "pubring.gpg"),
-                            "--secret-keyring", os.path.join(args.gpgdir, "secring.gpg"),
-                            "--trustdb-name",   os.path.join(args.gpgdir, "trustdb.gpg")),
+    gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256"),
                            stdin = subprocess.PIPE, stdout = f)
-    json.dump(dict(commits = status, sha256  = sha256), gpg.stdin, indent = 2)
+    json.dump(dict(head = head, time = time, commits = commits, sha256  = sha256), gpg.stdin, indent = 2)
     gpg.stdin.close()
-    gpg.wait()
-    tar_add(f.name, "MANIFEST")
+    if gpg.wait():
+        raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    tar.add(f.name, "MANIFEST")

Previous message (by thread): [Cryptech-Commits] [user/sra/alpha-releng/omnibus] 03/24: Cleanup.
Next message (by thread): [Cryptech-Commits] [user/sra/alpha-releng/omnibus] 05/24: Fix script permission, and suppress gpg warning that doesn't really apply to dedicated build machine.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list