[Cryptech-Commits] [releng/alpha] branch master updated: Allow build of firmware package without release engineering key

git at cryptech.is git at cryptech.is
Sun Jun 21 19:19:32 UTC 2020

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] branch python3 updated: Whack with club until works with Python 2 and Python 3
Next message (by thread): [Cryptech-Commits] [releng/alpha] branch python3 created (now 23eac4f)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository releng/alpha.

The following commit(s) were added to refs/heads/master by this push:
     new 5fa42db  Allow build of firmware package without release engineering key
5fa42db is described below

commit 5fa42db51da6e83247845979547e9f4dd3a4d8a6
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun Jun 21 15:12:00 2020 -0400

    Allow build of firmware package without release engineering key
    
    Prior to this change, it was not possible to build the release
    packaging without the release engineering PGP key, which is nicely
    paranoid but ignores the possibility that people other than the
    release engineer might want to reuse our packaging.  Doh.
    
    So we still use the release engineering key to sign the manifest in
    the firmware tarball if the key is available, but if it's not we
    produce an unsigned manifest.
---
 scripts/build-firmware-package.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 76000e6..55e77a7 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -27,12 +27,19 @@ for fn in args.firmware:
 
 with tempfile.NamedTemporaryFile() as f:
     os.fchmod(f.fileno(), 0644)
-    gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
-                           stdin = subprocess.PIPE, stdout = f)
-    json.dump(dict(head = head, time = time, commits = commits, sha256  = sha256), gpg.stdin, indent = 2)
-    gpg.stdin.close()
-    if gpg.wait():
-        raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
+    if use_gpg:
+        gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
+                               stdin = subprocess.PIPE, stdout = f)
+        jf = gnupg.stdin
+    else:
+        jf = f
+    json.dump(dict(head = head, time = time, commits = commits, sha256  = sha256), jf, indent = 2)
+    if use_gpg:
+        gpg.stdin.close()
+        if gpg.wait():
+            raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    f.seek(0)
     tar.add(f.name, "MANIFEST")
 
 tar.close()

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] branch python3 updated: Whack with club until works with Python 2 and Python 3
Next message (by thread): [Cryptech-Commits] [releng/alpha] branch python3 created (now 23eac4f)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list