| |
@@ -39,10 +39,45 @@
|
| |
from ..wrappers.scm import get_dir_from_scm
|
| |
from .base import PhaseBase
|
| |
|
| |
+ import fedora_messaging
|
| |
+
|
| |
CACHE_TOPDIR = "/var/cache/pungi/createrepo_c/"
|
| |
createrepo_lock = threading.Lock()
|
| |
createrepo_dirs = set()
|
| |
|
| |
+ _topic = "fake_topic"
|
| |
+ def sign_repodata(path, output):
|
| |
+ with open(path, 'rb') as xml_file:
|
| |
+ data = xml_file.read().decode('UTF-8', 'strict')
|
| |
+ publish(Message(topic=_topic, body=data))
|
| |
+
|
| |
+ def messaging_callback(message):
|
| |
+ if message.topic != _topic + '.finished':
|
| |
+ return
|
| |
+ body = message.body
|
| |
+ try:
|
| |
+ if body['body'] != data:
|
| |
+ return # different XML file
|
| |
+ except (KeyError, TypeError):
|
| |
+ return # not a message we are interested in
|
| |
+ if 'error' in message.body:
|
| |
+ raise fedora_messaging.exceptions.HaltConsumer(
|
| |
+ exit_code = 1,
|
| |
+ reason = f'Signing XML file failed: {message.body["error"]!r}')
|
| |
+ try:
|
| |
+ signature = message.body['signature']
|
| |
+ except KeyError:
|
| |
+ raise fedora_messaging.exceptions.HaltConsumer(
|
| |
+ exit_code = 0,
|
| |
+ reason = 'Signing XML file failed: got a response with no signature')
|
| |
+ with open(output, 'wb') as signature_file:
|
| |
+ output.write(signature.encode('UTF-8', 'strict'))
|
| |
+ raise fedora_messaging.exceptions.HaltConsumer('Success')
|
| |
+ try:
|
| |
+ fedora_messaging.api.consume(messaging_callback)
|
| |
+ except fedora_messaging.exceptions.HaltConsumer as s:
|
| |
+ if s.exit_code:
|
| |
+ raise ValueError from s
|
| |
|
| |
class CreaterepoPhase(PhaseBase):
|
| |
name = "createrepo"
|
| |
@@ -302,6 +337,9 @@
|
| |
list(module_rpms),
|
| |
)
|
| |
|
| |
+ sign_repodata(os.path.join(repo_dir, 'repodata', 'repomd.xml'),
|
| |
+ os.path.join(repo_dir, 'repodata', 'repomd.xml.asc'))
|
| |
+
|
| |
compose.log_info("[DONE ] %s" % msg)
|
| |
|
| |
|
| |
@@ -324,6 +362,9 @@
|
| |
)
|
| |
run(cmd, logfile=log_file, show_cmd=True)
|
| |
|
| |
+ sign_repodata(os.path.join(repo_dir, 'repodata', 'repomd.xml'),
|
| |
+ os.path.join(repo_dir, 'repodata', 'repomd.xml.asc'))
|
| |
+
|
| |
|
| |
def find_file_in_repodata(repo_path, type_):
|
| |
dom = xml.dom.minidom.parse(os.path.join(repo_path, "repodata", "repomd.xml"))
|
| |
This signs repository metadata. The main problem is that the topic (
fake_topic
) is obviously not a good choice.Signed-off-by: Demi Marie Obenour demi@invisiblethingslab.com