From 39095f14df329f4b48cadd505d49ef51143f3c18 Mon Sep 17 00:00:00 2001 From: Michael Lotz Date: Thu, 29 Aug 2024 10:27:50 +0200 Subject: [PATCH] Ship signature file to object storage when repo was signed. Explicitly name the signature file and ship it along with the checksum and info files. --- HaikuPorter/PackageRepository.py | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/HaikuPorter/PackageRepository.py b/HaikuPorter/PackageRepository.py index 79cbd8e6..666ea06f 100644 --- a/HaikuPorter/PackageRepository.py +++ b/HaikuPorter/PackageRepository.py @@ -234,12 +234,19 @@ def createPackageRepository(self, outputPath): repoChecksumFile = repoFile + '.sha256' self._checksumPackageRepository(repoFile, repoChecksumFile) - self._signPackageRepository(repoFile) + + repoSignatureFile = repoFile + '.minisig' + wasSigned = self._signPackageRepository(repoFile, repoSignatureFile) if self.storageBackend is not None: + extraFiles = [repoInfoFile, repoFile, repoChecksumFile] + if wasSigned: + extraFiles.append(repoSignatureFile) + + extraFiles.append(packageListFile) + self._stubLocalPackages(localPackages) - self._populateStorageBackendFiles( - [repoInfoFile, repoFile, repoChecksumFile, packageListFile]) + self._populateStorageBackendFiles(extraFiles) self._pruneStorageBackend(packageNameList) def _checksumPackageRepository(self, repoFile, repoChecksumFile): @@ -255,13 +262,14 @@ def _checksumPackageRepository(self, repoFile, repoChecksumFile): with open(repoChecksumFile, 'w') as outputFile: outputFile.write(checksum.hexdigest()) - def _signPackageRepository(self, repoFile): + def _signPackageRepository(self, repoFile, repoSignatureFile): """Sign the package repository if a private key was provided""" privateKeyFile = getOption('packageRepositorySignPrivateKeyFile') privateKeyPass = getOption('packageRepositorySignPrivateKeyPass') if not privateKeyFile and not privateKeyPass: info("Warning: unsigned package repository") - return + return False + if not os.path.exists(privateKeyFile): sysExit('specified package repo private key file missing!') @@ -274,10 +282,12 @@ def _signPackageRepository(self, repoFile): # minisign -s /tmp/minisign.key -Sm ${ARTIFACT} info("signing repository") - output = subprocess.check_output([minisignCommand, '-s', - privateKeyFile, "-Sm", repoFile], input=privateKeyPass.encode('utf-8'), + output = subprocess.check_output([minisignCommand, + '-x', repoSignatureFile, '-s', privateKeyFile, "-Sm", repoFile], + input=privateKeyPass.encode('utf-8'), stderr=subprocess.STDOUT).decode('utf-8') info(output) + return True def checkPackageRepositoryConsistency(self): """Check consistency of package repository by dependency solving all