signatrust_bin.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

diff --git a/run/copr_fix_gpg.py b/run/copr_fix_gpg.py
index 24edf74e..bfa70c05 100755
--- a/run/copr_fix_gpg.py
+++ b/run/copr_fix_gpg.py
@@ -9,7 +9,7 @@ from urllib.parse import urlparse
 import pwd
 
 from copr_backend.helpers import BackendConfigReader, call_copr_repo, run_cmd
-from copr_backend.sign import get_pubkey, unsign_rpms_in_dir, sign_rpms_in_dir, create_user_keys, create_gpg_email
+from copr_backend.sign import new_signer, create_gpg_email
 
 logging.basicConfig(
     filename="/var/log/copr-backend/fix_gpg.log",
@@ -69,12 +69,14 @@ def fix_copr(args, opts, copr_full_name):
         log.info('Ignoring %s. Directory does not exist.', copr_path)
         return
 
+    signer = new_signer(opts)
+
     log.info("Generate key-pair on copr-keygen (if not generated) for email %s",
              create_gpg_email(owner, coprname, opts.sign_domain))
-    create_user_keys(owner, coprname, opts)
+    signer.create_user_keys(owner, coprname, opts)
 
     log.info("Regenerate pubkey.gpg in copr %s", copr_path)
-    get_pubkey(owner, coprname, log, opts.sign_domain, os.path.join(copr_path, 'pubkey.gpg'))
+    signer.get_pubkey(owner, coprname, log, opts.sign_domain, os.path.join(copr_path, 'pubkey.gpg'))
 
     # Match the "00001231-anycharacer" directory names.  Compile once, use many.
     builddir_matcher = re.compile(r"\d{8,}-")
@@ -111,8 +113,8 @@ def fix_copr(args, opts, copr_full_name):
 
             log.info("Processing rpms in builddir %s", builddir_path)
             try:
-                unsign_rpms_in_dir(builddir_path, opts, log) # first we need to unsign by using rpm-sign before we sign with obs-sign
-                sign_rpms_in_dir(owner, coprname, builddir_path, chroot, opts, log)
+                signer.unsign_rpms_in_dir(builddir_path, opts, log) # first we need to unsign by using rpm-sign before we sign with obs-sign
+                signer.sign_rpms_in_dir(owner, coprname, builddir_path, chroot, opts, log)
             except Exception as e:
                 log.exception(str(e))
                 continue
diff --git a/run/copr_sign_unsigned.py b/run/copr_sign_unsigned.py
index 33eaeae3..e17e65bb 100755
--- a/run/copr_sign_unsigned.py
+++ b/run/copr_sign_unsigned.py
@@ -12,7 +12,7 @@ import pwd
 
 from copr_backend.helpers import (BackendConfigReader, create_file_logger,
                              uses_devel_repo, call_copr_repo)
-from copr_backend.sign import get_pubkey, sign_rpms_in_dir, create_user_keys
+from copr_backend.sign import new_signer
 from copr_backend.exceptions import CoprSignNoKeyError
 
 
@@ -26,10 +26,11 @@ log = logging.getLogger(__name__)
 def check_signed_rpms_in_pkg_dir(pkg_dir, user, project, opts, chroot_dir, devel):
     success = True
 
+    signer = new_signer(opts)
     logger = create_file_logger("run.check_signed_rpms_in_pkg_dir",
                                 "/tmp/copr_check_signed_rpms.log")
     try:
-        sign_rpms_in_dir(user, project, pkg_dir, chroot_dir, opts, log=logger)
+        signer.sign_rpms_in_dir(user, project, pkg_dir, chroot_dir, opts, log=logger)
         log.info("running createrepo for %s", pkg_dir)
         call_copr_repo(directory=chroot_dir, devel=devel, logger=log)
     except Exception as err:
@@ -80,9 +81,10 @@ def check_pubkey(pubkey_path, user, project, opts):
         log.info("Pubkey for %s/%s exists: %s", user, project, pubkey_path)
         return True
     else:
+        signer = new_signer(opts)
         log.info("Missing pubkey for %s/%s", user, project)
         try:
-            get_pubkey(user, project, log, opts.sign_domain, pubkey_path)
+            signer.get_pubkey(user, project, log, opts.sign_domain, pubkey_path)
             return True
         except Exception as err:
             log.exception(err)
@@ -102,6 +104,8 @@ def main():
     opts = BackendConfigReader().read()
     log.info("Starting pubkey fill, destdir: %s", opts.destdir)
 
+    signer = new_signer(opts)
+
     log.debug("list dir: %s", os.listdir(opts.destdir))
     for user_name in os.listdir(opts.destdir):
         if user_name in users_done_old:
@@ -116,13 +120,13 @@ def main():
             log.info("Checking project dir: %s", project_name)
 
             try:
-                get_pubkey(user_name, project_name, log, opts.sign_domain)
+                signer.get_pubkey(user_name, project_name, log, opts.sign_domain)
                 log.info("Key-pair exists for %s/%s", user_name, project_name)
             except CoprSignNoKeyError:
-                create_user_keys(user_name, project_name, opts)
+                signer.create_user_keys(user_name, project_name, opts)
                 log.info("Created new key-pair for %s/%s", user_name, project_name)
             except Exception as err:
-                log.error("Failed to get pubkey for {}/{}, mark as failed, skipping")
+                log.error("Failed to get pubkey for {}/{}, mark as failed, skipping".format(user_name, project_name))
                 log.exception(err)
                 failed = True
                 continue