diff options
Diffstat (limited to 'debian/bin/genpatch-rt')
| -rwxr-xr-x | debian/bin/genpatch-rt | 76 |
1 files changed, 42 insertions, 34 deletions
diff --git a/debian/bin/genpatch-rt b/debian/bin/genpatch-rt index e61b5f242..c0f1a611d 100755 --- a/debian/bin/genpatch-rt +++ b/debian/bin/genpatch-rt @@ -1,5 +1,6 @@ #!/usr/bin/python3 +import argparse import codecs import io import os @@ -7,11 +8,10 @@ import os.path import re import shutil import subprocess -import sys import tempfile -def main(source, version=None): +def main(source, version, verify_signature): patch_dir = 'debian/patches-rt' series_name = 'series' old_series = set() @@ -52,15 +52,16 @@ def main(source, version=None): env['GIT_DIR'] = os.path.join(source, '.git') env['DEBIAN_KERNEL_KEYRING'] = 'rt-signing-key.pgp' - # Validate tag signature - gpg_wrapper = os.path.join(os.getcwd(), - "debian/bin/git-tag-gpg-wrapper") - verify_proc = subprocess.Popen( - ['git', '-c', 'gpg.program=%s' % gpg_wrapper, - 'tag', '-v', 'v%s-rebase' % version], - env=env) - if verify_proc.wait(): - raise RuntimeError("GPG tag verification failed") + if verify_signature: + # Validate tag signature + gpg_wrapper = os.path.join(os.getcwd(), + "debian/bin/git-tag-gpg-wrapper") + verify_proc = subprocess.Popen( + ['git', '-c', 'gpg.program=%s' % gpg_wrapper, + 'tag', '-v', 'v%s-rebase' % version], + env=env) + if verify_proc.wait(): + raise RuntimeError("GPG tag verification failed") args = ['git', 'format-patch', 'v%s..v%s-rebase' % (up_ver, version)] @@ -91,21 +92,22 @@ def main(source, version=None): assert match, 'could not parse version string' up_ver = match.group(1) - # Expect an accompanying signature, and validate it - source_sig = re.sub(r'.[gx]z$', '.sign', source) - unxz_proc = subprocess.Popen(['xzcat', source], - stdout=subprocess.PIPE) - verify_output = subprocess.check_output( - ['gpgv', '--status-fd', '1', - '--keyring', 'debian/upstream/rt-signing-key.pgp', - '--ignore-time-conflict', source_sig, '-'], - stdin=unxz_proc.stdout) - if unxz_proc.wait() or \ - not re.search(r'^\[GNUPG:\]\s+VALIDSIG\s', - codecs.decode(verify_output), - re.MULTILINE): - os.write(2, verify_output) # bytes not str! - raise RuntimeError("GPG signature verification failed") + if verify_signature: + # Expect an accompanying signature, and validate it + source_sig = re.sub(r'.[gx]z$', '.sign', source) + unxz_proc = subprocess.Popen(['xzcat', source], + stdout=subprocess.PIPE) + verify_output = subprocess.check_output( + ['gpgv', '--status-fd', '1', + '--keyring', 'debian/upstream/rt-signing-key.pgp', + '--ignore-time-conflict', source_sig, '-'], + stdin=unxz_proc.stdout) + if unxz_proc.wait() or \ + not re.search(r'^\[GNUPG:\]\s+VALIDSIG\s', + codecs.decode(verify_output), + re.MULTILINE): + os.write(2, verify_output) # bytes not str! + raise RuntimeError("GPG signature verification failed") temp_dir = tempfile.mkdtemp(prefix='rt-genpatch', dir='debian') try: @@ -142,11 +144,17 @@ def main(source, version=None): if __name__ == '__main__': - if not (1 <= len(sys.argv) <= 3): - print('Usage: %s {TAR [RT-VERSION] | REPO RT-VERSION}' % sys.argv[0], - file=sys.stderr) - print('TAR is a tarball of patches.', file=sys.stderr) - print('REPO is a git repo containing the given RT-VERSION.', - file=sys.stderr) - sys.exit(2) - main(*sys.argv[1:]) + parser = argparse.ArgumentParser( + description='Generate or update the rt featureset patch series') + parser.add_argument( + 'source', metavar='SOURCE', type=str, + help='tarball of patches or git repo containing the given RT-VERSION') + parser.add_argument( + 'version', metavar='RT-VERSION', type=str, nargs='?', + help='rt kernel version (optional for tarballs)') + parser.add_argument( + '--verify-signature', action=argparse.BooleanOptionalAction, + default=True, + help='verify signature on tarball (detached in .sign file) or git tag') + args = parser.parse_args() + main(args.source, args.version, args.verify_signature) |