aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2020-06-21 15:12:00 -0400
committerRob Austein <sra@hactrn.net>2020-06-21 15:12:00 -0400
commit5fa42db51da6e83247845979547e9f4dd3a4d8a6 (patch)
treef7200f841bdf1bc454ad3a59028b4a3af14b9c7f
parent92480b67c35388f0fe8fd6f36e9257afaba34849 (diff)
Allow build of firmware package without release engineering key
Prior to this change, it was not possible to build the release packaging without the release engineering PGP key, which is nicely paranoid but ignores the possibility that people other than the release engineer might want to reuse our packaging. Doh. So we still use the release engineering key to sign the manifest in the firmware tarball if the key is available, but if it's not we produce an unsigned manifest.
-rwxr-xr-xscripts/build-firmware-package.py19
1 files changed, 13 insertions, 6 deletions
diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 76000e6..55e77a7 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -27,12 +27,19 @@ for fn in args.firmware:
with tempfile.NamedTemporaryFile() as f:
os.fchmod(f.fileno(), 0644)
- gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
- stdin = subprocess.PIPE, stdout = f)
- json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), gpg.stdin, indent = 2)
- gpg.stdin.close()
- if gpg.wait():
- raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+ use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
+ if use_gpg:
+ gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
+ stdin = subprocess.PIPE, stdout = f)
+ jf = gnupg.stdin
+ else:
+ jf = f
+ json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), jf, indent = 2)
+ if use_gpg:
+ gpg.stdin.close()
+ if gpg.wait():
+ raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+ f.seek(0)
tar.add(f.name, "MANIFEST")
tar.close()