From 5fa42db51da6e83247845979547e9f4dd3a4d8a6 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 21 Jun 2020 15:12:00 -0400 Subject: Allow build of firmware package without release engineering key Prior to this change, it was not possible to build the release packaging without the release engineering PGP key, which is nicely paranoid but ignores the possibility that people other than the release engineer might want to reuse our packaging. Doh. So we still use the release engineering key to sign the manifest in the firmware tarball if the key is available, but if it's not we produce an unsigned manifest. --- scripts/build-firmware-package.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py index 76000e6..55e77a7 100755 --- a/scripts/build-firmware-package.py +++ b/scripts/build-firmware-package.py @@ -27,12 +27,19 @@ for fn in args.firmware: with tempfile.NamedTemporaryFile() as f: os.fchmod(f.fileno(), 0644) - gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), - stdin = subprocess.PIPE, stdout = f) - json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), gpg.stdin, indent = 2) - gpg.stdin.close() - if gpg.wait(): - raise subprocess.CalledProcessError(gpg.returncode, "gpg") + use_gpg = os.path.isdir(os.getenv("GNUPGHOME", "")) + if use_gpg: + gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), + stdin = subprocess.PIPE, stdout = f) + jf = gnupg.stdin + else: + jf = f + json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), jf, indent = 2) + if use_gpg: + gpg.stdin.close() + if gpg.wait(): + raise subprocess.CalledProcessError(gpg.returncode, "gpg") + f.seek(0) tar.add(f.name, "MANIFEST") tar.close() -- cgit v1.2.3