1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#!/usr/bin/env python
import subprocess
import tempfile
import argparse
import hashlib
import tarfile
import json
parser = argparse.ArgumentParser()
parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
args = parser.parse_args()
tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
status = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
sha256 = {}
for fn in args.firmware:
with open(fn, "rb") as f:
sha256[fn] = hashlib.sha256(f.read()).hexdigest()
tar.add(fn)
# export GNUPGHOME := /home/aptbot/gnupg
# --no-default-keyring --keyring isc-pubring.gpg --secret-keyring isc-secring.gpg
with tempfile.NamedTemporaryFile() as f:
gpg = subprocess.Popen(("gpg", "--clearsign", "--no-default-keyring",
"--keyring", "/home/aptbot/gnupg/pubring.gpg",
"--secret-keyring", "/home/aptbot/gnupg/secring.gpg",
"--trustdb-name", "/home/aptbot/gnupg/trustdb.gpg",
"--no-random-seed-file", "--no-permission-warning",
"--personal-digest-preferences", "SHA256"),
stdin = subprocess.PIPE, stdout = f)
json.dump(dict(commits = status, sha256 = sha256), gpg.stdin, indent = 2)
gpg.stdin.close()
gpg.wait()
tar.add(f.name, "+MANIFEST")
|
