Google Git
Sign in
gerrit / git-repo / main / . / release / util.py
blob: 8596324ff83d895445212828ead467a5066f8aca [file] [log] [blame]
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]1# Copyright (C) 2020 The Android Open Source Project
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""Random utility code for release tools."""
16
Mike Frysinger80d1a5a2025-08-21 10:40:51 -0400[diff] [blame]17from pathlib import Path
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]18import re
Mike Frysinger02147302025-04-09 19:59:05 -0400[diff] [blame]19import shlex
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]20import subprocess
21import sys
22
23
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]24assert sys.version_info >= (3, 6), "This module requires Python 3.6+"
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]25
26
Mike Frysinger80d1a5a2025-08-21 10:40:51 -0400[diff] [blame]27THIS_FILE = Path(__file__).resolve()
28TOPDIR = THIS_FILE.parent.parent
29HOMEDIR = Path("~").expanduser()
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]30
31
32# These are the release keys we sign with.
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]33KEYID_DSA = "8BB9AD793E8E6153AF0F9A4416530D5E920F5C65"
34KEYID_RSA = "A34A13BE8E76BFF46A0C022DA2E75A824AAB9624"
35KEYID_ECC = "E1F9040D7A3F6DAFAC897CD3D3B95DA243E48A39"
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]36
37
38def cmdstr(cmd):
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]39 """Get a nicely quoted shell command."""
Mike Frysinger02147302025-04-09 19:59:05 -0400[diff] [blame]40 return " ".join(shlex.quote(x) for x in cmd)
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]41
42
43def run(opts, cmd, check=True, **kwargs):
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]44 """Helper around subprocess.run to include logging."""
45 print("+", cmdstr(cmd))
46 if opts.dryrun:
47 cmd = ["true", "--"] + cmd
48 try:
49 return subprocess.run(cmd, check=check, **kwargs)
50 except subprocess.CalledProcessError as e:
51 print(f"aborting: {e}", file=sys.stderr)
52 sys.exit(1)
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]53
54
55def import_release_key(opts):
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]56 """Import the public key of the official release repo signing key."""
57 # Extract the key from our repo launcher.
Mike Frysinger80d1a5a2025-08-21 10:40:51 -0400[diff] [blame]58 launcher = getattr(opts, "launcher", TOPDIR / "repo")
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]59 print(f'Importing keys from "{launcher}" launcher script')
60 with open(launcher, encoding="utf-8") as fp:
61 data = fp.read()
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]62
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]63 keys = re.findall(
64 r"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n[^-]*"
65 r"\n-----END PGP PUBLIC KEY BLOCK-----\n",
66 data,
67 flags=re.M,
68 )
69 run(opts, ["gpg", "--import"], input="\n".join(keys).encode("utf-8"))
Mike Frysinger8c268c02020-02-20 15:13:51 -0500[diff] [blame]70
Gavin Makea2e3302023-03-11 06:46:20 +0000[diff] [blame]71 print("Marking keys as fully trusted")
72 run(
73 opts,
74 ["gpg", "--import-ownertrust"],
75 input=f"{KEYID_DSA}:6:\n".encode("utf-8"),
76 )