2017-06-29 11:20:48 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2018-08-30 07:18:10 +00:00
|
|
|
"""
|
|
|
|
Messaging hook to block compose progress until an ostree commit is signed.
|
|
|
|
|
|
|
|
The signing is implemented by robosignatory, which listens on the message bus
|
|
|
|
and reacts to messages about new commits. It will create a signature and then
|
|
|
|
update the ref in the repo to point to the new commit.
|
|
|
|
|
|
|
|
This script should not be used if Pungi is updating the reference on its own
|
|
|
|
(since that does not leave time for the signature).
|
|
|
|
"""
|
|
|
|
|
2017-06-29 11:20:48 +00:00
|
|
|
from __future__ import print_function
|
|
|
|
|
|
|
|
import argparse
|
|
|
|
import datetime
|
2018-05-09 21:17:59 +00:00
|
|
|
import fedmsg.config
|
2017-06-29 11:20:48 +00:00
|
|
|
import json
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
import time
|
|
|
|
|
2018-08-30 07:18:10 +00:00
|
|
|
|
|
|
|
def is_ref_updated(ref_file, commit):
|
|
|
|
"""The ref is updated when the file points to the correct commit."""
|
|
|
|
try:
|
|
|
|
with open(ref_file) as f:
|
|
|
|
return f.read().strip() == commit
|
|
|
|
except IOError:
|
|
|
|
# Failed to open the file, probably it does not exist, so let's just
|
|
|
|
# wait more.
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
def ts_log(msg):
|
|
|
|
print("%s: %s" % (datetime.datetime.utcnow(), msg))
|
|
|
|
|
|
|
|
|
2019-12-06 02:54:11 +00:00
|
|
|
def main():
|
2017-06-29 11:20:48 +00:00
|
|
|
parser = argparse.ArgumentParser()
|
2020-02-03 03:50:06 +00:00
|
|
|
parser.add_argument("cmd")
|
2017-06-29 11:20:48 +00:00
|
|
|
opts = parser.parse_args()
|
|
|
|
|
2020-02-03 03:50:06 +00:00
|
|
|
if opts.cmd != "ostree":
|
2017-06-29 11:20:48 +00:00
|
|
|
# Not an announcement of new ostree commit, nothing to do.
|
|
|
|
sys.exit()
|
|
|
|
|
|
|
|
try:
|
|
|
|
data = json.load(sys.stdin)
|
|
|
|
except ValueError:
|
2020-02-03 03:50:06 +00:00
|
|
|
print("Failed to decode data", file=sys.stderr)
|
2017-06-29 11:20:48 +00:00
|
|
|
sys.exit(1)
|
|
|
|
|
2020-02-03 03:50:06 +00:00
|
|
|
repo = data["local_repo_path"]
|
|
|
|
commit = data["commitid"]
|
2018-09-13 10:32:28 +00:00
|
|
|
if not commit:
|
|
|
|
print("No new commit was created, nothing will get signed.")
|
|
|
|
sys.exit(0)
|
|
|
|
|
2020-02-03 03:50:06 +00:00
|
|
|
path = "%s/objects/%s/%s.commitmeta" % (repo, commit[:2], commit[2:])
|
2017-06-29 11:20:48 +00:00
|
|
|
|
2018-05-09 21:17:59 +00:00
|
|
|
config = fedmsg.config.load_config()
|
2020-02-03 03:50:06 +00:00
|
|
|
config["active"] = True # Connect out to a fedmsg-relay instance
|
|
|
|
config["cert_prefix"] = "releng" # Use this cert.
|
2018-05-09 21:17:59 +00:00
|
|
|
fedmsg.init(**config)
|
2020-02-03 03:50:06 +00:00
|
|
|
topic = "compose.%s" % opts.cmd.replace("-", ".").lower()
|
2018-05-09 21:17:59 +00:00
|
|
|
|
|
|
|
count = 0
|
2017-06-29 11:20:48 +00:00
|
|
|
while not os.path.exists(path):
|
2018-08-30 07:18:10 +00:00
|
|
|
ts_log("Commit not signed yet, waiting...")
|
2018-05-09 21:17:59 +00:00
|
|
|
count += 1
|
|
|
|
if count >= 60: # Repeat every 5 minutes
|
2020-02-03 03:50:06 +00:00
|
|
|
print("Repeating notification")
|
|
|
|
fedmsg.publish(topic=topic, modname="pungi", msg=data)
|
2018-05-09 21:17:59 +00:00
|
|
|
count = 0
|
2017-06-29 11:20:48 +00:00
|
|
|
time.sleep(5)
|
|
|
|
|
2018-08-30 07:18:10 +00:00
|
|
|
print("Found signature, waiting for ref to be updated.")
|
|
|
|
|
|
|
|
ref_file = os.path.join(repo, "refs/heads", data["ref"])
|
|
|
|
while not is_ref_updated(ref_file, commit):
|
|
|
|
ts_log("Ref is not yet up-to-date, waiting...")
|
|
|
|
time.sleep(5)
|
|
|
|
|
|
|
|
print("Ref is up-to-date. All done!")
|