From 833ba64c513c23b4dd4c663d0493046be709f957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= Date: Thu, 30 Aug 2018 09:18:10 +0200 Subject: [PATCH] ostree: Wait for updated ref as well as signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: https://pagure.io/pungi/issue/1036 Signed-off-by: Lubomír Sedlář --- bin/pungi-wait-for-signed-ostree-handler | 39 ++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/bin/pungi-wait-for-signed-ostree-handler b/bin/pungi-wait-for-signed-ostree-handler index 25997993..fbe29053 100755 --- a/bin/pungi-wait-for-signed-ostree-handler +++ b/bin/pungi-wait-for-signed-ostree-handler @@ -1,6 +1,17 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- +""" +Messaging hook to block compose progress until an ostree commit is signed. + +The signing is implemented by robosignatory, which listens on the message bus +and reacts to messages about new commits. It will create a signature and then +update the ref in the repo to point to the new commit. + +This script should not be used if Pungi is updating the reference on its own +(since that does not leave time for the signature). +""" + from __future__ import print_function import argparse @@ -11,6 +22,22 @@ import os import sys import time + +def is_ref_updated(ref_file, commit): + """The ref is updated when the file points to the correct commit.""" + try: + with open(ref_file) as f: + return f.read().strip() == commit + except IOError: + # Failed to open the file, probably it does not exist, so let's just + # wait more. + return False + + +def ts_log(msg): + print("%s: %s" % (datetime.datetime.utcnow(), msg)) + + if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('cmd') @@ -38,8 +65,7 @@ if __name__ == '__main__': count = 0 while not os.path.exists(path): - print('%s: Commit not signed yet, waiting...' - % datetime.datetime.utcnow()) + ts_log("Commit not signed yet, waiting...") count += 1 if count >= 60: # Repeat every 5 minutes print('Repeating notification') @@ -47,4 +73,11 @@ if __name__ == '__main__': count = 0 time.sleep(5) - print('Found signature.') + print("Found signature, waiting for ref to be updated.") + + ref_file = os.path.join(repo, "refs/heads", data["ref"]) + while not is_ref_updated(ref_file, commit): + ts_log("Ref is not yet up-to-date, waiting...") + time.sleep(5) + + print("Ref is up-to-date. All done!")