93bc843682
If there is no new commit in the repo, we should not wait for a signature, as there is nothing to sign. Fixes: https://pagure.io/pungi/issue/1046 Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
88 lines
2.5 KiB
Python
Executable File
88 lines
2.5 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
"""
|
|
Messaging hook to block compose progress until an ostree commit is signed.
|
|
|
|
The signing is implemented by robosignatory, which listens on the message bus
|
|
and reacts to messages about new commits. It will create a signature and then
|
|
update the ref in the repo to point to the new commit.
|
|
|
|
This script should not be used if Pungi is updating the reference on its own
|
|
(since that does not leave time for the signature).
|
|
"""
|
|
|
|
from __future__ import print_function
|
|
|
|
import argparse
|
|
import datetime
|
|
import fedmsg.config
|
|
import json
|
|
import os
|
|
import sys
|
|
import time
|
|
|
|
|
|
def is_ref_updated(ref_file, commit):
|
|
"""The ref is updated when the file points to the correct commit."""
|
|
try:
|
|
with open(ref_file) as f:
|
|
return f.read().strip() == commit
|
|
except IOError:
|
|
# Failed to open the file, probably it does not exist, so let's just
|
|
# wait more.
|
|
return False
|
|
|
|
|
|
def ts_log(msg):
|
|
print("%s: %s" % (datetime.datetime.utcnow(), msg))
|
|
|
|
|
|
if __name__ == '__main__':
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument('cmd')
|
|
opts = parser.parse_args()
|
|
|
|
if opts.cmd != 'ostree':
|
|
# Not an announcement of new ostree commit, nothing to do.
|
|
sys.exit()
|
|
|
|
try:
|
|
data = json.load(sys.stdin)
|
|
except ValueError:
|
|
print('Failed to decode data', file=sys.stderr)
|
|
sys.exit(1)
|
|
|
|
repo = data['local_repo_path']
|
|
commit = data['commitid']
|
|
if not commit:
|
|
print("No new commit was created, nothing will get signed.")
|
|
sys.exit(0)
|
|
|
|
path = '%s/objects/%s/%s.commitmeta' % (repo, commit[:2], commit[2:])
|
|
|
|
config = fedmsg.config.load_config()
|
|
config['active'] = True # Connect out to a fedmsg-relay instance
|
|
config['cert_prefix'] = 'releng' # Use this cert.
|
|
fedmsg.init(**config)
|
|
topic = 'compose.%s' % opts.cmd.replace('-', '.').lower()
|
|
|
|
count = 0
|
|
while not os.path.exists(path):
|
|
ts_log("Commit not signed yet, waiting...")
|
|
count += 1
|
|
if count >= 60: # Repeat every 5 minutes
|
|
print('Repeating notification')
|
|
fedmsg.publish(topic=topic, modname='pungi', msg=data)
|
|
count = 0
|
|
time.sleep(5)
|
|
|
|
print("Found signature, waiting for ref to be updated.")
|
|
|
|
ref_file = os.path.join(repo, "refs/heads", data["ref"])
|
|
while not is_ref_updated(ref_file, commit):
|
|
ts_log("Ref is not yet up-to-date, waiting...")
|
|
time.sleep(5)
|
|
|
|
print("Ref is up-to-date. All done!")
|