launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] lp:~apw/launchpad/signing-record-public-keys-when-used into lp:launchpad

To: Andy Whitcroft <apw@xxxxxxxxxxxxx>
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Fri, 10 Jun 2016 10:04:28 -0000
In-reply-to: <20160607143045.23543.31321.launchpad@ackee.canonical.com>
Reply-to: mp+296678@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Review: Approve



Diff comments:

> === modified file 'lib/lp/archivepublisher/signing.py'
> --- lib/lp/archivepublisher/signing.py	2016-06-06 16:53:57 +0000
> +++ lib/lp/archivepublisher/signing.py	2016-06-07 14:29:40 +0000
> @@ -104,12 +105,30 @@
>              dists_signed, "%s-%s" % (self.package, self.arch))
>          self.archiveroot = pubconf.archiveroot
>  
> +        self.public_keys = []
> +
> +    def publishPublicKey(self, key):
> +        """Record this key as having been used in this upload."""
> +        if key not in self.public_keys:
> +            self.public_keys.append(key)

Order doesn't matter, so self.public_keys could be initialised to set(), then it's just self.public_keys.add(key) and you can drop the "not in" test.

> +
> +    def copyPublishedPublicKeys(self):
> +        """Copy out published keys into the custom upload."""
> +        keydir = os.path.join(self.tmpdir, self.version, "control")
> +        if not os.path.exists(keydir):
> +            os.makedirs(keydir)
> +        for key in self.public_keys:
> +            # Ensure we only emit files which are world readable.
> +            if stat.S_IMODE(os.stat(key).st_mode) & stat.S_IROTH:
> +                shutil.copy(key, os.path.join(keydir, os.path.basename(key)))

The case where an alleged public key isn't world-readable shouldn't happen, so it seems at least worth a log entry of some kind.

> +
>      def setSigningOptions(self):
> -        """Find and extract raw-signing.options from the tarball."""
> +        """Find and extract raw-signing options from the tarball."""
>          self.signing_options = {}
>  
> +        # Look for an options file in the top level control directory.
>          options_file = os.path.join(self.tmpdir, self.version,
> -            "raw-signing.options")
> +            "control", "options")
>          if not os.path.exists(options_file):
>              return
>  


-- 
https://code.launchpad.net/~apw/launchpad/signing-record-public-keys-when-used/+merge/296678
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.

References

[Merge] lp:~apw/launchpad/signing-record-public-keys-when-used into lp:launchpad
From: Andy Whitcroft, 2016-06-07