launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #25494
[Merge] ~cjwatson/launchpad:sync-signingkeys-missing-gpg into launchpad:master
Colin Watson has proposed merging ~cjwatson/launchpad:sync-signingkeys-missing-gpg into launchpad:master.
Commit message:
Check whether OpenPGP keys exist before injecting them
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/392175
We already did this for other key types (via SyncSigningKeysScript.getKeysPerType).
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:sync-signingkeys-missing-gpg into launchpad:master.
diff --git a/lib/lp/archivepublisher/scripts/sync_signingkeys.py b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
index 740a235..b535875 100644
--- a/lib/lp/archivepublisher/scripts/sync_signingkeys.py
+++ b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
@@ -239,10 +239,11 @@ class SyncSigningKeysScript(LaunchpadScript):
archive.signing_key is not None):
secret_key_path = ISignableArchive(archive).getPathForSecretKey(
archive.signing_key)
- self.logger.info(
- "Found key file %s (type=%s).",
- secret_key_path, SigningKeyType.OPENPGP)
- self.injectGPG(archive, secret_key_path)
+ if os.path.exists(secret_key_path):
+ self.logger.info(
+ "Found key file %s (type=%s).",
+ secret_key_path, SigningKeyType.OPENPGP)
+ self.injectGPG(archive, secret_key_path)
def main(self):
for i, archive in enumerate(self.getArchives()):
diff --git a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
index 22e38f5..4f410a2 100644
--- a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
+++ b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
@@ -376,6 +376,55 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
SigningKeyType.FIT, archive.reference, series1.name),
]))
+ def test_process_archive_openpgp(self):
+ archive = self.factory.makeArchive()
+
+ # Create a fake OpenPGP key.
+ gpgkey = self.factory.makeGPGKey(archive.owner)
+ secret_key_path = os.path.join(
+ self.signing_root_dir, "%s.gpg" % gpgkey.fingerprint)
+ with open(secret_key_path, "wb") as fd:
+ fd.write(b"Private key %s" % gpgkey.fingerprint)
+ archive.signing_key_owner = archive.owner
+ archive.signing_key_fingerprint = gpgkey.fingerprint
+
+ script = self.makeScript(["--archive", archive.reference])
+ script.injectGPG = mock.Mock()
+ script.main()
+
+ script.injectGPG.assert_called_once_with(archive, secret_key_path)
+
+ # Check the log messages.
+ content = script.logger.content.as_text()
+ self.assertIn(
+ "DEBUG #0 - Processing keys for archive %s." % archive.reference,
+ content)
+ self.assertIn(
+ "INFO Found key file %s (type=%s)." % (
+ secret_key_path, SigningKeyType.OPENPGP),
+ content)
+
+ def test_process_archive_openpgp_missing(self):
+ archive = self.factory.makeArchive()
+
+ # Create a fake OpenPGP key, but don't write anything to disk.
+ gpgkey = self.factory.makeGPGKey(archive.owner)
+ archive.signing_key_owner = archive.owner
+ archive.signing_key_fingerprint = gpgkey.fingerprint
+
+ script = self.makeScript(["--archive", archive.reference])
+ script.injectGPG = mock.Mock()
+ script.main()
+
+ self.assertEqual(0, script.injectGPG.call_count)
+
+ # Check the log messages.
+ content = script.logger.content.as_text()
+ self.assertIn(
+ "DEBUG #0 - Processing keys for archive %s." % archive.reference,
+ content)
+ self.assertNotIn("INFO Found key file", content)
+
def test_inject(self):
signing_service_client = self.useFixture(
SigningServiceClientFixture(self.factory))
