launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:sync-signingkeys-filename into launchpad:master

To: mp+421587@xxxxxxxxxxxxxxxxxx
From: Colin Watson <mp+421587@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 May 2022 12:15:46 -0000
Reply-to: mp+421587@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:sync-signingkeys-filename into launchpad:master.

Commit message:
sync-signingkeys: Allow overriding local keys directory

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/421587

Injecting manually-generated key material currently requires either putting keys in the location on the filesystem from which the publisher's signing logic reads keys, or writing Python code manually.  Neither is particularly ideal.  Add a `--local-keys` option to the `sync-signingkeys` script to help with this.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:sync-signingkeys-filename into launchpad:master.

diff --git a/lib/lp/archivepublisher/scripts/sync_signingkeys.py b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
index a856f55..fb5996e 100644
--- a/lib/lp/archivepublisher/scripts/sync_signingkeys.py
+++ b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
@@ -49,6 +49,9 @@ class SyncSigningKeysScript(LaunchpadScript):
         self.parser.add_option(
             "-t", "--type",
             help="The type of keys to process (default: all types).")
+        self.parser.add_option(
+            "--local-keys",
+            help="Override directory where local keys are found.")
 
         self.parser.add_option(
             "-l", "--limit", dest="limit", type=int,
@@ -139,21 +142,24 @@ class SyncSigningKeysScript(LaunchpadScript):
                  archive's root signing) and the values are the directories
                  where the keys for that series are stored."""
         series_paths = {}
-        pubconf = getPubConfig(archive)
-        if pubconf is None or pubconf.signingroot is None:
-            self.logger.debug(
-                "Skipping %s: no pubconfig or no signing root." %
-                archive.reference)
-            return {}
+        if self.options.local_keys is not None:
+            local_keys = self.options.local_keys
+        else:
+            pubconf = getPubConfig(archive)
+            if pubconf is None or pubconf.signingroot is None:
+                self.logger.debug(
+                    "Skipping %s: no pubconfig or no signing root." %
+                    archive.reference)
+                return {}
+            local_keys = pubconf.signingroot
         for series in archive.distribution.series:
-            path = os.path.join(pubconf.signingroot, series.name)
+            path = os.path.join(local_keys, series.name)
             self.logger.debug("\tChecking if %s exists.", path)
             if os.path.exists(path):
                 series_paths[series] = path
-        self.logger.debug(
-            "\tChecking if root dir %s exists.", pubconf.signingroot)
-        if os.path.exists(pubconf.signingroot):
-            series_paths[None] = pubconf.signingroot
+        self.logger.debug("\tChecking if root dir %s exists.", local_keys)
+        if os.path.exists(local_keys):
+            series_paths[None] = local_keys
         return series_paths
 
     def inject(self, archive, key_type, series, priv_key_path, pub_key_path):
diff --git a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
index 9f54f5a..5ea5556 100644
--- a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
+++ b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
@@ -190,6 +190,25 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
             None: Equals(archive_root)
         }))
 
+    def test_get_series_paths_override_local_keys_directory(self):
+        distro = self.factory.makeDistribution()
+        series1 = self.factory.makeDistroSeries(distribution=distro)
+        series2 = self.factory.makeDistroSeries(distribution=distro)
+        # For this series, we will not create the keys directory.
+        self.factory.makeDistroSeries(distribution=distro)
+        local_keys = self.useFixture(TempDir()).path
+        os.makedirs(os.path.join(local_keys, series1.name))
+        os.makedirs(os.path.join(local_keys, series2.name))
+
+        archive = self.factory.makeArchive(distribution=distro)
+
+        script = self.makeScript(["--local-keys", local_keys])
+        self.assertThat(script.getSeriesPaths(archive), MatchesDict({
+            series1: Equals(os.path.join(local_keys, series1.name)),
+            series2: Equals(os.path.join(local_keys, series2.name)),
+            None: Equals(local_keys)
+        }))
+
     def test_process_archive(self):
         distro = self.factory.makeDistribution()
         series1 = self.factory.makeDistroSeries(distribution=distro)