git ssb

0+

Monero Pub / gitian.sigs



Tree: 7ebe61199bbdfd40b807b5aff0d914de9a6d44a4

Files: 7ebe61199bbdfd40b807b5aff0d914de9a6d44a4 / verify-merge.py

4998 bytesRaw
1#!/usr/bin/env python3
2import argparse
3import os
4import subprocess
5import glob
6import sys
7
8GIT = os.getenv('GIT','git')
9GPG = os.getenv('GPG','gpg')
10
11def verify():
12 global args, workdir
13 if args.import_keys:
14 os.chdir('gitian-pubkeys')
15 print('Importing pubkeys...')
16 keys = [f for f in glob.glob("*.asc", recursive=True)]
17 for key in keys:
18 subprocess.check_call([GPG, '--import', key])
19 os.chdir('../')
20 if args.refresh_keys:
21 print('Refreshing pubkeys...')
22 subprocess.check_call([GPG, '--refresh'])
23 if not os.path.isdir(args.gitian_builder_dir):
24 sys.stderr.write('Please clone the gitian-builder repository from github.com/devrandom/gitian-builder to the directory containing the gitian.sigs repository.\nIf you already have the gitian.sigs directory cloned, but under another name or path, use --gitian-builder-dir to pass its absolute directory path to the script.\n')
25 sys.exit(1)
26 if not os.path.isdir(args.monero_dir):
27 sys.stderr.write('Please clone the monero repository from github.com/monero-project/monero to the directory containing the gitian.sigs repository.\nIf you already have the monero repository cloned, but under another name or path, use --monero-dir to pass its absolute directory path to the script.\n')
28 sys.exit(1)
29 os.chdir(args.gitian_builder_dir)
30 for os_label, os_id in [("Linux","linux"), ("Windows","win"), ("MacOS","osx")]:
31 if os.path.isdir(workdir + '/' + args.version + '-' + os_id):
32 print('\nVerifying ' + args.version + ' ' + os_label)
33 subprocess.check_call(['bin/gverify', '-v', '-d', workdir, '-r', args.version + '-' + os_id, args.monero_dir + '/contrib/gitian/gitian-' + os_id + '.yml'])
34 os.chdir(workdir)
35
36def main():
37 host_repo = "git@github.com/monero-project/gitian.sigs"
38 global args, workdir
39 parser = argparse.ArgumentParser(usage='%(prog)s [options] version', description='Use this script before merging a pull request to the gitian.sigs repository and to verify the signature of existing gitian assert files and gitian assert files in specific pull requests')
40 parser.add_argument('-p', '--pull_id', dest='pull_id', help='Github Pull request id to check')
41 parser.add_argument('--monero-dir', dest='monero_dir', default='../monero', help='System Path to the monero repository, e.g. /home/user/monero')
42 parser.add_argument('--gitiian-builder-dir', dest='gitian_builder_dir', default='../gitian-builder', help='System Path to the gitian-builder repository, e.g. /home/user/gitian-builder')
43 parser.add_argument('-r', '--remote', dest='remote', default='upstream', help='git remote repository')
44 parser.add_argument('-t', '--target-branch', dest='target_branch', default='master', help='Remote repository merge into branch')
45 parser.add_argument('-m', '--merge', action='store_true', dest='merge', help='Merge the given pull request id')
46 parser.add_argument('-k', '--refresh-keys', action='store_true', dest='refresh_keys', help='refresh all pgp public keys that are currently in the gpg keyring.')
47 parser.add_argument('-i', '--import-keys', action='store_true', dest='import_keys', help='import all public keys in the gitian-pubkeys directory to the gpg keyring.')
48 parser.add_argument('-o', '--no-verify', action='store_true', dest='no_verify', help='Do not run any signature verification')
49 parser.add_argument('-n', '--name', dest='name', help='username for pgp key verification')
50 parser.add_argument('version', help='Version number, commit, or branch to build.')
51
52 args = parser.parse_args()
53
54 workdir = os.getcwd()
55 if args.pull_id != None:
56 # Get branch from remote pull request and compare
57 head_branch = args.pull_id+'_head'
58
59 subprocess.check_call([GIT, 'fetch', args.remote])
60 subprocess.check_call([GIT, 'checkout', args.remote+'/'+args.target_branch])
61 subprocess.check_call([GIT, 'fetch','-q', args.remote, 'pull/'+args.pull_id+'/head:'+head_branch])
62 subprocess.check_call([GIT, 'checkout', '-f', head_branch])
63 if args.merge:
64 # Hard reset the target branch to the remote's state and merge the pull request's head branch into it
65 subprocess.check_call([GIT, 'checkout', args.target_branch])
66 subprocess.check_call([GIT, 'reset', '--hard', args.remote + '/' + args.target_branch])
67 print('Merging and signing pull request #' + args.pull_id + ' , if you are using a smartcard, confirm the signature now.')
68 subprocess.check_call([GIT, 'merge','-q', '--commit', '--no-edit', '-m', 'Merge pull request #'+args.pull_id+' into '+args.target_branch, '--no-ff', '--gpg-sign', head_branch])
69 if not args.no_verify:
70 verify()
71 subprocess.check_call([GIT, 'checkout', 'master'])
72 subprocess.check_call([GIT, 'branch', '-D', head_branch])
73 else:
74 verify()
75
76
77if __name__ == '__main__':
78 main()
79

Built with git-ssb-web