git ssb

1
#!/usr/bin/env python3
2
import argparse
3
import os
4
import subprocess
5
import glob
6
7
GIT = os.getenv('GIT','git')
8
GPG = os.getenv('GPG','gpg')
9
10
def verify():
11
    global args, workdir
12
    os.chdir('gitian-pubkeys')
13
    print('Importing pubkeys...')
14
    keys = [f for f in glob.glob("*.asc", recursive=True)]
15
    for key in keys:
16
        subprocess.check_call([GPG, '--import', key])
17
    print('Refreshing pubkeys...')
18
    subprocess.check_call([GPG, '--refresh'])
19
    os.chdir('../../gitian-builder')
20
    print('\nVerifying '+args.version+' Linux\n')
21
    subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-linux', '../monero/contrib/gitian/gitian-linux.yml'])
22
    print('\nVerifying '+args.version+' Windows\n')
23
    subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-win', '../monero/contrib/gitian/gitian-win.yml'])
24
    print('\nVerifying '+args.version+' MacOS\n')
25
    subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx', '../monero/contrib/gitian/gitian-osx.yml'])
26
    os.chdir(workdir)
27
28
def main():
29
    host_repo = "git@github.com/monero-project/gitian.sigs"
30
    global args, workdir
31
    parser = argparse.ArgumentParser(usage='%(prog)s [options] version', description='Use this script before merging a pull request to the gitian.sigs repository and to verify the signature of existing gitian assert files and gitian assert files in specific pull requests')
32
    parser.add_argument('-p', '--pull_id', dest='pull_id', help='Github Pull request id to check')
33
    parser.add_argument('-r', '--remote', dest='remote', default='upstream', help='git remote repository')
34
    parser.add_argument('-t', '--target_branch', dest='target_branch', default='master', help='Remote repository merge into branch')
35
    parser.add_argument('-m', '--merge', action='store_true', dest='merge', help='Merge the given pull request id')
36
    parser.add_argument('-o', '--no-verify', action='store_true', dest='no_verify', help='Do not run any signature verification')
37
    parser.add_argument('-n', '--name', dest='name', help='username for pgp key verification')
38
    parser.add_argument('version', help='Version number, commit, or branch to build.')
39
40
    args = parser.parse_args()
41
    workdir = os.getcwd()
42
    if args.pull_id != None:
43
        # Get branch from remote pull request and compare
44
        head_branch = args.pull_id+'_head'
45
46
        subprocess.check_call([GIT, 'fetch', args.remote])
47
        subprocess.check_call([GIT, 'checkout', args.remote+'/'+args.target_branch])
48
        subprocess.check_call([GIT, 'fetch','-q', args.remote, 'pull/'+args.pull_id+'/head:'+head_branch])
49
        subprocess.check_call([GIT, 'checkout', '-f', head_branch])
50
        if args.merge:
51
            # Hard reset the target branch to the remote's state and merge the pull request's head branch into it
52
            subprocess.check_call([GIT, 'checkout', args.target_branch])
53
            subprocess.check_call([GIT, 'reset', '--hard', args.remote + '/' + args.target_branch])
54
            print('Merging and signing pull request #' + args.pull_id + ' , if you are using a smartcard, confirm the signature now.')
55
            subprocess.check_call([GIT, 'merge','-q', '--commit', '--no-edit', '-m', 'Merge pull request #'+args.pull_id+' into '+args.target_branch, '--no-ff', '--gpg-sign', head_branch])
56
        if not args.no_verify:
57
            verify()
58
        subprocess.check_call([GIT, 'checkout', 'master'])
59
        subprocess.check_call([GIT, 'branch', '-D', head_branch])
60
    else:
61
        verify()
62
63
64
if __name__ == '__main__':
65
    main()
66