starlingx
/
update
Code Issues Proposed changes

Debian: Add sign formal patch 

Add option to call signing server via sign_formal_patch.sh
script (same process used by CentOS).

Test Plan:
Pass: build a patch with --formal
Pass: Upload and apply patch with Formal key

Story: 2009969
Task: 45573
Signed-off-by: Luis Sampaio <luis.sampaio@windriver.com>
Change-Id: Iba7c6ddc62aa40c323d7f56514b7a27c198168a5
This commit is contained in:
Luis Sampaio 2022-06-24 08:43:54 -07:00
parent cc06fd92c7
commit ebf58ceee4
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sw-patch/cgcs-patch/cgcs_make_patch/make_patch.py
View File

@ -35,7 +35,6 @@ $STX_BUILD_HOME/localdisk/lat/std/deploy/
Pending items: Pending items:
- Modify patch Status - Modify patch Status
- Formal signing
""" """
import argparse import argparse
@ -337,6 +336,19 @@ class PatchBuilder(object):
return commits_from_base return commits_from_base
def __sign_official_patches(self):
"""
Sign formal patch
Called internally once a patch is created and formal flag is set to true
"""
log.info("Signing patch %s", self.patch_file_name)
try:
patch_file_path = os.path.join(self.deploy_dir, self.patch_file_name)
subprocess.check_call(["sign_patch_formal.sh", patch_file_path])
except subprocess.CalledProcessError as e:
log.exception("Failed to sign official patch. Call to sign_patch_formal.sh process returned non-zero exit status %i", e.returncode)
raise SystemExit(e.returncode)
def prepare_env(self, clone_repo="ostree-clone"): def prepare_env(self, clone_repo="ostree-clone"):
""" """
Generates a copy of the current ostree_repo which is used Generates a copy of the current ostree_repo which is used
@ -358,7 +370,7 @@ class PatchBuilder(object):
subprocess.call(["rsync", "-a", "--exclude", ".lock", self.ostree_repo + "/", clone_dir]) subprocess.call(["rsync", "-a", "--exclude", ".lock", self.ostree_repo + "/", clone_dir])
log.info("Prepared ostree repo clone at %s", clone_dir) log.info("Prepared ostree repo clone at %s", clone_dir)
def create_patch(self, patch_data: PatchRecipeData, clone_dir="ostree-clone"): def create_patch(self, patch_data: PatchRecipeData, clone_dir="ostree-clone", formal=False):
""" """
Creates a debian patch using ostree delta between 2 repos (rsync) Creates a debian patch using ostree delta between 2 repos (rsync)
:param patch_data: PatchRecipeData object :param patch_data: PatchRecipeData object
@ -453,6 +465,10 @@ class PatchBuilder(object):
log.info("Patch file created %s at %s", self.patch_file_name, self.deploy_dir) log.info("Patch file created %s at %s", self.patch_file_name, self.deploy_dir)
if formal:
log.info("Trying to sign formal patch")
self.__sign_official_patches()
def handle_create(params): def handle_create(params):
""" """
@ -468,10 +484,7 @@ def handle_create(params):
# continue steps to create a patch # continue steps to create a patch
patch_builder = PatchBuilder(params.delta_dir) patch_builder = PatchBuilder(params.delta_dir)
patch_builder.create_patch(patch_data, params.clone_repo) patch_builder.create_patch(patch_data, params.clone_repo, params.formal)
if params.formal:
log.info("Formal signing not supported yet")
def handle_prepare(params): def handle_prepare(params):
@ -512,9 +525,6 @@ if __name__ == "__main__":
if args.cmd == "create": if args.cmd == "create":
handle_create(args) handle_create(args)
if args.formal:
log.info("Formal signing not supported yet")
elif args.cmd == "prepare": elif args.cmd == "prepare":
handle_prepare(args) handle_prepare(args)