Verified Commit d4572f52 authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

db-update: Verify signatures in parallel

parent fc65c032
......@@ -34,6 +34,10 @@ def parse_pkgfiles(pkginfo: str) -> dict:
return sorted(files)
def parse_gpgstatus(status: str) -> list:
return [line.split() for line in status.splitlines()]
def cleandict(obj):
if not isinstance(obj, dict):
return obj
......@@ -72,6 +76,23 @@ async def get_pkgfiles(pkgfile: Path) -> dict:
return parse_pkgfiles(await get_output("bsdtar", "-tf", pkgfile))
async def verify_gpg(pkgfile: Path):
# verify PGP signature
return parse_gpgstatus(
await get_output(
"gpg",
"--quiet",
"--logger-file=/dev/null",
"--status-fd=1",
"--batch",
"--no-tty",
"--verify",
pkgfile.parent / f"{pkgfile.name}.sig",
pkgfile,
)
)
def build_pkgmeta(pkgpath, pkginfo, pkgfiles):
hash_md5 = hashlib.md5()
hash_sha256 = hashlib.sha256()
......@@ -126,9 +147,12 @@ async def main() -> int:
if not packages:
return
# load pkginfo
# load packages in parallel
async def load(ps, p):
ps[p] = await asyncio.gather(get_pkginfo(p), get_pkgfiles(p))
pkginfo, pkgfiles, _ = await asyncio.gather(
get_pkginfo(p), get_pkgfiles(p), verify_gpg(p)
)
ps[p] = (pkginfo, pkgfiles)
await asyncio.gather(
*(load(ps, p) for r, ps in packages.items() for p in ps.keys())
......@@ -176,11 +200,6 @@ async def main() -> int:
):
raise RuntimeError(f"Common fields differ in pkgbase='{pkgbase}'")
# verify PGP signature
await run(
"gpg", "--verify", pkgpath.parent / f"{pkgpath.name}.sig", pkgpath
)
# load pkg metadata
pkgbases[repo][pkgbase]["packages"].append(
build_pkgmeta(pkgpath, pkginfo, pkgfiles)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment