Launchpad itself

Merge lp:~twom/launchpad/per-series-signing-keys into lp:launchpad

  1. per-series-signing-keys
  2. Merge into devel
Proposed by Tom Wardill
Status: Merged
Merged at revision: 19036
Proposed branch: lp:~twom/launchpad/per-series-signing-keys
Merge into: lp:launchpad
Diff against target: 177 lines (+60/-26)
2 files modified
lib/lp/archivepublisher/signing.py (+33/-18)
lib/lp/archivepublisher/tests/test_signing.py (+27/-8)
To merge this branch: bzr merge lp:~twom/launchpad/per-series-signing-keys
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+371891@code.launchpad.net

Commit message

Start with the matching series, not the first.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) wrote :

Could we have a test for the bug you're fixing with this MP, please?

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/archivepublisher/signing.py'
2--- lib/lp/archivepublisher/signing.py 2019-08-27 09:40:34 +0000
3+++ lib/lp/archivepublisher/signing.py 2019-08-27 16:11:25 +0000
4@@ -82,20 +82,24 @@
5 self.package, self.version, self.arch = self.parsePath(
6 tarfile_path)
7
8- def getSeriesPath(self, pubconf, key_name, archive):
9+ def getSeriesPath(self, pubconf, key_name, archive, signing_for):
10 """Find the key path for a given series.
11
12 Will iterate the series list backwards until either one exists,
13 or we reach the key at the filesystem root.
14 """
15+ found = False
16 for series in archive.distribution.series:
17- path = os.path.join(
18- pubconf.signingroot,
19- series.name,
20- key_name
21- )
22- if os.path.exists(path):
23- return path
24+ if series.name == signing_for:
25+ found = True
26+ if found:
27+ path = os.path.join(
28+ pubconf.signingroot,
29+ series.name,
30+ key_name
31+ )
32+ if os.path.exists(path):
33+ return path
34 # If we have exhausted all available series, return the root
35 return os.path.join(pubconf.signingroot, key_name)
36
37@@ -118,26 +122,37 @@
38 self.fit_cert = None
39 self.autokey = False
40 else:
41- self.uefi_key = self.getSeriesPath(pubconf, "uefi.key", archive)
42- self.uefi_cert = self.getSeriesPath(pubconf, "uefi.crt", archive)
43- self.kmod_pem = self.getSeriesPath(pubconf, "kmod.pem", archive)
44- self.kmod_x509 = self.getSeriesPath(pubconf, "kmod.x509", archive)
45- self.opal_pem = self.getSeriesPath(pubconf, "opal.pem", archive)
46- self.opal_x509 = self.getSeriesPath(pubconf, "opal.x509", archive)
47- self.sipl_pem = self.getSeriesPath(pubconf, "sipl.pem", archive)
48- self.sipl_x509 = self.getSeriesPath(pubconf, "sipl.x509", archive)
49+ signing_for = suite.split('-')[0]
50+ self.uefi_key = self.getSeriesPath(
51+ pubconf, "uefi.key", archive, signing_for)
52+ self.uefi_cert = self.getSeriesPath(
53+ pubconf, "uefi.crt", archive, signing_for)
54+ self.kmod_pem = self.getSeriesPath(
55+ pubconf, "kmod.pem", archive, signing_for)
56+ self.kmod_x509 = self.getSeriesPath(
57+ pubconf, "kmod.x509", archive, signing_for)
58+ self.opal_pem = self.getSeriesPath(
59+ pubconf, "opal.pem", archive, signing_for)
60+ self.opal_x509 = self.getSeriesPath(
61+ pubconf, "opal.x509", archive, signing_for)
62+ self.sipl_pem = self.getSeriesPath(
63+ pubconf, "sipl.pem", archive, signing_for)
64+ self.sipl_x509 = self.getSeriesPath(
65+ pubconf, "sipl.x509", archive, signing_for)
66 # Note: the signature tool allows a collection of keys and takes
67 # a directory name with all valid keys. Avoid mixing the
68 # other signing types' keys with the fit keys.
69 self.fit_key = self.getSeriesPath(
70 pubconf,
71 os.path.join("fit", "fit.key"),
72- archive
73+ archive,
74+ signing_for
75 )
76 self.fit_cert = self.getSeriesPath(
77 pubconf,
78 os.path.join("fit", "fit.crt"),
79- archive
80+ archive,
81+ signing_for
82 )
83 self.autokey = pubconf.signingautokey
84
85
86=== modified file 'lib/lp/archivepublisher/tests/test_signing.py'
87--- lib/lp/archivepublisher/tests/test_signing.py 2019-08-27 09:40:34 +0000
88+++ lib/lp/archivepublisher/tests/test_signing.py 2019-08-27 16:11:25 +0000
89@@ -979,13 +979,14 @@
90 This should fall through to the first series,
91 as the second does not have keys.
92 """
93+ self.suite = "nokeys-distroseries"
94 first_series = self.factory.makeDistroSeries(
95 self.distro,
96- name="existing-keys"
97+ name="existingkeys"
98 )
99 self.factory.makeDistroSeries(
100 self.distro,
101- name="no-keys"
102+ name="nokeys"
103 )
104 # Each image in the tarball is signed.
105 self.setUpUefiKeys()
106@@ -997,7 +998,7 @@
107 self.assertContentEqual(expected_callers, upload.callLog.caller_list())
108 # Check the correct series name appears in the call arguments
109 self.assertIn(
110- "existing-keys",
111+ "existingkeys",
112 upload.callLog.extract_args()[0][1][2])
113
114 def test_signs_fit_image(self):
115@@ -1385,7 +1386,7 @@
116 upload = SigningUpload()
117 config = getPubConfig(self.archive)
118 result = upload.getSeriesPath(
119- config, 'key.key', self.archive)
120+ config, 'key.key', self.archive, 'notaseries')
121 expected_path = os.path.join(config.signingroot, 'key.key')
122 self.assertEqual(expected_path, result)
123
124@@ -1395,7 +1396,7 @@
125 upload = SigningUpload()
126 config = getPubConfig(self.archive)
127 result = upload.getSeriesPath(
128- config, "uefi.key", self.archive)
129+ config, "uefi.key", self.archive, "newdistroseries")
130 expected_path = os.path.join(config.signingroot, "uefi.key")
131 self.assertEqual(expected_path, result)
132
133@@ -1406,7 +1407,7 @@
134 upload = SigningUpload()
135 config = getPubConfig(self.archive)
136 result = upload.getSeriesPath(
137- config, "uefi.key", self.archive)
138+ config, "uefi.key", self.archive, "newdistroseries")
139 expected_path = os.path.join(
140 config.signingroot,
141 "newdistroseries",
142@@ -1424,7 +1425,7 @@
143 upload = SigningUpload()
144 config = getPubConfig(self.archive)
145 result = upload.getSeriesPath(
146- config, "uefi.key", self.archive)
147+ config, "uefi.key", self.archive, "seconddistroseries")
148 expected_path = os.path.join(
149 config.signingroot,
150 "seconddistroseries",
151@@ -1440,7 +1441,25 @@
152 upload = SigningUpload()
153 config = getPubConfig(self.archive)
154 result = upload.getSeriesPath(
155- config, "uefi.key", self.archive)
156+ config, "uefi.key", self.archive, "seconddistroseries")
157+ expected_path = os.path.join(
158+ config.signingroot,
159+ "newdistroseries",
160+ "uefi.key",
161+ )
162+ self.assertEqual(expected_path, result)
163+
164+ def test_getSeriesKeyName_correct_list(self):
165+ self.setUpUefiKeys(
166+ series=self.factory.makeDistroSeries(
167+ self.distro, name="newdistroseries"))
168+ self.setUpUefiKeys(
169+ series=self.factory.makeDistroSeries(
170+ self.distro, name="seconddistroseries"))
171+ upload = SigningUpload()
172+ config = getPubConfig(self.archive)
173+ result = upload.getSeriesPath(
174+ config, "uefi.key", self.archive, "newdistroseries")
175 expected_path = os.path.join(
176 config.signingroot,
177 "newdistroseries",