support for included gpg signatures (use utils/verify-sig.py to verify them)

2024-11-21 17:35:55 +01:00 · 2014-03-05 22:52:54 +01:00 · 2014-03-05 22:52:54 +01:00 · dd6fd8ce5d
commit dd6fd8ce5d
parent 72334441ce
2 changed files with 74 additions and 2 deletions
--- a/utils/verify-sig.py
+++ b/utils/verify-sig.py
@ -0,0 +1,53 @@
+#! /usr/bin/env python
+
+"""
+A simple file for verifying signatures in signed waf files
+
+Distributing detached signatures is boring
+"""
+
+import sys, os, re, subprocess
+
+if __name__ == '__main__':
+	try:
+		infile = sys.argv[1]
+	except IndexError:
+		infile = 'waf'
+
+	try:
+		outfile1 = sys.argv[2]
+	except IndexError:
+		outfile1 = infile + '-sig'
+
+	try:
+		outfile2 = sys.argv[3]
+	except IndexError:
+		outfile2 = outfile1 + '.asc'
+
+	f1 = open(outfile1, 'wb')
+	f2 = open(outfile2, 'wb')
+	f = open(infile, 'rb')
+	try:
+		txt = f.read()
+
+		lastline = txt.decode('ISO8859-1').splitlines()[-1] # just the last line
+		if not lastline.startswith('#-----BEGIN PGP SIGNATURE-----'):
+			print("ERROR: there is no signature to verify in %r :-/" % infile)
+			sys.exit(1)
+
+		sigtext = lastline.replace('\\n', '\n') # convert newlines
+		sigtext = sigtext[1:] # omit the '# character'
+		sigtext = sigtext.encode('ISO8859-1') # python3
+
+		f2.write(sigtext)
+		f1.write(txt[:-len(lastline) - 1]) # one newline character was eaten from splitlines()
+	finally:
+		f.close()
+		f1.close()
+		f2.close()
+
+	cmd = 'gpg --verify %s' % outfile2
+	print("-> %r" % cmd)
+	ret = subprocess.Popen(cmd, shell=True).wait()
+	sys.exit(ret)
+
--- a/23
+++ b/23
@ -6,7 +6,7 @@
 to make a custom waf file use the option --tools

 To add a tool that does not exist in the folder compat15, pass an absolute path:
-./waf-light --make-waf --tools=compat15,/comp/waf/aba.py --prelude=$'\tfrom waflib.extras import aba\n\taba.foo()'
+./waf-light  --tools=compat15,/comp/waf/aba.py --prelude=$'\tfrom waflib.extras import aba\n\taba.foo()'
 """


@ -86,9 +86,11 @@ def check(ctx):
 def options(opt):

 	# generate waf
-	opt.add_option('--make-waf', action='store_true', default=False,
+	opt.add_option('--make-waf', action='store_true', default=True,
 		help='creates the waf script', dest='waf')

+	opt.add_option('--sign', action='store_true', default=False, help='make a signed file', dest='signed')
+
 	opt.add_option('--zip-type', action='store', default='bz2',
 		help='specify the zip type [Allowed values: %s]' % ' '.join(zip_types), dest='zip')

@ -368,9 +370,26 @@ def create_waf(*k, **kw):
 		f.write(to_bytes('#==>\n#'))
 		f.write(cnt)
 		f.write(to_bytes('\n#<==\n'))
+
+		if Options.options.signed:
+			f.flush()
+			try:
+				os.remove('waf.asc')
+			except OSError:
+				pass
+			ret = Utils.subprocess.Popen('gpg -bass waf', shell=True).wait()
+			if ret:
+				raise ValueError('Could not sign the waf file!')
+
+			sig = Utils.readf('waf.asc')
+			sig = sig.replace('\r', '').replace('\n', '\\n')
+			f.write('#')
+			f.write(sig)
+			f.write('\n')
 	finally:
 		f.close()

+
 	if sys.platform == 'win32' or Options.options.make_batch:
 		f = open('waf.bat', 'w')
 		try: