| Server IP : 127.0.0.2 / Your IP : 18.218.24.244 Web Server : Apache/2.4.18 (Ubuntu) System : User : www-data ( ) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/lib/python2.7/dist-packages/bzrlib/ |
Upload File : |
# Copyright (C) 2006, 2007, 2009, 2010, 2011 Canonical Ltd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
"""Command which looks for unsigned commits by the current user, and signs them.
"""
from __future__ import absolute_import
from bzrlib import (
controldir,
errors,
gpg,
revision as _mod_revision,
)
from bzrlib.commands import Command
from bzrlib.option import Option
from bzrlib.i18n import gettext, ngettext
class cmd_sign_my_commits(Command):
__doc__ = """Sign all commits by a given committer.
If location is not specified the local tree is used.
If committer is not specified the default committer is used.
This does not sign commits that already have signatures.
"""
# Note that this signs everything on the branch's ancestry
# (both mainline and merged), but not other revisions that may be in the
# repository
takes_options = [
Option('dry-run',
help='Don\'t actually sign anything, just print'
' the revisions that would be signed.'),
]
takes_args = ['location?', 'committer?']
def run(self, location=None, committer=None, dry_run=False):
if location is None:
bzrdir = controldir.ControlDir.open_containing('.')[0]
else:
# Passed in locations should be exact
bzrdir = controldir.ControlDir.open(location)
branch = bzrdir.open_branch()
repo = branch.repository
branch_config = branch.get_config_stack()
if committer is None:
committer = branch_config.get('email')
gpg_strategy = gpg.GPGStrategy(branch_config)
count = 0
repo.lock_write()
try:
graph = repo.get_graph()
repo.start_write_group()
try:
for rev_id, parents in graph.iter_ancestry(
[branch.last_revision()]):
if _mod_revision.is_null(rev_id):
continue
if parents is None:
# Ignore ghosts
continue
if repo.has_signature_for_revision_id(rev_id):
continue
rev = repo.get_revision(rev_id)
if rev.committer != committer:
continue
# We have a revision without a signature who has a
# matching committer, start signing
self.outf.write("%s\n" % rev_id)
count += 1
if not dry_run:
repo.sign_revision(rev_id, gpg_strategy)
except:
repo.abort_write_group()
raise
else:
repo.commit_write_group()
finally:
repo.unlock()
self.outf.write(
ngettext('Signed %d revision.\n', 'Signed %d revisions.\n', count) %
count)
class cmd_verify_signatures(Command):
__doc__ = """Verify all commit signatures.
Verifies that all commits in the branch are signed by known GnuPG keys.
"""
takes_options = [
Option('acceptable-keys',
help='Comma separated list of GPG key patterns which are'
' acceptable for verification.',
short_name='k',
type=str,),
'revision',
'verbose',
]
takes_args = ['location?']
def run(self, acceptable_keys=None, revision=None, verbose=None,
location=u'.'):
bzrdir = controldir.ControlDir.open_containing(location)[0]
branch = bzrdir.open_branch()
repo = branch.repository
branch_config = branch.get_config_stack()
gpg_strategy = gpg.GPGStrategy(branch_config)
gpg_strategy.set_acceptable_keys(acceptable_keys)
def write(string):
self.outf.write(string + "\n")
def write_verbose(string):
self.outf.write(" " + string + "\n")
self.add_cleanup(repo.lock_read().unlock)
#get our list of revisions
revisions = []
if revision is not None:
if len(revision) == 1:
revno, rev_id = revision[0].in_history(branch)
revisions.append(rev_id)
elif len(revision) == 2:
from_revno, from_revid = revision[0].in_history(branch)
to_revno, to_revid = revision[1].in_history(branch)
if to_revid is None:
to_revno = branch.revno()
if from_revno is None or to_revno is None:
raise errors.BzrCommandError(gettext(
'Cannot verify a range of non-revision-history revisions'))
for revno in range(from_revno, to_revno + 1):
revisions.append(branch.get_rev_id(revno))
else:
#all revisions by default including merges
graph = repo.get_graph()
revisions = []
for rev_id, parents in graph.iter_ancestry(
[branch.last_revision()]):
if _mod_revision.is_null(rev_id):
continue
if parents is None:
# Ignore ghosts
continue
revisions.append(rev_id)
count, result, all_verifiable = gpg.bulk_verify_signatures(
repo, revisions, gpg_strategy)
if all_verifiable:
write(gettext("All commits signed with verifiable keys"))
if verbose:
for message in gpg.verbose_valid_message(result):
write_verbose(message)
return 0
else:
write(gpg.valid_commits_message(count))
if verbose:
for message in gpg.verbose_valid_message(result):
write_verbose(message)
write(gpg.expired_commit_message(count))
if verbose:
for message in gpg.verbose_expired_key_message(result, repo):
write_verbose(message)
write(gpg.unknown_key_message(count))
if verbose:
for message in gpg.verbose_missing_key_message(result):
write_verbose(message)
write(gpg.commit_not_valid_message(count))
if verbose:
for message in gpg.verbose_not_valid_message(result, repo):
write_verbose(message)
write(gpg.commit_not_signed_message(count))
if verbose:
for message in gpg.verbose_not_signed_message(result, repo):
write_verbose(message)
return 1