~bzr-pqm/bzr/bzr.dev

5752.3.8 by John Arbash Meinel
Merge bzr.dev 5764 to resolve release-notes (aka NEWS) conflicts
1
# Copyright (C) 2006, 2007, 2009, 2010, 2011 Canonical Ltd
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
2
#
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
7
#
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
# GNU General Public License for more details.
1887.1.1 by Adeodato Simó
Do not separate paragraphs in the copyright statement with blank lines,
12
#
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
4183.7.1 by Sabin Iacob
update FSF mailing address
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
1732.2.3 by Martin Pool
sign-my-commits just signs revisions in the branch's ancestry.
16
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
17
"""Command which looks for unsigned commits by the current user, and signs them.
18
"""
19
1996.3.14 by John Arbash Meinel
lazy_import osutils and sign_my_commits
20
from bzrlib.lazy_import import lazy_import
21
lazy_import(globals(), """
22
from bzrlib import (
5753.2.2 by Jelmer Vernooij
Remove some unnecessary imports, clean up lazy imports.
23
    bzrdir as _mod_bzrdir,
5972.3.23 by Jelmer Vernooij
Fix handling of ghosts in sign_my_commits.
24
    errors,
1996.3.14 by John Arbash Meinel
lazy_import osutils and sign_my_commits
25
    gpg,
5972.3.2 by Jelmer Vernooij
Use iter_ancestry rather than get_ancestry.
26
    revision as _mod_revision,
1996.3.14 by John Arbash Meinel
lazy_import osutils and sign_my_commits
27
    )
28
""")
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
29
from bzrlib.commands import Command
30
from bzrlib.option import Option
5971.1.24 by Jonathan Riddell
fix translations for plural forms
31
from bzrlib.i18n import gettext, ngettext
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
32
33
class cmd_sign_my_commits(Command):
5131.2.1 by Martin
Permit bzrlib to run under python -OO by explictly assigning to __doc__ for user-visible docstrings
34
    __doc__ = """Sign all commits by a given committer.
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
35
36
    If location is not specified the local tree is used.
37
    If committer is not specified the default committer is used.
38
39
    This does not sign commits that already have signatures.
40
    """
1732.2.3 by Martin Pool
sign-my-commits just signs revisions in the branch's ancestry.
41
    # Note that this signs everything on the branch's ancestry
42
    # (both mainline and merged), but not other revisions that may be in the
43
    # repository
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
44
2598.1.2 by Martin Pool
Also check that option help ends in a period, and fix those that don't
45
    takes_options = [
46
            Option('dry-run',
47
                   help='Don\'t actually sign anything, just print'
48
                        ' the revisions that would be signed.'),
49
            ]
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
50
    takes_args = ['location?', 'committer?']
51
52
    def run(self, location=None, committer=None, dry_run=False):
53
        if location is None:
5753.2.2 by Jelmer Vernooij
Remove some unnecessary imports, clean up lazy imports.
54
            bzrdir = _mod_bzrdir.BzrDir.open_containing('.')[0]
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
55
        else:
56
            # Passed in locations should be exact
5753.2.2 by Jelmer Vernooij
Remove some unnecessary imports, clean up lazy imports.
57
            bzrdir = _mod_bzrdir.BzrDir.open(location)
1732.2.3 by Martin Pool
sign-my-commits just signs revisions in the branch's ancestry.
58
        branch = bzrdir.open_branch()
59
        repo = branch.repository
1770.2.12 by Aaron Bentley
Merge bzr.dev
60
        branch_config = branch.get_config()
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
61
62
        if committer is None:
1773.4.1 by Martin Pool
Add pyflakes makefile target; fix many warnings
63
            committer = branch_config.username()
64
        gpg_strategy = gpg.GPGStrategy(branch_config)
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
65
66
        count = 0
1711.2.35 by John Arbash Meinel
sign-my-commits should take out a write lock.
67
        repo.lock_write()
68
        try:
5972.3.2 by Jelmer Vernooij
Use iter_ancestry rather than get_ancestry.
69
            graph = repo.get_graph()
3010.1.15 by Robert Collins
Manage write groups in sign_my_commits, for efficiency.
70
            repo.start_write_group()
71
            try:
5972.3.2 by Jelmer Vernooij
Use iter_ancestry rather than get_ancestry.
72
                for rev_id, parents in graph.iter_ancestry(
73
                        [branch.last_revision()]):
74
                    if _mod_revision.is_null(rev_id):
75
                        continue
5972.3.24 by Jelmer Vernooij
Simplify ghost check.
76
                    if parents is None:
77
                        # Ignore ghosts
78
                        continue
79
                    if repo.has_signature_for_revision_id(rev_id):
3010.1.15 by Robert Collins
Manage write groups in sign_my_commits, for efficiency.
80
                        continue
81
                    rev = repo.get_revision(rev_id)
82
                    if rev.committer != committer:
83
                        continue
3943.8.1 by Marius Kruger
remove all trailing whitespace from bzr source
84
                    # We have a revision without a signature who has a
3010.1.15 by Robert Collins
Manage write groups in sign_my_commits, for efficiency.
85
                    # matching committer, start signing
86
                    print rev_id
87
                    count += 1
88
                    if not dry_run:
89
                        repo.sign_revision(rev_id, gpg_strategy)
90
            except:
91
                repo.abort_write_group()
92
                raise
93
            else:
94
                repo.commit_write_group()
1711.2.35 by John Arbash Meinel
sign-my-commits should take out a write lock.
95
        finally:
96
            repo.unlock()
1185.78.6 by John Arbash Meinel
Adding sign-my-commits as a builtin, along with some simple tests.
97
        print 'Signed %d revisions' % (count,)
98
99
5971.1.52 by Jonathan Riddell
change command name to verify-signatures
100
class cmd_verify_signatures(Command):
5971.1.3 by Jonathan Riddell
tidying up
101
    __doc__ = """Verify all commit signatures.
102
103
    Verifies that all commits in the branch are signed by known GnuPG keys.
5971.1.1 by Jonathan Riddell
add a verify command
104
    """
5971.1.3 by Jonathan Riddell
tidying up
105
5971.1.12 by Jonathan Riddell
add acceptable-keys option
106
    takes_options = [
107
            Option('acceptable-keys',
108
                   help='Comma separated list of GPG key patterns which are'
109
                        ' acceptable for verification.',
110
                   short_name='k',
111
                   type=str,),
5971.1.17 by Jonathan Riddell
add verbose option
112
            'revision', 
113
            'verbose',
5971.1.15 by Jonathan Riddell
add a revision argument to bzr verify
114
          ]
5971.1.76 by Jonathan Riddell
change directory option to location argument
115
    takes_args = ['location?']
5971.1.12 by Jonathan Riddell
add acceptable-keys option
116
5971.1.53 by Jonathan Riddell
add directory option
117
    def run(self, acceptable_keys=None, revision=None, verbose=None,
5971.1.76 by Jonathan Riddell
change directory option to location argument
118
                                                            location=u'.'):
119
        bzrdir = _mod_bzrdir.BzrDir.open_containing(location)[0]
5971.1.1 by Jonathan Riddell
add a verify command
120
        branch = bzrdir.open_branch()
121
        repo = branch.repository
122
        branch_config = branch.get_config()
123
        gpg_strategy = gpg.GPGStrategy(branch_config)
5971.1.56 by Jonathan Riddell
add an option for acceptable_keys in config, also make config docs match reality for signature options
124
5971.1.69 by Jonathan Riddell
move some code from cmd_verify to gpg.set_acceptable_keys
125
        gpg_strategy.set_acceptable_keys(acceptable_keys)
5971.1.70 by Jonathan Riddell
move code which does verifications of revisions from cmd_verify_signatures to gpg.do_verifications
126
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
127
        def write(string):
128
            self.outf.write(string + "\n")
129
        def write_verbose(string):
130
            self.outf.write("  " + string + "\n")
131
5971.1.70 by Jonathan Riddell
move code which does verifications of revisions from cmd_verify_signatures to gpg.do_verifications
132
        #get our list of revisions
5971.1.15 by Jonathan Riddell
add a revision argument to bzr verify
133
        revisions = []
134
        if revision is not None:
135
            if len(revision) == 1:
136
                revno, rev_id = revision[0].in_history(branch)
137
                revisions.append(rev_id)
138
            elif len(revision) == 2:
139
                from_revno, from_revid = revision[0].in_history(branch)
140
                to_revno, to_revid = revision[1].in_history(branch)
141
                if to_revid is None:
142
                    to_revno = branch.revno()
143
                if from_revno is None or to_revno is None:
6138.3.1 by Jonathan Riddell
use gettext() in more files
144
                    raise errors.BzrCommandError(gettext(
145
                    'Cannot verify a range of non-revision-history revisions'))
5971.1.15 by Jonathan Riddell
add a revision argument to bzr verify
146
                for revno in range(from_revno, to_revno + 1):
147
                    revisions.append(branch.get_rev_id(revno))
148
        else:
5971.1.16 by Jonathan Riddell
tidying
149
            #all revisions by default including merges
5971.1.50 by Jonathan Riddell
merge in trunk
150
            graph = repo.get_graph()
151
            revisions = []
152
            repo.lock_read()
153
            for rev_id, parents in graph.iter_ancestry(
154
                    [branch.last_revision()]):
155
                if _mod_revision.is_null(rev_id):
156
                    continue
157
                if parents is None:
158
                    # Ignore ghosts
159
                    continue
160
                revisions.append(rev_id)
161
            repo.unlock()
5971.1.70 by Jonathan Riddell
move code which does verifications of revisions from cmd_verify_signatures to gpg.do_verifications
162
        count, result, all_verifiable =\
163
                                gpg_strategy.do_verifications(revisions, repo)
164
        if all_verifiable:
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
165
               write(gettext(
5971.1.76 by Jonathan Riddell
change directory option to location argument
166
                            "All commits signed with verifiable keys"))
5971.1.17 by Jonathan Riddell
add verbose option
167
               if verbose:
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
168
                   write(gpg_strategy.verbose_valid_message(result))
5971.1.2 by Jonathan Riddell
give result to user
169
               return 0
170
        else:
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
171
            write(gpg_strategy.valid_commits_message(count))
172
            if verbose:
5971.1.75 by Jonathan Riddell
fix verbose messages, now return a list
173
               for message in gpg_strategy.verbose_valid_message(result):
174
                   write_verbose(message)
6043.3.1 by Jonathan Riddell
Report commits signed with expired keys in "verify-signatures".
175
            write(gpg_strategy.expired_commit_message(count))
176
            if verbose:
177
               for message in gpg_strategy.verbose_expired_key_message(result,
178
                                                                          repo):
179
                   write_verbose(message)
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
180
            write(gpg_strategy.unknown_key_message(count))
181
            if verbose:
5971.1.75 by Jonathan Riddell
fix verbose messages, now return a list
182
                for message in gpg_strategy.verbose_missing_key_message(result):
183
                    write_verbose(message)
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
184
            write(gpg_strategy.commit_not_valid_message(count))
185
            if verbose:
5971.1.75 by Jonathan Riddell
fix verbose messages, now return a list
186
                for message in gpg_strategy.verbose_not_valid_message(result,
187
                                                                        repo):
188
                   write_verbose(message)
5971.1.74 by Jonathan Riddell
formatting changes necessary for qbzr
189
            write(gpg_strategy.commit_not_signed_message(count))
190
            if verbose:
5971.1.75 by Jonathan Riddell
fix verbose messages, now return a list
191
                for message in gpg_strategy.verbose_not_signed_message(result,
192
                                                                          repo):
193
                    write_verbose(message)
5971.1.2 by Jonathan Riddell
give result to user
194
            return 1