← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/commit_signature_commands.py

(vila) Calling super() instead of mentioning the base class in setUp avoid
 mistakes. (Vincent Ladeuil)

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/commit_signature_commands.py
1
 
# Copyright (C) 2005, 2006 Canonical Ltd
2
 
 
 
1
# Copyright (C) 2006, 2007, 2009, 2010, 2011 Canonical Ltd
 
2
#
3
3
# This program is free software; you can redistribute it and/or modify
4
4
# it under the terms of the GNU General Public License as published by
5
5
# the Free Software Foundation; either version 2 of the License, or
6
6
# (at your option) any later version.
7
 
 
 
7
#
8
8
# This program is distributed in the hope that it will be useful,
9
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
11
# GNU General Public License for more details.
12
 
 
 
12
#
13
13
# You should have received a copy of the GNU General Public License
14
14
# along with this program; if not, write to the Free Software
15
 
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
16
 
16
17
"""Command which looks for unsigned commits by the current user, and signs them.
17
18
"""
18
19
 
 
20
from __future__ import absolute_import
 
21
 
 
22
from bzrlib import (
 
23
    controldir,
 
24
    errors,
 
25
    gpg,
 
26
    revision as _mod_revision,
 
27
    )
19
28
from bzrlib.commands import Command
20
 
import bzrlib.config
21
 
import bzrlib.errors as errors
22
 
import bzrlib.gpg
23
29
from bzrlib.option import Option
 
30
from bzrlib.i18n import gettext, ngettext
24
31
 
25
32
 
26
33
class cmd_sign_my_commits(Command):
27
 
    """Sign all commits by a given committer.
 
34
    __doc__ = """Sign all commits by a given committer.
28
35
 
29
36
    If location is not specified the local tree is used.
30
37
    If committer is not specified the default committer is used.
31
38
 
32
39
    This does not sign commits that already have signatures.
33
40
    """
 
41
    # Note that this signs everything on the branch's ancestry
 
42
    # (both mainline and merged), but not other revisions that may be in the
 
43
    # repository
34
44
 
35
 
    takes_options = [Option('dry-run'
36
 
                            , help='Don\'t actually sign anything, just print'
37
 
                                   ' the revisions that would be signed')
38
 
                    ]
 
45
    takes_options = [
 
46
            Option('dry-run',
 
47
                   help='Don\'t actually sign anything, just print'
 
48
                        ' the revisions that would be signed.'),
 
49
            ]
39
50
    takes_args = ['location?', 'committer?']
40
51
 
41
52
    def run(self, location=None, committer=None, dry_run=False):
42
53
        if location is None:
43
 
            from bzrlib.workingtree import WorkingTree
44
 
            # Open the containing directory
45
 
            wt = WorkingTree.open_containing('.')[0]
46
 
            b = wt.branch
 
54
            bzrdir = controldir.ControlDir.open_containing('.')[0]
47
55
        else:
48
56
            # Passed in locations should be exact
49
 
            from bzrlib.branch import Branch
50
 
            b = Branch.open(location)
51
 
        repo = getattr(b, 'repository', b)
52
 
 
53
 
        config = bzrlib.config.BranchConfig(b)
 
57
            bzrdir = controldir.ControlDir.open(location)
 
58
        branch = bzrdir.open_branch()
 
59
        repo = branch.repository
 
60
        branch_config = branch.get_config_stack()
54
61
 
55
62
        if committer is None:
56
 
            committer = config.username()
57
 
 
58
 
        gpg_strategy = bzrlib.gpg.GPGStrategy(config)
 
63
            committer = branch_config.get('email')
 
64
        gpg_strategy = gpg.GPGStrategy(branch_config)
59
65
 
60
66
        count = 0
61
 
        # return in partial topological order for the sake of reproducibility
62
 
        for rev_id in repo.all_revision_ids():
63
 
            if repo.has_signature_for_revision_id(rev_id):
64
 
                continue
65
 
            
66
 
            rev = repo.get_revision(rev_id)
67
 
            if rev.committer != committer:
68
 
                continue
69
 
 
70
 
            # We have a revision without a signature who has a 
71
 
            # matching committer, start signing
72
 
            print rev_id
73
 
            count += 1
74
 
            if not dry_run:
75
 
                repo.sign_revision(rev_id, gpg_strategy)
76
 
        print 'Signed %d revisions' % (count,)
77
 
 
78
 
 
 
67
        repo.lock_write()
 
68
        try:
 
69
            graph = repo.get_graph()
 
70
            repo.start_write_group()
 
71
            try:
 
72
                for rev_id, parents in graph.iter_ancestry(
 
73
                        [branch.last_revision()]):
 
74
                    if _mod_revision.is_null(rev_id):
 
75
                        continue
 
76
                    if parents is None:
 
77
                        # Ignore ghosts
 
78
                        continue
 
79
                    if repo.has_signature_for_revision_id(rev_id):
 
80
                        continue
 
81
                    rev = repo.get_revision(rev_id)
 
82
                    if rev.committer != committer:
 
83
                        continue
 
84
                    # We have a revision without a signature who has a
 
85
                    # matching committer, start signing
 
86
                    self.outf.write("%s\n" % rev_id)
 
87
                    count += 1
 
88
                    if not dry_run:
 
89
                        repo.sign_revision(rev_id, gpg_strategy)
 
90
            except:
 
91
                repo.abort_write_group()
 
92
                raise
 
93
            else:
 
94
                repo.commit_write_group()
 
95
        finally:
 
96
            repo.unlock()
 
97
        self.outf.write(
 
98
            ngettext('Signed %d revision.\n', 'Signed %d revisions.\n', count) %
 
99
            count)
 
100
 
 
101
 
 
102
class cmd_verify_signatures(Command):
 
103
    __doc__ = """Verify all commit signatures.
 
104
 
 
105
    Verifies that all commits in the branch are signed by known GnuPG keys.
 
106
    """
 
107
 
 
108
    takes_options = [
 
109
            Option('acceptable-keys',
 
110
                   help='Comma separated list of GPG key patterns which are'
 
111
                        ' acceptable for verification.',
 
112
                   short_name='k',
 
113
                   type=str,),
 
114
            'revision', 
 
115
            'verbose',
 
116
          ]
 
117
    takes_args = ['location?']
 
118
 
 
119
    def run(self, acceptable_keys=None, revision=None, verbose=None,
 
120
                                                            location=u'.'):
 
121
        bzrdir = controldir.ControlDir.open_containing(location)[0]
 
122
        branch = bzrdir.open_branch()
 
123
        repo = branch.repository
 
124
        branch_config = branch.get_config_stack()
 
125
        gpg_strategy = gpg.GPGStrategy(branch_config)
 
126
 
 
127
        gpg_strategy.set_acceptable_keys(acceptable_keys)
 
128
 
 
129
        def write(string):
 
130
            self.outf.write(string + "\n")
 
131
        def write_verbose(string):
 
132
            self.outf.write("  " + string + "\n")
 
133
 
 
134
        self.add_cleanup(repo.lock_read().unlock)
 
135
        #get our list of revisions
 
136
        revisions = []
 
137
        if revision is not None:
 
138
            if len(revision) == 1:
 
139
                revno, rev_id = revision[0].in_history(branch)
 
140
                revisions.append(rev_id)
 
141
            elif len(revision) == 2:
 
142
                from_revno, from_revid = revision[0].in_history(branch)
 
143
                to_revno, to_revid = revision[1].in_history(branch)
 
144
                if to_revid is None:
 
145
                    to_revno = branch.revno()
 
146
                if from_revno is None or to_revno is None:
 
147
                    raise errors.BzrCommandError(gettext(
 
148
                    'Cannot verify a range of non-revision-history revisions'))
 
149
                for revno in range(from_revno, to_revno + 1):
 
150
                    revisions.append(branch.get_rev_id(revno))
 
151
        else:
 
152
            #all revisions by default including merges
 
153
            graph = repo.get_graph()
 
154
            revisions = []
 
155
            for rev_id, parents in graph.iter_ancestry(
 
156
                    [branch.last_revision()]):
 
157
                if _mod_revision.is_null(rev_id):
 
158
                    continue
 
159
                if parents is None:
 
160
                    # Ignore ghosts
 
161
                    continue
 
162
                revisions.append(rev_id)
 
163
        count, result, all_verifiable =\
 
164
                                gpg.bulk_verify_signatures(repo, revisions, gpg_strategy)
 
165
        if all_verifiable:
 
166
               write(gettext("All commits signed with verifiable keys"))
 
167
               if verbose:
 
168
                   write(gpg.verbose_valid_message(result))
 
169
               return 0
 
170
        else:
 
171
            write(gpg.valid_commits_message(count))
 
172
            if verbose:
 
173
               for message in gpg.verbose_valid_message(result):
 
174
                   write_verbose(message)
 
175
            write(gpg.expired_commit_message(count))
 
176
            if verbose:
 
177
               for message in gpg.verbose_expired_key_message(result, repo):
 
178
                   write_verbose(message)
 
179
            write(gpg.unknown_key_message(count))
 
180
            if verbose:
 
181
                for message in gpg.verbose_missing_key_message(result):
 
182
                    write_verbose(message)
 
183
            write(gpg.commit_not_valid_message(count))
 
184
            if verbose:
 
185
                for message in gpg.verbose_not_valid_message(result, repo):
 
186
                   write_verbose(message)
 
187
            write(gpg.commit_not_signed_message(count))
 
188
            if verbose:
 
189
                for message in gpg.verbose_not_signed_message(result, repo):
 
190
                    write_verbose(message)
 
191
            return 1