~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/commit_signature_commands.py

(vila) Fix test failures blocking package builds. (Vincent Ladeuil)

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
# Copyright (C) 2006, 2007, 2009, 2010, 2011 Canonical Ltd
 
2
#
 
3
# This program is free software; you can redistribute it and/or modify
 
4
# it under the terms of the GNU General Public License as published by
 
5
# the Free Software Foundation; either version 2 of the License, or
 
6
# (at your option) any later version.
 
7
#
 
8
# This program is distributed in the hope that it will be useful,
 
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
11
# GNU General Public License for more details.
 
12
#
 
13
# You should have received a copy of the GNU General Public License
 
14
# along with this program; if not, write to the Free Software
 
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
16
 
 
17
"""Command which looks for unsigned commits by the current user, and signs them.
 
18
"""
 
19
 
 
20
from __future__ import absolute_import
 
21
 
 
22
from bzrlib import (
 
23
    controldir,
 
24
    errors,
 
25
    gpg,
 
26
    revision as _mod_revision,
 
27
    )
 
28
from bzrlib.commands import Command
 
29
from bzrlib.option import Option
 
30
from bzrlib.i18n import gettext, ngettext
 
31
 
 
32
 
 
33
class cmd_sign_my_commits(Command):
 
34
    __doc__ = """Sign all commits by a given committer.
 
35
 
 
36
    If location is not specified the local tree is used.
 
37
    If committer is not specified the default committer is used.
 
38
 
 
39
    This does not sign commits that already have signatures.
 
40
    """
 
41
    # Note that this signs everything on the branch's ancestry
 
42
    # (both mainline and merged), but not other revisions that may be in the
 
43
    # repository
 
44
 
 
45
    takes_options = [
 
46
            Option('dry-run',
 
47
                   help='Don\'t actually sign anything, just print'
 
48
                        ' the revisions that would be signed.'),
 
49
            ]
 
50
    takes_args = ['location?', 'committer?']
 
51
 
 
52
    def run(self, location=None, committer=None, dry_run=False):
 
53
        if location is None:
 
54
            bzrdir = controldir.ControlDir.open_containing('.')[0]
 
55
        else:
 
56
            # Passed in locations should be exact
 
57
            bzrdir = controldir.ControlDir.open(location)
 
58
        branch = bzrdir.open_branch()
 
59
        repo = branch.repository
 
60
        branch_config = branch.get_config_stack()
 
61
 
 
62
        if committer is None:
 
63
            committer = branch_config.get('email')
 
64
        gpg_strategy = gpg.GPGStrategy(branch_config)
 
65
 
 
66
        count = 0
 
67
        repo.lock_write()
 
68
        try:
 
69
            graph = repo.get_graph()
 
70
            repo.start_write_group()
 
71
            try:
 
72
                for rev_id, parents in graph.iter_ancestry(
 
73
                        [branch.last_revision()]):
 
74
                    if _mod_revision.is_null(rev_id):
 
75
                        continue
 
76
                    if parents is None:
 
77
                        # Ignore ghosts
 
78
                        continue
 
79
                    if repo.has_signature_for_revision_id(rev_id):
 
80
                        continue
 
81
                    rev = repo.get_revision(rev_id)
 
82
                    if rev.committer != committer:
 
83
                        continue
 
84
                    # We have a revision without a signature who has a
 
85
                    # matching committer, start signing
 
86
                    self.outf.write("%s\n" % rev_id)
 
87
                    count += 1
 
88
                    if not dry_run:
 
89
                        repo.sign_revision(rev_id, gpg_strategy)
 
90
            except:
 
91
                repo.abort_write_group()
 
92
                raise
 
93
            else:
 
94
                repo.commit_write_group()
 
95
        finally:
 
96
            repo.unlock()
 
97
        self.outf.write(
 
98
            ngettext('Signed %d revision.\n', 'Signed %d revisions.\n', count) %
 
99
            count)
 
100
 
 
101
 
 
102
class cmd_verify_signatures(Command):
 
103
    __doc__ = """Verify all commit signatures.
 
104
 
 
105
    Verifies that all commits in the branch are signed by known GnuPG keys.
 
106
    """
 
107
 
 
108
    takes_options = [
 
109
            Option('acceptable-keys',
 
110
                   help='Comma separated list of GPG key patterns which are'
 
111
                        ' acceptable for verification.',
 
112
                   short_name='k',
 
113
                   type=str,),
 
114
            'revision',
 
115
            'verbose',
 
116
          ]
 
117
    takes_args = ['location?']
 
118
 
 
119
    def run(self, acceptable_keys=None, revision=None, verbose=None,
 
120
                                                            location=u'.'):
 
121
        bzrdir = controldir.ControlDir.open_containing(location)[0]
 
122
        branch = bzrdir.open_branch()
 
123
        repo = branch.repository
 
124
        branch_config = branch.get_config_stack()
 
125
        gpg_strategy = gpg.GPGStrategy(branch_config)
 
126
 
 
127
        gpg_strategy.set_acceptable_keys(acceptable_keys)
 
128
 
 
129
        def write(string):
 
130
            self.outf.write(string + "\n")
 
131
        def write_verbose(string):
 
132
            self.outf.write("  " + string + "\n")
 
133
 
 
134
        self.add_cleanup(repo.lock_read().unlock)
 
135
        #get our list of revisions
 
136
        revisions = []
 
137
        if revision is not None:
 
138
            if len(revision) == 1:
 
139
                revno, rev_id = revision[0].in_history(branch)
 
140
                revisions.append(rev_id)
 
141
            elif len(revision) == 2:
 
142
                from_revno, from_revid = revision[0].in_history(branch)
 
143
                to_revno, to_revid = revision[1].in_history(branch)
 
144
                if to_revid is None:
 
145
                    to_revno = branch.revno()
 
146
                if from_revno is None or to_revno is None:
 
147
                    raise errors.BzrCommandError(gettext(
 
148
                    'Cannot verify a range of non-revision-history revisions'))
 
149
                for revno in range(from_revno, to_revno + 1):
 
150
                    revisions.append(branch.get_rev_id(revno))
 
151
        else:
 
152
            #all revisions by default including merges
 
153
            graph = repo.get_graph()
 
154
            revisions = []
 
155
            for rev_id, parents in graph.iter_ancestry(
 
156
                    [branch.last_revision()]):
 
157
                if _mod_revision.is_null(rev_id):
 
158
                    continue
 
159
                if parents is None:
 
160
                    # Ignore ghosts
 
161
                    continue
 
162
                revisions.append(rev_id)
 
163
        count, result, all_verifiable = gpg.bulk_verify_signatures(
 
164
            repo, revisions, gpg_strategy)
 
165
        if all_verifiable:
 
166
               write(gettext("All commits signed with verifiable keys"))
 
167
               if verbose:
 
168
                   for message in gpg.verbose_valid_message(result):
 
169
                       write_verbose(message)
 
170
               return 0
 
171
        else:
 
172
            write(gpg.valid_commits_message(count))
 
173
            if verbose:
 
174
               for message in gpg.verbose_valid_message(result):
 
175
                   write_verbose(message)
 
176
            write(gpg.expired_commit_message(count))
 
177
            if verbose:
 
178
               for message in gpg.verbose_expired_key_message(result, repo):
 
179
                   write_verbose(message)
 
180
            write(gpg.unknown_key_message(count))
 
181
            if verbose:
 
182
                for message in gpg.verbose_missing_key_message(result):
 
183
                    write_verbose(message)
 
184
            write(gpg.commit_not_valid_message(count))
 
185
            if verbose:
 
186
                for message in gpg.verbose_not_valid_message(result, repo):
 
187
                   write_verbose(message)
 
188
            write(gpg.commit_not_signed_message(count))
 
189
            if verbose:
 
190
                for message in gpg.verbose_not_signed_message(result, repo):
 
191
                    write_verbose(message)
 
192
            return 1