You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by bi...@apache.org on 2012/12/23 23:36:23 UTC
svn commit: r1425544 -
/maven/project/tools/scrape-nexus-releases/inventory.py
Author: bimargulies
Date: Sun Dec 23 22:36:23 2012
New Revision: 1425544
URL: http://svn.apache.org/viewvc?rev=1425544&view=rev
Log:
Add gpg signature checking.
Modified:
maven/project/tools/scrape-nexus-releases/inventory.py
Modified: maven/project/tools/scrape-nexus-releases/inventory.py
URL: http://svn.apache.org/viewvc/maven/project/tools/scrape-nexus-releases/inventory.py?rev=1425544&r1=1425543&r2=1425544&view=diff
==============================================================================
--- maven/project/tools/scrape-nexus-releases/inventory.py (original)
+++ maven/project/tools/scrape-nexus-releases/inventory.py Sun Dec 23 22:36:23 2012
@@ -4,6 +4,7 @@ import sys
import argparse
import os
import shutil
+import gnupg
def fetch_inventory(options):
"""Return a list of search result objects, one for each of the specified group patterns."""
@@ -106,6 +107,7 @@ def do_inventory(options, inventories):
archive_report.close()
def do_download(options, inventories):
+ gpg = gnupg.GPG(gpgbinary="/usr/local/bin/gpg") # why isn't it found in path?
nexusurl = options.url
output_dir = options.output
headers = { 'Accept' : 'application/json' }
@@ -137,7 +139,6 @@ def do_download(options, inventories):
md5_path = repo_path + ".md5"
asc_repo_path = repo_path + ".asc"
asc_md5_repo_path = repo_path + ".asc.md5"
-
for path in [ repo_path, asc_repo_path, md5_path, asc_md5_repo_path]:
url = nexusurl + ('/service/local/repositories/{0}/content/{1}'.format(repository, path))
@@ -161,6 +162,16 @@ def do_download(options, inventories):
shutil.copyfileobj(r.raw, outstream)
outstream.close()
sys.stdout.write('done.\n')
+ if path == repo_path:
+ rel_path = full_outputpath
+ if path == asc_repo_path:
+ asc_rel_path = full_outputpath
+
+
+ sig_stream = open(asc_rel_path, 'rb')
+ verified = gpg.verify_file(sig_stream, rel_path)
+ sig_stream.close()
+ print("Verified: {0}".format(verified.username))
if __name__ == '__main__':
options = cliargs()