Skip to content

Commit

Permalink
Ensure Sigstore v3 is installed in download server
Browse files Browse the repository at this point in the history
  • Loading branch information
@sethmlarson
sethmlarson committed Sep 3, 2024
1 parent 89829d5 commit acfe3d2
Showing 1 changed file with 25 additions and 2 deletions.
27 changes: 25 additions & 2 deletions add_to_pydotorg.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@
import subprocess
import sys
from os import path
from typing import Any, Generator
from typing import Any, Generator, NoReturn

import requests


# Copied from release.py
def error(*msgs: Any) -> None:
def error(*msgs: Any) -> NoReturn:
print("**ERROR**", file=sys.stderr)
for msg in msgs:
print(msg, file=sys.stderr)
Expand Down Expand Up @@ -333,6 +333,29 @@ def has_sigstore_signature(filename: str) -> bool:
os.path.exists(filename + ".sig") and os.path.exists(filename + ".crt")
)

# Ensure that Sigstore CLI installed on the download server is
# at least v3.0.0 or later to ensure valid Sigstore bundles are generated.
try:
sigstore_version_stdout = subprocess.check_output(

Check warning on line 339 in add_to_pydotorg.py

View check run for this annotation

Codecov / codecov/patch

add_to_pydotorg.py#L338-L339 

Added lines #L338 - L339 were not covered by tests
["python3", "-m", "sigstore", "--version"]
)
sigstore_version_match = re.search(

Check warning on line 342 in add_to_pydotorg.py

View check run for this annotation

Codecov / codecov/patch

add_to_pydotorg.py#L342 

Added line #L342 was not covered by tests
r"([0-9][0-9.]*[0-9])", sigstore_version_stdout.decode()
)
if not sigstore_version_match:
error(

Check warning on line 346 in add_to_pydotorg.py

View check run for this annotation

Codecov / codecov/patch

add_to_pydotorg.py#L345-L346 

Added lines #L345 - L346 were not covered by tests
f"Couldn't determine version of Sigstore CLI: {sigstore_version_stdout.decode()}"
)
sigstore_version = sigstore_version_match.group(1)
sigstore_major_version = int(sigstore_version.partition(".")[0])
if sigstore_major_version < 3:
error(

Check warning on line 352 in add_to_pydotorg.py

View check run for this annotation

Codecov / codecov/patch

add_to_pydotorg.py#L349-L352 

Added lines #L349 - L352 were not covered by tests
f"Sigstore v3 or later must be installed (currently {sigstore_version}), run python -m pip install -r requirements.txt"
)
except subprocess.CalledProcessError:
error("Couldn't determine version of Sigstore CLI")
print(f"Sigstore CLI installed is version v{sigstore_version}")

Check warning on line 357 in add_to_pydotorg.py

View check run for this annotation

Codecov / codecov/patch

add_to_pydotorg.py#L355-L357 

Added lines #L355 - L357 were not covered by tests

# Skip files that already have a signature (likely source distributions)
unsigned_files = [
filename for filename in filenames if not has_sigstore_signature(filename)
Expand Down

0 comments on commit acfe3d2

Please sign in to comment.