From 0fa65773214b78fee68801c880dc2a7951c07dcf Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Thu, 23 Feb 2023 20:05:48 +0000 Subject: [PATCH] Add support for Sigstore bundle files --- add-to-pydotorg.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/add-to-pydotorg.py b/add-to-pydotorg.py index f6125450..a610c6b3 100755 --- a/add-to-pydotorg.py +++ b/add-to-pydotorg.py @@ -159,6 +159,9 @@ def build_file_dict(release, rfile, rel_pk, file_desc, os_pk, add_desc): # Upload Sigstore certificate if os.path.exists(ftp_root + "%s/%s.crt" % (base_version(release), rfile)): d["sigstore_cert_file"] = download_root + '%s/%s.crt' % (base_version(release), rfile) + # Upload Sigstore bundle + if os.path.exists(ftp_root + "%s/%s.sigstore" % (base_version(release), rfile)): + d["sigstore_bundle_file"] = download_root + '%s/%s.sigstore' % (base_version(release), rfile) return d @@ -168,7 +171,7 @@ def list_files(release): for rfile in os.listdir(path.join(ftp_root, reldir)): if not path.isfile(path.join(ftp_root, reldir, rfile)): continue - if rfile.endswith(('.asc', '.sig', '.crt')): + if rfile.endswith(('.asc', '.sig', '.crt', '.sigstore')): continue for prefix in ('python', 'Python'): if rfile.startswith(prefix): @@ -232,7 +235,8 @@ def sign_release_files_with_sigstore(release, release_files): def has_sigstore_signature(filename): return ( - os.path.exists(filename + '.sig') and os.path.exists(filename + '.crt') + os.path.exists(filename + '.sigstore') or + (os.path.exists(filename + '.sig') and os.path.exists(filename + '.crt')) ) # Skip files that already have a signature (likely source distributions) @@ -246,6 +250,7 @@ def has_sigstore_signature(filename): for file in unsigned_files: run_cmd(['chmod', '644', file + '.sig']) run_cmd(['chmod', '644', file + '.crt']) + run_cmd(['chmod', '644', file + '.sigstore']) else: print('All release files already signed with Sigstore')