From a4cf16ffe30c21c240d4b13e28e607f36bfaf2bf Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Tue, 19 Nov 2024 16:45:17 -0600 Subject: [PATCH 1/3] Check the existence and version of Sigstore CLI --- run_release.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/run_release.py b/run_release.py index c811aab2..28bfae9f 100755 --- a/run_release.py +++ b/run_release.py @@ -316,6 +316,20 @@ def check_ssh_connection(db: ReleaseShelf) -> None: client.exec_command("pwd") +def check_sigstore_client(db: ReleaseShelf) -> None: + client = paramiko.SSHClient() + client.load_system_host_keys() + client.set_missing_host_key_policy(paramiko.WarningPolicy) + client.connect(DOWNLOADS_SERVER, port=22, username=db["ssh_user"]) + _, stdout, _ = client.exec_command("python3 -m sigstore --version") + sigstore_version = stdout.read(1000).decode() + if not sigstore_version.startswith("sigstore 3."): + raise ReleaseException( + f"Sigstore version not detected or not valid. " + f"Expecting 3.x: {sigstore_version}" + ) + + def check_buildbots(db: ReleaseShelf) -> None: async def _check() -> set[Builder]: async def _get_builder_status( @@ -1250,6 +1264,7 @@ def _api_key(api_key: str) -> str: check_ssh_connection, f"Validating ssh connection to {DOWNLOADS_SERVER} and {DOCS_SERVER}", ), + Task(check_sigstore_client, "Checking Sigstore CLI"), Task(check_buildbots, "Check buildbots are good"), Task(check_cpython_repo_is_clean, "Checking Git repository is clean"), Task(check_magic_number, "Checking the magic number is up-to-date"), From 254ccb48a3db700bc36645883343ec9276fd445e Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 20 Nov 2024 09:25:38 -0600 Subject: [PATCH 2/3] Check for Sigstore CLI 3.5+ --- run_release.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/run_release.py b/run_release.py index 28bfae9f..65446ca1 100755 --- a/run_release.py +++ b/run_release.py @@ -323,10 +323,13 @@ def check_sigstore_client(db: ReleaseShelf) -> None: client.connect(DOWNLOADS_SERVER, port=22, username=db["ssh_user"]) _, stdout, _ = client.exec_command("python3 -m sigstore --version") sigstore_version = stdout.read(1000).decode() - if not sigstore_version.startswith("sigstore 3."): + sigstore_vermatch = re.match("^sigstore ([0-9.]+)") + if not sigstore_vermatch or tuple( + int(part) for part in sigstore_vermatch.group(1).split(".") + ) < (3, 5): raise ReleaseException( f"Sigstore version not detected or not valid. " - f"Expecting 3.x: {sigstore_version}" + f"Expecting 3.5.x or later: {sigstore_version}" ) From 05b38b5d8af0fda28d1adf598b0e4d944f27750b Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 20 Nov 2024 10:26:02 -0600 Subject: [PATCH 3/3] You're telling me I have to actually /pass/ a value??? Read my mind, Python! --- run_release.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run_release.py b/run_release.py index 65446ca1..43bdd6b8 100755 --- a/run_release.py +++ b/run_release.py @@ -323,7 +323,7 @@ def check_sigstore_client(db: ReleaseShelf) -> None: client.connect(DOWNLOADS_SERVER, port=22, username=db["ssh_user"]) _, stdout, _ = client.exec_command("python3 -m sigstore --version") sigstore_version = stdout.read(1000).decode() - sigstore_vermatch = re.match("^sigstore ([0-9.]+)") + sigstore_vermatch = re.match("^sigstore ([0-9.]+)", sigstore_version) if not sigstore_vermatch or tuple( int(part) for part in sigstore_vermatch.group(1).split(".") ) < (3, 5):