build/packages/publish_archive.py - fuchsia - Git at Google

 #!/usr/bin/env fuchsia-vendored-python
 # Copyright 2023 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 import argparse
 import zipfile
 import subprocess
 import os
 import shutil
 import tempfile


 def zip_dir(dir, zip_file):
     for root, _dirs, files in os.walk(dir):
         for file in files:
             path = os.path.join(root, file)
             zip_file.write(path, os.path.relpath(path, dir))


 # rmtree manually removes all subdirectories and files instead of using
 # shutil.rmtree, to avoid registering spurious reads on stale
 # subdirectories. See https://fxbug.dev/74084.
 def rmtree(dir):
     if not os.path.exists(dir):
         return
     for root, dirs, files in os.walk(dir, topdown=False):
         for file in files:
             os.unlink(os.path.join(root, file))
         for dir in dirs:
             full_path = os.path.join(root, dir)
             if os.path.islink(full_path):
                 os.unlink(full_path)
             else:
                 os.rmdir(full_path)


 def prepare_dirs(repo_dir):
     path = os.path.join(repo_dir, 'repository')
     os.makedirs(path)

     return {'root': repo_dir, 'repository': path}


 # `package-tool repository publish` expects the following inputs in its in/out directory:
 # - `keys/{snapshot|targets|timestamp}.json` containing private metadata keys;
 # - `repository/{{version-num}}.root.json` containing versioned root metadata;
 # - `repository/root.json` containing default root metadata.
 def prepare_publish(args, dirs):
     for root_metadata_path in args.root_metadata:
         shutil.copy(root_metadata_path, dirs['repository'])
     shutil.copy(
         args.default_root_metadata,
         '{}/{}'.format(dirs['repository'], 'root.json'))


 def package_tool_publish(args, dirs, depfile):
     cmd_args = [
         args.package_tool,
         'repository',
         'publish',
         '--trusted-keys',
         args.trusted_keys,
         '--trusted-root',
         '{}/{}'.format(dirs['repository'], 'root.json'),
         '--package-list',
         args.input,
         '--depfile',
         args.depfile,
     ]

     if args.delivery_blob_type:
         cmd_args.extend(['--delivery-blob-type', args.delivery_blob_type])

     cmd_args.append(dirs['root'])

     subprocess.run(cmd_args, check=True)


 def main(args):
     with tempfile.TemporaryDirectory(
             dir=os.path.dirname(args.output)) as gendir:
         dirs = prepare_dirs(gendir)

         # Prepare for `package-tool repository publish` and gather deps associated with preparations.
         prepare_publish(args, dirs)

         depfile = os.path.join(gendir, 'deps')

         # Invoke `package-tool repository publish` and gather deps associated with invocation.
         package_tool_publish(args, dirs, depfile)

         # Output repository directory to zip file.
         with zipfile.ZipFile(args.output, 'w',
                              zipfile.ZIP_DEFLATED) as zip_file:
             zip_dir(dirs['repository'], zip_file)


 if __name__ == '__main__':
     parser = argparse.ArgumentParser(
         'Creates a zip archive of the TUF repository output by `package-tool repository publish`'
     )
     parser.add_argument(
         '--package-tool',
         help='path to the package-tool executable',
         required=True)
     parser.add_argument(
         '--trusted-keys',
         help=
         'path to a keys directory to be consumed by `package-tool repository publish`'
     )
     parser.add_argument(
         '--root-metadata',
         help='path to a root metadata file to be used in the TUF repository',
         action='append')
     parser.add_argument(
         '--default-root-metadata',
         help='path to the default TUF root metadata file',
         required=True)
     parser.add_argument(
         '--input',
         help='path to `package-tool repository publish` file input',
         required=True)
     parser.add_argument(
         '--delivery-blob-type', help='the type of delivery blob to generate')
     parser.add_argument('--depfile', help='generate a depfile', required=True)
     parser.add_argument('--output', help='path output zip file', required=True)
     main(parser.parse_args())
	#!/usr/bin/env fuchsia-vendored-python
	# Copyright 2023 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	import argparse
	import zipfile
	import subprocess
	import os
	import shutil
	import tempfile


	def zip_dir(dir, zip_file):
	for root, _dirs, files in os.walk(dir):
	for file in files:
	path = os.path.join(root, file)
	zip_file.write(path, os.path.relpath(path, dir))


	# rmtree manually removes all subdirectories and files instead of using
	# shutil.rmtree, to avoid registering spurious reads on stale
	# subdirectories. See https://fxbug.dev/74084.
	def rmtree(dir):
	if not os.path.exists(dir):
	return
	for root, dirs, files in os.walk(dir, topdown=False):
	for file in files:
	os.unlink(os.path.join(root, file))
	for dir in dirs:
	full_path = os.path.join(root, dir)
	if os.path.islink(full_path):
	os.unlink(full_path)
	else:
	os.rmdir(full_path)


	def prepare_dirs(repo_dir):
	path = os.path.join(repo_dir, 'repository')
	os.makedirs(path)

	return {'root': repo_dir, 'repository': path}


	# `package-tool repository publish` expects the following inputs in its in/out directory:
	# - `keys/{snapshot\|targets\|timestamp}.json` containing private metadata keys;
	# - `repository/{{version-num}}.root.json` containing versioned root metadata;
	# - `repository/root.json` containing default root metadata.
	def prepare_publish(args, dirs):
	for root_metadata_path in args.root_metadata:
	shutil.copy(root_metadata_path, dirs['repository'])
	shutil.copy(
	args.default_root_metadata,
	'{}/{}'.format(dirs['repository'], 'root.json'))


	def package_tool_publish(args, dirs, depfile):
	cmd_args = [
	args.package_tool,
	'repository',
	'publish',
	'--trusted-keys',
	args.trusted_keys,
	'--trusted-root',
	'{}/{}'.format(dirs['repository'], 'root.json'),
	'--package-list',
	args.input,
	'--depfile',
	args.depfile,
	]

	if args.delivery_blob_type:
	cmd_args.extend(['--delivery-blob-type', args.delivery_blob_type])

	cmd_args.append(dirs['root'])

	subprocess.run(cmd_args, check=True)


	def main(args):
	with tempfile.TemporaryDirectory(
	dir=os.path.dirname(args.output)) as gendir:
	dirs = prepare_dirs(gendir)

	# Prepare for `package-tool repository publish` and gather deps associated with preparations.
	prepare_publish(args, dirs)

	depfile = os.path.join(gendir, 'deps')

	# Invoke `package-tool repository publish` and gather deps associated with invocation.
	package_tool_publish(args, dirs, depfile)

	# Output repository directory to zip file.
	with zipfile.ZipFile(args.output, 'w',
	zipfile.ZIP_DEFLATED) as zip_file:
	zip_dir(dirs['repository'], zip_file)


	if __name__ == '__main__':
	parser = argparse.ArgumentParser(
	'Creates a zip archive of the TUF repository output by `package-tool repository publish`'
	)
	parser.add_argument(
	'--package-tool',
	help='path to the package-tool executable',
	required=True)
	parser.add_argument(
	'--trusted-keys',
	help=
	'path to a keys directory to be consumed by `package-tool repository publish`'
	)
	parser.add_argument(
	'--root-metadata',
	help='path to a root metadata file to be used in the TUF repository',
	action='append')
	parser.add_argument(
	'--default-root-metadata',
	help='path to the default TUF root metadata file',
	required=True)
	parser.add_argument(
	'--input',
	help='path to `package-tool repository publish` file input',
	required=True)
	parser.add_argument(
	'--delivery-blob-type', help='the type of delivery blob to generate')
	parser.add_argument('--depfile', help='generate a depfile', required=True)
	parser.add_argument('--output', help='path output zip file', required=True)
	main(parser.parse_args())