sign.py revision 3321
660N/A# The contents of this file are subject to the terms of the 660N/A# Common Development and Distribution License (the "License"). 660N/A# You may not use this file except in compliance with the License. 660N/A# See the License for the specific language governing permissions 660N/A# and limitations under the License. 660N/A# When distributing Covered Code, include this CDDL HEADER in each 660N/A# If applicable, add the following below this CDDL HEADER, with the 660N/A# fields enclosed by brackets "[]" replaced with your own identifying 684N/A# information: Portions Copyright [yyyy] [name of copyright owner] 684N/A# Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. 684N/A """Emit an error message prefixed by the command name """ 684N/A # If the message starts with whitespace, assume that it should come 684N/A # *before* the command-name prefix. 684N/A # This has to be a constant value as we can't reliably get our actual 684N/A # program name on all platforms. 684N/A """Emit a usage message and optionally prefix it with a more specific 684N/A error message. Causes program to exit.""" 684N/A pkgsign -s path_or_uri [-acikn] [--no-index] [--no-catalog] 684N/A """Fetch the catalog from src_uri.""" 684N/A # Create a temporary directory for catalog. 684N/A "be a PEM certificate but it could not be read.").
format(
684N/A [
"help",
"no-index",
"no-catalog"])
684N/A usage(_(
"If a key is given to sign with, its associated " 684N/A "certificate must be given."))
684N/A usage(_(
"If a certificate is given, its associated key must be " 684N/A usage(_(
"Intermediate certificates are only valid if a key " 684N/A "and certificate are also provided."))
684N/A usage(_(
"At least one fmri or pattern must be provided to " 684N/A usage(_(
"Using {0} as the signature algorithm requires that a " 684N/A "key and certificate pair be presented using the -k and -c " 684N/A usage(_(
"The {0} hash algorithm does not use a key or " 684N/A "certificate. Do not use the -k or -c options with this " 684N/A # Configure publisher(s) 684N/A # Gather the publishers whose catalogs will be needed. 684N/A # Check each publisher for matches to our patterns. 684N/A # Find which patterns matched. 684N/A # Remove those patterns from the unmatched set. 684N/A # Get the existing manifest for the package to 684N/A # Construct the base signature action. 684N/A # Add the action to the manifest to be signed 684N/A # since the action signs itself. 684N/A # Set the signature value and certificate 684N/A # information for the signature action. 684N/A # The hash of 'a' is currently a path, we need 684N/A # to find the hash of that file to allow 684N/A # comparison to existing signatures. 684N/A # Action identity still uses the 'hash' 684N/A # member of the action, so we need to 660N/A # stay with the sha1 hash. 684N/A # Check whether the signature about to be added 684N/A # is identical, or almost identical, to existing 684N/A # signatures on the package. Because 'a' has 684N/A # already been added to the manifest, it is 684N/A # generated by gen_actions_by_type, so the cnt 684N/A # must be 2 or higher to be an issue. 684N/A # Append the finished signature action 684N/A # to the published manifest. 684N/A# Establish a specific exit status which means: "python barfed an exception" 684N/A# so that we can more easily detect these in testing of the CLI commands. 684N/A # We don't want to display any messages here to prevent 684N/A # possible further broken pipe (EPIPE) errors.