Sinzui

I recently created https://launchpad.net/lp-release-manager-tools for some videos I am making about how to use Launchpad. One aspect of creating a release is to upload the source tarball and a detached gpg signature verifying it. This is somewhat ironic, since lp-release-manager-tools exists to automate repetitive tasks that release managers do in Launchpad. I really do not like creating the signature. I cannot remember how to do it. I need to read the instruction on the form to upload the tarball each time. So I added a feature to my example project that any project hat uses python distutils can copy to make the signature with the source tarball.

I subclassed the sdist command and added an extra step to create the detached signature of the tarball. I then register the new command as signed_dist. This is the content of my setup.py:


#!/usr/bin/python
import subprocess

from distutils.core import setup
from distutils.command.sdist import sdist

class SignedSDistCommand(sdist):
    """Sign the source archive with a detached signature."""

    description = "Sign the source archive after it is generated."

    def run(self):
        sdist.run(self)
        gpg_args = [
            'gpg', '--armor', '--sign', '--detach-sig', self.archive_files[0]]
        gpg = subprocess.Popen(
            gpg_args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        gpg.communicate()

setup(
    name="lp-release-manager-tools",
    description="Launchpad release manager API scripts.",
    version="0.0.2",
    license="MIT",
    maintainer="Curtis C. Hovey",
    maintainer_email="sinzui.is@verizon.net",
    scripts=['close_released_bugs.py'],
    cmdclass={
        'signed_sdist': SignedSDistCommand,
        }
    )

Extracts from Curtis Hovey's life

Categories

April 2011

Creating a signed release file with setup.py