FIX no passphrase gpg keys causing badsign

Janez Justin · Janez Justin · commit d463e7ec447c · 2017-08-22T14:05:06.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,24 @@
+deb/requirements/
+deb/code.zip
+
+rpm/code.zip
+
+rpm/__pycache__
+rpm/boto3*
+rpm/botocore*
+rpm/concurrent*
+rpm/docutils*
+rpm/dateutil*
+rpm/six*
+rpm/futures*
+rpm/pyrpm*
+rpm/tests*
+rpm/jmespath*
+rpm/python_gnupg*
+rpm/python_dateutil*
+
+rpm/code.zip
+
+rpm/six.py
+rpm/gnupg.py
+rpm/gnupg.pyc
diff --git a/rpm/Makefile b/rpm/Makefile
@@ -13,7 +13,8 @@ package: ## creates zip of code
 	zip -r code.zip $(ZIPPED_DIRS)
 
 clean: ## cleans up the repository
-	/bin/rm -rf code.zip
+	/bin/rm -rf code.zip __pycache__ boto3* botocore* concurrent* docutils* dateutil* six* futures* pyrpm* tests* jmespath* python_gnupg* python_dateutil* six.py gnupg.py gnupg.pyc
+
 
 test: ## runs the tests
 	python3.6 s3rpm_test.py
diff --git a/rpm/README.md b/rpm/README.md
@@ -93,7 +93,7 @@ aws lambda create-function \
     --function-name <name the function> \
     --zip-file fileb://code.zip \
     --role <role's arn> \    # arn from role with S3 read/write access
-    --handler s3rpm.handler \
+    --handler s3rpm.lambda_handler \
     --runtime python3.6 \
 # Replace '<...>' with environmental variables
     --environment Variables='{PUBLIC=<bool>, GPG_KEY=<file>, GPG_PASS=<password>, BUCKET_NAME=<bucket name>, REPO_DIR=<dir>}'
diff --git a/rpm/s3rpm.py b/rpm/s3rpm.py
@@ -184,7 +184,12 @@ def sign_md_file(repo, s3_repo_dir):
     print("Key import returned: ")
     print(str(sec.results))
     with open(repo.repodir + 'repodata/repomd.xml', 'rb') as stream:
-        signed = gpg.sign_file(stream, passphrase=os.environ['GPG_PASS'], clearsign=True, detach=True, binary=False)
+        # If gpgkey has no password set, leaving GPG_PASS empty caues badsign,
+        # that is why we are not calling passphrase in gpg.sign_file
+        if os.environ['GPG_PASS'] == '':
+            signed = gpg.sign_file(stream, clearsign=True, detach=True, binary=False)
+        else:
+            signed = gpg.sign_file(stream, passphrase=os.environ['GPG_PASS'], clearsign=True, detach=True, binary=False)
 
     s3 = boto3.resource('s3')
     sign_obj = s3.Object(bucket_name=os.environ['BUCKET_NAME'], key=s3_repo_dir + "/repodata/repomd.xml.asc")
