Limit diff to ~10 lines

Also include content of added files.
Don't write source archive comparison tarball to upstreams file
2026-06-16 02:45:56 +00:00 · 2024-04-15 17:13:34 -07:00 · 2024-04-15 16:59:57 -07:00 · 2024-04-15 16:00:38 -07:00 · 2024-04-15 15:54:30 -07:00 · 2024-04-15 15:25:16 -07:00
5 changed files with 47 additions and 4 deletions
@@ -115,6 +115,8 @@ class Config(object):
        self.old_keyid = None
        self.profile_payload = None
        self.signature = None
+        self.signature_macro = None
+        self.pkey_macro = None
        self.yum_conf = None
        self.failed_pattern_dir = None
        self.alias = None
@@ -113,6 +113,7 @@ def commit_to_git(config, name, success):
    call("git add whatrequires", check=False, stderr=subprocess.DEVNULL, cwd=path)
    call("git add description", check=False, stderr=subprocess.DEVNULL, cwd=path)
    call("git add attrs", check=False, stderr=subprocess.DEVNULL, cwd=path)
+    call("git add archive.diff", check=False, stderr=subprocess.DEVNULL, cwd=path)

    # remove deprecated config files
    call("git rm make_install_append", check=False, stderr=subprocess.DEVNULL, cwd=path)
@@ -159,8 +159,17 @@ class Specfile(object):

        # if package is verified, include the signature in the source tarball
        if self.keyid and self.config.signature:
+            # We'll need gnupg to verify the signature. Need to add it here so it's ready before write_buildreq
+            self.requirements.add_buildreq("gnupg")
+
            count += 1
            self._write_strip(f"Source{count}  : {self.config.signature}")
+            self.config.signature_macro = f"%{{SOURCE{count}}}"
+
+            # Also include the public key in the source tarball.
+            count += 1
+            self._write_strip(f"Source{count}  : {self.keyid}.pkey")
+            self.config.pkey_macro = f"%{{SOURCE{count}}}"

        for source in self.config.extra_sources:
            count += 1
@@ -430,6 +439,12 @@ class Specfile(object):
    def write_prep(self):
        """Write prep section to spec file."""
        self._write_strip("%prep")
+        if self.keyid and self.config.signature:
+            self._write_strip("mkdir .gnupg")
+            self._write_strip("chmod 700 .gnupg")
+            self._write_strip(f"gpg --homedir .gnupg --import {self.config.pkey_macro}")
+            self._write_strip(f"gpg --homedir .gnupg --status-fd 1 --verify {self.config.signature_macro} %{{SOURCE0}} > gpg.status")
+            self._write_strip(f"grep -E '^\\[GNUPG:\\] (GOODSIG|EXPKEYSIG) {self.keyid}' gpg.status")
        self.write_prep_prepend()
        prefix = self.content.prefixes[self.url]
        if self.config.default_pattern == 'R':
@@ -26,7 +26,7 @@ import tarfile
 import zipfile

 import download
-from util import do_regex, get_sha1sum, print_fatal, write_out
+from util import call, do_regex, get_sha1sum, print_fatal, write_out


 class Source():
@@ -135,7 +135,7 @@ def convert_version(ver_str, name):
    # them out with expensive regular expressions
    banned_subs = ["x86.64", "source", "src", "all", "bin", "release", "rh",
                   "ga", ".ce", "lcms", "onig", "linux", "gc", "sdk", "orig",
-                   "jurko", "%2f", "%2F", "%20"]
+                   "jurko", "%2f", "%2F", "%20", "x265"]

    # package names may be modified in the version string by adding "lib" for
    # example. Remove these from the name before trying to remove the name from
@@ -184,6 +184,7 @@ class Content():
        self.prefixes = dict()
        self.config = config
        self.base_path = base_path
+        self.autogenerated_tarball = None

    def write_upstream(self, sha, tarfile, mode="w"):
        """Write the upstream hash to the upstream file."""
@@ -213,6 +214,14 @@ class Content():
        main_src = Source(url, '', src_path, self.config.default_pattern)
        return main_src

+    def process_autogenerated_source(self, url):
+        """Download any autogenerated source tarball for comparison."""
+        autogenerated_src = None
+        if url:
+            src_path = self.check_or_get_file(url, os.path.basename(url), mode="")
+            autogenerated_src = Source(url, '../autogenerated-tmp', src_path, self.config.default_pattern)
+        return autogenerated_src
+
    def print_header(self):
        """Print header for autospec run."""
        print("\n")
@@ -295,6 +304,9 @@ class Content():
                    name = re.sub(r"release-", '', name)
                    name = re.sub(r"\d*$", '', name)
                self.rawname = name
+                # Identify the auto-generated tarball URL for comparison
+                if "/releases/download/" in self.url:
+                    self.autogenerated_tarball = "https://github.com/" + match.group(1).strip() + "/" + self.repo + "/archive/refs/tags/" + match.group(3).strip() + ".tar.gz"
                version = match.group(3).replace(name, '')
                if "/archive/" not in self.url:
                    version = re.sub(r"^[-_.a-zA-Z]+", "", version)
@@ -427,3 +439,15 @@ class Content():
        archives_src = self.process_archives()
        # Extract all sources
        self.extract_sources(main_src, archives_src)
+        # Download and process any auto-generated source-tree archive for comparison
+        autogenerated_src = self.process_autogenerated_source(self.autogenerated_tarball)
+        # Extract autogenerated source for comparison
+        if autogenerated_src:
+            autogenerated_src.extract(os.path.join(self.base_path, 'autogenerated-tmp'))
+            # Move the autogenerated source to a non-version-named directory for consistent diffs
+            call(f"mv autogenerated-tmp/{autogenerated_src.prefix} autogenerated", check=True, cwd=self.base_path)
+            call("diff -u -r --unidirectional-new-file ../autogenerated ./",
+                 logfile="archive.diff.in", check=False, cwd=os.path.join(self.base_path, main_src.prefix))
+            call("grep -A14 -E '^(diff|Only in)' archive.diff.in",
+                 logfile="archive.diff", check=False, cwd=os.getcwd())
+            call("rm archive.diff.in", check=False, cwd=os.getcwd())
@@ -150,8 +150,9 @@ def binary_in_path(binary):

 def write_out(filename, content, mode="w"):
    """File.write convenience wrapper."""
-    with open_auto(filename, mode) as require_f:
-        require_f.write(content)
+    if mode:
+        with open_auto(filename, mode) as require_f:
+            require_f.write(content)


 def open_auto(*args, **kwargs):
Author	SHA1	Message	Date
Brett T. Warden	239d8cd618	Limit diff to ~10 lines Also include content of added files.	2024-04-15 17:13:34 -07:00
Brett T. Warden	16ee88cb20	Don't write source archive comparison tarball to upstreams file We only use this for source tree comparison, not part of the build, so don't add it to the upstreams file.	2024-04-15 16:59:57 -07:00
Brett T. Warden	617c67c388	Make flake8 happy	2024-04-15 16:00:38 -07:00
Brett T. Warden	2cf51ddfb9	Move autogenerated source tree to a versionless directory	2024-04-15 15:54:30 -07:00
Brett T. Warden	6174188098	Fix failure on packages that don't have an autogenerated source tarball	2024-04-15 15:25:16 -07:00
Brett T. Warden	61e16733c8	Capture diffs of dist tarballs vs auto-generated source archives from GitHub	2024-04-15 15:12:17 -07:00
Brett T. Warden	5905be97e8	Fix version parsing for x265	2024-04-12 09:23:30 -07:00
Brett T. Warden	81e1eebe28	Extend key ID matching to expired keys gpg accepts signatures with expired keys as long as the signature was made prior to key expiration. But it also changes the status-fd output format that we grep for the expected key ID. Make sure we look for the alternate EXPKEYSIG line in the output in that case to find the key ID.	2024-04-12 09:08:10 -07:00
Brett T. Warden	658bd0de10	Add gnupg as a buildreq if we'll need it during build	2024-04-11 16:10:02 -07:00
Brett T. Warden	b628caf931	Add Config fields for pkey and signature macros	2024-04-11 12:37:09 -07:00
Brett T. Warden	8142032e7c	Fix escaping to satisfy flake	2024-04-11 12:22:59 -07:00
Brett T. Warden	5a302d6c91	Check GPG package signatures during build Add gpg commands to the specfile so we verify the package signature during every rpmbuild. Also ensure that the signature key ID matches what we expect.	2024-04-11 12:22:59 -07:00