Add dry-run options

kpcyrd · Aug 23, 2021 · 355f35b · 355f35b
1 parent 261277e
commit 355f35b
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 8 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,12 @@
 [package]
 name = "pacman-bintrans"
 version = "0.1.0"
+description = "Binary transparency for pacman"
 authors = ["kpcyrd <git@rxv.cc>"]
+license = "GPL-3.0"
+repository = "https://github.com/kpcyrd/pacman-bintrans"
+categories = ["command-line-utilities"]
+readme = "README.md"
 edition = "2018"
 
 [workspace]

diff --git a/pacman-bintrans-common/Cargo.toml b/pacman-bintrans-common/Cargo.toml
@@ -1,6 +1,10 @@
 [package]
 name = "pacman-bintrans-common"
 version = "0.1.0"
+description = "Binary transparency for pacman - common code"
+authors = ["kpcyrd <git@rxv.cc>"]
+license = "LGPL-3.0"
+repository = "https://github.com/kpcyrd/pacman-bintrans"
 edition = "2018"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

diff --git a/pacman-bintrans-monitor/Cargo.toml b/pacman-bintrans-monitor/Cargo.toml
@@ -1,6 +1,11 @@
 [package]
 name = "pacman-bintrans-monitor"
 version = "0.1.0"
+description = "Binary transparency for pacman - monitor tools"
+authors = ["kpcyrd <git@rxv.cc>"]
+license = "GPL-3.0"
+repository = "https://github.com/kpcyrd/pacman-bintrans"
+categories = ["command-line-utilities"]
 edition = "2018"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

diff --git a/pacman-bintrans-sign/Cargo.toml b/pacman-bintrans-sign/Cargo.toml
@@ -1,6 +1,11 @@
 [package]
 name = "pacman-bintrans-sign"
 version = "0.1.0"
+description = "Binary transparency for pacman - signing tools"
+authors = ["kpcyrd <git@rxv.cc>"]
+license = "GPL-3.0"
+repository = "https://github.com/kpcyrd/pacman-bintrans"
+categories = ["command-line-utilities"]
 edition = "2018"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

diff --git a/pacman-bintrans-sign/src/main.rs b/pacman-bintrans-sign/src/main.rs
@@ -50,6 +50,11 @@ struct Args {
     /// Minisign secret key used to sign packages
     #[structopt(long)]
     seckey_path: PathBuf,
+    /// Generate signatures but don't upload them
+    #[structopt(long)]
+    skip_upload: bool,
+    #[structopt(long)]
+    dry_run: bool,
 }
 
 async fn rekor_upload(pubkey: &PublicKeyBox, artifact: &[u8], signature: &str) -> Result<()> {
@@ -144,6 +149,11 @@ async fn main() -> Result<()> {
             continue;
         }
 
+        if args.dry_run {
+            info!("Dry-run: would sign package: {:?} => {:?}", pkg.sha256sum, pkg.filename);
+            continue;
+        }
+
         info!("Signing package");
         let data_reader = Cursor::new(&pkg.sha256sum);
         let sig = minisign::sign(None, &sk, data_reader, false, Some(&pkg.filename), None)?;
@@ -158,14 +168,16 @@ async fn main() -> Result<()> {
             }
         }
 
-        info!("Uploading to sigstore");
-        match rekor_upload(&pk, pkg.sha256sum.as_bytes(), &sig).await {
-            Ok(_) => {
-                debug!("Record uuid (todo)");
-                db.insert_sig(&pkg, sig.to_string(), Some("dummy".into()))?;
-            },
-            Err(err) => {
-                error!("Error(rekor): {:?}", err);
+        if args.skip_upload {
+            info!("Uploading to sigstore");
+            match rekor_upload(&pk, pkg.sha256sum.as_bytes(), &sig).await {
+                Ok(_) => {
+                    debug!("Record uuid (todo)");
+                    db.insert_sig(&pkg, sig.to_string(), Some("dummy".into()))?;
+                },
+                Err(err) => {
+                    error!("Error(rekor): {:?}", err);
+                }
             }
         }
     }