Merge pull request #446 from greenbone/y0urself/pontos-sign-214

[21.04] Add signing to workflow ...

.github/workflows/release-pontos-patch.yml

@@ -11,6 +11,9 @@ jobs:
       GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
       GITHUB_MAIL: ${{ secrets.GREENBONE_BOT_MAIL }}
       GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
+      GPG_KEY: ${{ secrets.GPG_KEY }}
+      GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
     name: Release patch with pontos
     # If the label 'make patch release' is set. If PR is closed because of an merge
     if: contains( github.event.pull_request.labels.*.name, 'make patch release') && github.event.pull_request.merged == true
@@ -30,11 +33,26 @@ jobs:
         git config --global user.name "${{ env.GITHUB_USER }}"
         git config --global user.email "${{ env.GITHUB_MAIL }}"
         git remote set-url origin https://${{ env.GITHUB_TOKEN }}@github.com/${{ github.repository }}
-      
-    - name: Print base branch
-      # we always should've checked out the correct branch'
-      run: echo "Current Branch is $GITHUB_BASE_REF"
+    - run: echo "Current Branch is $GITHUB_BASE_REF"
     - name: Prepare patch release with pontos
-      run: poetry run pontos-release prepare --patch
+      run: |
+        poetry run pontos-release prepare --patch
+        echo "VERSION=$(poetry run pontos-version show)" >> $GITHUB_ENV
     - name: Release with pontos
-      run: poetry run pontos-release release
+      run: |
+        poetry run pontos-release release
+    - name: Import key from secrets
+      run: |
+        echo -e "${{ env.GPG_KEY }}" >> tmp.file
+        gpg                                        \
+          --pinentry-mode loopback                 \
+          --passphrase ${{ env.GPG_PASSPHRASE }}   \
+          --import tmp.file
+        rm tmp.file
+    - name: Sign with pontos-release sign
+      run: |
+        echo "Signing assets for ${{env.VERSION}}"
+        poetry run pontos-release sign             \
+          --signing-key ${{ env.GPG_FINGERPRINT }} \
+          --passphrase ${{ env.GPG_PASSPHRASE }}   \
+          --release-version ${{ env.VERSION }}

ospd/main.py

@@ -109,9 +109,7 @@ def main(
 
     if args.port == 0:
         server = UnixSocketServer(
-            args.unix_socket,
-            args.socket_mode,
-            args.stream_timeout,
+            args.unix_socket, args.socket_mode, args.stream_timeout
         )
     else:
         server = TlsServer(

ospd/ospd.py

@@ -28,16 +28,7 @@
 import os
 
 from pprint import pformat
-from typing import (
-    List,
-    Any,
-    Iterator,
-    Dict,
-    Optional,
-    Iterable,
-    Tuple,
-    Union,
-)
+from typing import List, Any, Iterator, Dict, Optional, Iterable, Tuple, Union
 from xml.etree.ElementTree import Element, SubElement
 
 import defusedxml.ElementTree as secET
@@ -54,11 +45,7 @@
 from ospd.server import BaseServer, Stream
 from ospd.vtfilter import VtsFilter
 from ospd.vts import Vts
-from ospd.xml import (
-    elements_as_text,
-    get_result_xml,
-    get_progress_xml,
-)
+from ospd.xml import elements_as_text, get_result_xml, get_progress_xml
 
 logger = logging.getLogger(__name__)
 
@@ -583,9 +570,7 @@ def handle_timeout(self, scan_id: str, host: str) -> None:
         )
 
     def sort_host_finished(
-        self,
-        scan_id: str,
-        finished_hosts: Union[List[str], str],
+        self, scan_id: str, finished_hosts: Union[List[str], str]
     ) -> None:
         """Check if the finished host in the list was alive or dead
         and update the corresponding alive_count or dead_count."""
@@ -638,10 +623,7 @@ def set_scan_progress_batch(
         self.set_scan_progress(scan_id)
 
     def set_scan_host_progress(
-        self,
-        scan_id: str,
-        host: str = None,
-        progress: int = None,
+        self, scan_id: str, host: str = None, progress: int = None
     ) -> None:
         """Sets host's progress which is part of target.
         Each time a host progress is updated, the scan progress
@@ -659,11 +641,7 @@ def set_scan_host_progress(
         host_progress = {host: progress}
         self.set_scan_progress_batch(scan_id, host_progress)
 
-    def get_scan_host_progress(
-        self,
-        scan_id: str,
-        host: str = None,
-    ) -> int:
+    def get_scan_host_progress(self, scan_id: str, host: str = None) -> int:
         """ Get host's progress which is part of target."""
         current_progress = self.scan_collection.get_current_target_progress(
             scan_id
@@ -709,11 +687,7 @@ def get_help_text(self) -> str:
 
             if elements:
                 command_txt = ''.join(
-                    [
-                        command_txt,
-                        "\t Elements:\n",
-                        elements_as_text(elements),
-                    ]
+                    [command_txt, "\t Elements:\n", elements_as_text(elements)]
                 )
 
             txt += command_txt
@@ -781,9 +755,7 @@ def _get_scan_progress_raw(self, scan_id: str) -> Dict:
         )
 
         logging.debug(
-            "%s: Current progress: \n%s",
-            scan_id,
-            pformat(current_progress),
+            "%s: Current progress: \n%s", scan_id, pformat(current_progress)
         )
         return current_progress
 
@@ -1384,7 +1356,7 @@ def scheduler(self):
 
     def wait_for_children(self):
         """ Join the zombie process to releases resources."""
-        for scan_id in self.scan_processes:
+        for scan_id, _ in self.scan_processes.items():
             self.scan_processes[scan_id].join(0)
 
     def create_scan(

ospd/resultlist.py

@@ -44,12 +44,7 @@ def add_scan_host_detail_to_list(
     ) -> None:
         """ Adds a host detail result to result list. """
         self.add_result_to_list(
-            ResultType.HOST_DETAIL,
-            host,
-            hostname,
-            name,
-            value,
-            uri,
+            ResultType.HOST_DETAIL, host, hostname, name, value, uri
         )
 
     def add_scan_error_to_list(
@@ -64,14 +59,7 @@ def add_scan_error_to_list(
     ) -> None:
         """ Adds an error result to result list. """
         self.add_result_to_list(
-            ResultType.ERROR,
-            host,
-            hostname,
-            name,
-            value,
-            port,
-            test_id,
-            uri,
+            ResultType.ERROR, host, hostname, name, value, port, test_id, uri
         )
 
     def add_scan_log_to_list(

ospd/scan.py

@@ -326,11 +326,7 @@ def create_scan(
         scan_info['start_time'] = int(time.time())
         scan_info['end_time'] = 0
 
-        scan_info_to_pickle = {
-            'target': target,
-            'options': options,
-            'vts': vts,
-        }
+        scan_info_to_pickle = {'target': target, 'options': options, 'vts': vts}
 
         if scan_id is None or scan_id == '':
             scan_id = str(uuid.uuid4())

ospd/server.py

@@ -180,15 +180,13 @@ def handle_request(self, request, client_address):
 
 
 class ThreadedUnixSocketServer(
-    SocketServerMixin,
-    socketserver.ThreadingUnixStreamServer,
+    SocketServerMixin, socketserver.ThreadingUnixStreamServer
 ):
     pass
 
 
 class ThreadedTlsSocketServer(
-    SocketServerMixin,
-    socketserver.ThreadingTCPServer,
+    SocketServerMixin, socketserver.ThreadingTCPServer
 ):
     pass
 

ospd/vts.py

@@ -23,14 +23,7 @@
 import re
 
 from copy import deepcopy
-from typing import (
-    Dict,
-    Any,
-    Type,
-    Iterator,
-    Iterable,
-    Tuple,
-)
+from typing import Dict, Any, Type, Iterator, Iterable, Tuple
 
 from ospd.errors import OspdError
 
@@ -41,9 +34,7 @@
 
 class Vts:
     def __init__(
-        self,
-        storage: Type[Dict] = None,
-        vt_id_pattern=DEFAULT_VT_ID_PATTERN,
+        self, storage: Type[Dict] = None, vt_id_pattern=DEFAULT_VT_ID_PATTERN
     ):
         self.storage = storage