diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2021-01-22 20:43:44 -0500 |
---|---|---|
committer | bill-auger <mr.j.spam.me@gmail.com> | 2022-08-29 10:27:59 -0400 |
commit | ebf9e063c0e38d382f921cf4f7092b0cae78a0fb (patch) | |
tree | 485b97766ad676010243991014f43d603be8f111 | |
parent | 61dc063f6206557512c942500e99fcf90898211c (diff) |
refactor signature creation
-rwxr-xr-x | src/librefetch/librefetch | 95 |
1 files changed, 65 insertions, 30 deletions
diff --git a/src/librefetch/librefetch b/src/librefetch/librefetch index 9973342..21057b9 100755 --- a/src/librefetch/librefetch +++ b/src/librefetch/librefetch @@ -36,6 +36,10 @@ source "$(librelib conf)" source "$(librelib messages)" + +readonly SKIP_CREATE_SIGNATURE=1 # TODO: CLI option + + setup_traps trap 'rm -f -- "${tmpfiles[@]}"; rm -rf -- "${tmpdirs[@]}"' EXIT @@ -213,31 +217,57 @@ doit() { # The recursive `makepkg` invokation processes a modified PKGBUILD (per PKGBUILD_APPEND). if [[ $mode =~ create ]]; then - local base_dst=${dst%.part} - local suffix=${dst#"$base_dst"} - local src_missing_msg="Libre source not found. Attempting to create it from upstream sources." - local done_msg="Libre source created successfully" + local final_dst="${dst%.part}" + local suffix=${dst#"$final_dst"} + local src_missing_msg="Libre source-ball not found. Attempting to create it from upstream sources." + local done_msg="Libre source-ball created successfully" + + if [[ "$final_dst" == *.sig ]]; then # handle missing libre source-ball signature + local src_file=${src%.sig} + local out_file="${final_dst%.sig}" - if [[ $base_dst == *.sig ]]; then # recurse to create the libre source-ball, if it does not yet exist - # the libre source-ball signature is deferred to librerelease - if ! [[ -e ${base_dst%.sig} ]]; then - extra_opts=("${src%.sig}" "${base_dst%.sig}") + if ! [[ -e "$out_file" ]]; then + extra_opts=("$src_file" "$out_file") msg2 "${src_missing_msg}" doit || exit fi - create_signature "${base_dst%.sig}" || exit - if [[ -n $suffix ]]; then - mv -f "$base_dst" "$dst" + +# WIP: 'create_signature' normally entails manual password confirmation. +# in the case that a libre source-ball was just created, +# the build machine will not necessarily be able to sign it; +# and 'create_signature' would fail here, as a fatal error. +# however, librerelease will sign all tarballs, if necessary; +# so the current WIP defers the signature to librerelease +# see file.sh::download_file() +# TODO: adjust the usage() note about this signature if necessary + if rm $LIBRE_SRCBALL_CREATION_MARKER 2> /dev/null; then +# create_signature "${final_dst%.sig}" || exit + create_signature "${final_dst%.sig}" || true # WIP: + +# TODO: renaming here is probably not necessary; +# because the caller (file.sh::download_file()) will do it. +# are there other callers which would not? + if [[ -n $suffix && -f "$final_dst" ]]; then + mv -f "$final_dst" "$dst" + fi + else + return 1 fi - else + else # create libre source-ball export PKGDEST=${dst%/*} export pkg_file=$dst cd "$BUILDFILEDIR" msg2 "${src_missing_msg}" - "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 && msg2 "${done_msg}" || exit + rm -f $LIBRE_SRCBALL_CREATION_MARKER + if "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2; then + msg2 "${done_msg}" + cd - > /dev/null ; touch $LIBRE_SRCBALL_CREATION_MARKER ; + else + exit + fi fi fi } @@ -398,25 +428,30 @@ modified_srcbuild() { create_signature() { local filename="$1" - local gpg_remind_msg="Ensure that your GPG key is referenced in the PKGBUILD 'validpgpkeys' array." - local SIGNWITHKEY=() - - if [[ -n $GPGKEY ]]; then - SIGNWITHKEY=(-u "${GPGKEY}") - fi + local gpg_cmd=( gpg --detach-sign --use-agent --no-armor ) + local gpg_disabled_msg="Defering libre source-ball signature." + local gpg_signing_msg="Signing libre source-ball..." + local gpg_created_msg="Created signature file:" + local gpg_failed_msg="Failed to sign the libre source-ball!" + local gpg_sign_msg="The libre source-ball will be signed by librerelease later." + local gpg_remind_msg="Ensure that your GPG key is referenced in the PKGBUILD, before running librerelease." + local ret=0 + + if (( SKIP_CREATE_SIGNATURE )); then + msg2 "${gpg_disabled_msg}" ; prose "${gpg_sign_msg} ${gpg_remind_msg}" ; + else + if [[ -n "${GPGKEY}" ]]; then + gpg_cmd+=( --local-user "${GPGKEY}" ) + fi - msg "Signing libre source-ball..." - gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" --no-armor "$filename" &>/dev/null || ret=$EXIT_FAILURE + msg "${gpg_signing_msg}" + ${gpg_cmd[@]} "${filename}" &> /dev/null ; ret=$? ; - if (( ! ret )); then - msg2 "Created signature file: %s. - ${gpg_remind_msg}" "${filename}.sig" - else - error "Failed to sign the libre source-ball!!! - If you can not sign it now on this machine, - you can take it home, and run librerelease on it. - ${gpg_remind_msg}" - return $ret + if (( ! ret )); then + msg2 "%s %s." "${gpg_created_msg}" "${filename}.sig" ; prose "${gpg_remind_msg}" ; + else + warning "${gpg_failed_msg}" ; prose "${gpg_sign_msg} ${gpg_remind_msg}" ; + fi fi return ${ret} |