summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2015-05-31 13:28:57 -0600
committerLuke Shumaker <lukeshu@sbcglobal.net>2015-05-31 13:37:23 -0600
commitb9769d5af5e4be7a1c285ccf06df8a608d9d5825 (patch)
tree73a6263346a19bea766c4271acc8adb85ec336f6 /src
parent2a48b40b82770bbc54a79227a52306537bc615d7 (diff)
librefetch: Don't try to use makepkg to create .sig files.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/librefetch/librefetch76
-rw-r--r--src/librefetch/librefetch.8.ronn8
2 files changed, 73 insertions, 11 deletions
diff --git a/src/librefetch/librefetch b/src/librefetch/librefetch
index 49a8565..ea90e5b 100755
--- a/src/librefetch/librefetch
+++ b/src/librefetch/librefetch
@@ -3,6 +3,15 @@
#
# Copyright (C) 2013-2015 Luke Shumaker <lukeshu@sbcglobal.net>
#
+# For just the create_signature() function:
+# Copyright (C) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org>
+# Copyright (C) 2002-2006 Judd Vinet <jvinet@zeroflux.org>
+# Copyright (C) 2005 Aurelien Foret <orelien@chez.com>
+# Copyright (C) 2006 Miklos Vajna <vmiklos@frugalware.org>
+# Copyright (C) 2005 Christian Hamar <krics@linuxforum.hu>
+# Copyright (C) 2006 Alex Smith <alex@alex-smith.me.uk>
+# Copyright (C) 2006 Andras Voroskoi <voroskoi@frugalware.org>
+#
# License: GNU GPLv3+
#
# This file is part of Parabola.
@@ -20,6 +29,9 @@
# You should have received a copy of the GNU General Public License
# along with Parabola. If not, see <http://www.gnu.org/licenses/>.
+# create_signature() is taken from pacman:makepkg, which is GPLv2+,
+# so we take the '+' to combine it with our GPLv3+.
+
. "$(librelib conf)"
. "$(librelib messages)"
setup_traps
@@ -46,9 +58,14 @@ usage() {
beginning of a URL, 'libre://' expands to the first configured
mirror."
echo
- prose "In create mode, it looks at a build script, and uses that to
- create the source tarball. SOURCE_URL is ignored, except that it
- is used to set the default value of OUTPUT_FILE."
+ prose "In create mode, it either looks at a build script and uses that
+ to create the source tarball, or it uses GPG to create a
+ signature (if OUTPUT_FILE ends with \`.sig\` or \`.sig.part\`).
+ If it is using GPG to create a signature, but the file that it is
+ trying to sign doesn't exist yet, it recurses on itself to first
+ create that file. SOURCE_URL is ignored, except that it is used
+ to set the default value of OUTPUT_FILE, and that it may be used
+ when recursing."
echo
prose "The default build script is 'PKGBUILD', or 'SRCBUILD' if it
exists."
@@ -83,6 +100,10 @@ main() {
exit 1
fi
+ doit
+}
+
+doit() {
# Mode: help ###########################################################
if [[ $mode =~ help ]]; then
@@ -183,13 +204,26 @@ main() {
# Mode: create #########################################################
if [[ $mode =~ create ]]; then
- PKGEXT=${dst##*/}
- export PKGEXT=${PKGEXT%.part}
- export PKGDEST=${dst%/*}
- export pkg_file=$dst
+ local base_dst=${dst%.part}
+ local suffix=${dst#"$base_dst"}
- cd "$BUILDFILEDIR"
- "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 || exit $?
+ if [[ $base_dst == *.sig ]]; then
+ if ! [[ -e $base_dst ]]; then
+ extra_opts=("${src%.sig}" "${base_dst%.sig}")
+ doit || exit $?
+ fi
+ create_signature "${base_dst%.sig}" || exit $?
+ if [[ -n $suffix ]]; then
+ mv -f "$base_dst" "$dst"
+ fi
+ else
+ export PKGEXT=${base_dst##*/}
+ export PKGDEST=${dst%/*}
+ export pkg_file=$dst
+
+ cd "$BUILDFILEDIR"
+ "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 || exit $?
+ fi
fi
}
@@ -393,4 +427,28 @@ modified_srcbuild() {
printf '%s\n' "$new"
}
+################################################################################
+
+# This function is taken almost verbatim from makepkg
+create_signature() {
+ local ret=0
+ local filename="$1"
+ msg "Signing package..."
+
+ local SIGNWITHKEY=()
+ if [[ -n $GPGKEY ]]; then
+ SIGNWITHKEY=(-u "${GPGKEY}")
+ fi
+ # The signature will be generated directly in ascii-friendly format
+ gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" "$filename" || ret=$?
+
+
+ if (( ! ret )); then
+ msg2 "Created signature file %s." "$filename.sig"
+ else
+ error "Failed to sign package file."
+ return $ret
+ fi
+}
+
main "$@"
diff --git a/src/librefetch/librefetch.8.ronn b/src/librefetch/librefetch.8.ronn
index da5ea60..7d3550f 100644
--- a/src/librefetch/librefetch.8.ronn
+++ b/src/librefetch/librefetch.8.ronn
@@ -85,8 +85,12 @@ ensure that as long as the same directory contents go in, an identical
tarball will come out--the checksum of the file should not change
based on when it is built or who builds it.
-The `SRCBUILD` is either created, or sanitized if it already exists,
-then fed to a modified version of `makepkg(8)`.
+The `SRCBUILD` is either created, or sanitized if it already exists.
+If the output filename does not end with `.sig` or `.sig.part`, then
+the `SRCBUILD` is fed to a modified version of `makepkg(8)`. If the
+output filename does end with `.sig` or `.sig.part`, then it uses GPG
+to create a signature. If the file it is trying to sign does not
+exist yet, librefetch recurses on itself to create it.
The reason `makepkg` must be modified is that we need the resulting
tarball to be deterministic (as well as not containing package