From c2c90f7eb525c7bcbecac08037cfa1e77f994c14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= Date: Sat, 2 Jul 2011 16:36:45 -0300 Subject: Optional package signing support for librestage --- librestage | 45 ++++++++++++++++++++++++++++++++++++++------- libretools.conf | 5 +++++ 2 files changed, 43 insertions(+), 7 deletions(-) diff --git a/librestage b/librestage index d1784ab..e851dd4 100755 --- a/librestage +++ b/librestage @@ -72,7 +72,7 @@ SRCPKGDEST=${SRCPKGDEST:-.} PKGEXT=".pkg.tar.?z" -staged='n' +staged=false # Copies the packages to the specified repos inside staging for _arch in ${ARCHES[@]}; do for pkg in ${pkgname[@]}; do @@ -85,36 +85,67 @@ for _arch in ${ARCHES[@]}; do pkgfile=$(basename ${pkgpath}) + if [ ! -z "${SIGID}" ]; then + sigpath=${pkgpath}${SIGEXT} + sigfile=${pkgfile}${SIGEXT} + + msg "Signing package with ID ${SIGID}" + gpg --default-key "${SIGID}" --output ${sigpath} --detach-sig ${pkgpath} || { + error "Couldn't sign ${pkgfile}, aborting..." + exit 1 + } + fi + if [ -e "${pkgpath}" ]; then msg "Found ${pkgfile}" canonical="" for _repo in ${repos[@]}; do - [[ -z "$canonical" ]] && { + if [ -z "$canonical" ]; then canonical="${WORKDIR}/staging/${_repo}/${pkgfile}" + cp "${pkgpath}" "${WORKDIR}/staging/${_repo}/" || { error "Can't put ${pkgfile} on [staging]" exit 1 } && { msg2 "${pkg} staged on [${_repo}]" - staged='y' + staged=true } - } || { + + if [ ! -z "${SIGID}" ]; then + canonical_sig="${WORKDIR}/staging/${_repo}/${pkgfile}${SIGEXT}" + cp "${sigpath}" "${WORKDIR}/staging/${_repo}/" || { + error "Can't put ${sigfile} on [staging]" + exit 1 + } && { + msg2 "${pkg} signature on [${_repo}]" + } + fi + else ln "${canonical}" "${WORKDIR}/staging/${_repo}/${pkgfile}" || { error "Can't put ${pkgfile} on [staging]" exit 1 } && { msg2 "${pkg} staged on [${_repo}]" - staged='y' + staged=true } - } + + if [ ! -z "${SIGID}" ]; then + ln "${canonical_sig}" "${WORKDIR}/staging/${_repo}/${sigfile}" || { + error "Can't put ${sigfile} on [staging]" + exit 1 + } && { + msg2 "${pkg} signature on [${_repo}]" + } + fi + fi done fi done done -if [ $staged = 'n' ]; then +if ! $staged ; then error "No package was staged" exit 1 fi diff --git a/libretools.conf b/libretools.conf index a506af7..014243b 100644 --- a/libretools.conf +++ b/libretools.conf @@ -58,6 +58,11 @@ FULLBUILDCMD="sudo libremakepkg -cumL -M --noconfirm -M --nocheck" # Section for toru's vars TORUPATH=/var/lib/libretools/toru +## Package signing +# Leave commented to disable signing +#SIGEXT=".sig" +#SIGID="0xYOURID" + # Checks if vars aren't empty for VAR in CHROOTDIR CHROOT CHCOPY CACHEDIR PARABOLAHOST LIBREDESTDIR \ -- cgit v1.2.2 From 37013de11c60a9bbdb58bdc871d0c4b4fc899af3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= Date: Mon, 4 Jul 2011 11:40:05 -0300 Subject: LibreRelease uploads signatures --- librerelease | 132 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 68 insertions(+), 64 deletions(-) diff --git a/librerelease b/librerelease index 169ca0e..7df5184 100755 --- a/librerelease +++ b/librerelease @@ -21,67 +21,71 @@ # You should have received a copy of the GNU General Public License # along with Parabola. If not, see . - source /etc/libretools.conf - custom_config=$XDG_CONFIG_HOME/libretools/libretools.conf - - function usage { - echo "$(gettext "Usage: $0")" - echo - echo "$(gettext "This script uploads packages on $WORKDIR/stagging")" - echo "$(gettext "to parabola server.")" - echo - echo "$(gettext "OPTIONS:")" - echo "$(gettext " -h this message.")" - echo "$(gettext " -l only list packages but not upload them.")" - echo "$(gettext " -c clean packages on $WORKDIR/staging.")" - } - - function list_packages { - repos=($(find "$WORKDIR/staging/" -mindepth 1 -type d \! -empty -printf '%f ' 2>/dev/null)) - for _repo in ${repos[@]}; do - msg2 "$_repo" - find ${WORKDIR}/staging/${_repo} -type f -printf "%f\n" - done - unset repos - } - - function clean_non_packages { - find $WORKDIR/staging/ -type f \! -iname "*.pkg.tar.?z" -delete - } - - function clean_packages { - find ${WORKDIR}/staging/ -iname "*.pkg.tar.?z" -delete - } - - while getopts 'hlc' arg; do - case $arg in - h) usage; exit 0 ;; - l) list_packages; exit 0 ;; - c) clean_packages; exit $? ;; - esac - done - - [[ -e $custom_config ]] && source $custom_config - - [[ ! -z ${HOOKPRERELEASE} ]] && bash -c "${HOOKPRERELEASE}" - - clean_non_packages - msg "Uploading packages..." - rsync --recursive \ - --copy-links \ - --hard-links \ - --partial \ - --prune-empty-dirs \ - --human-readable \ - --progress \ - -e "ssh " \ - ${WORKDIR}/staging \ - ${PARABOLAHOST}:${LIBREDESTDIR}/ || { - error "Sync failed, try again" - exit 1 - } - - msg "Removing packages from local [staging]" - clean_packages - - exit 0 +source /etc/libretools.conf +custom_config=$XDG_CONFIG_HOME/libretools/libretools.conf + +function usage { + echo "$(gettext "Usage: $0")" + echo + echo "$(gettext "This script uploads packages on $WORKDIR/stagging")" + echo "$(gettext "to parabola server.")" + echo + echo "$(gettext "OPTIONS:")" + echo "$(gettext " -h this message.")" + echo "$(gettext " -l only list packages but not upload them.")" + echo "$(gettext " -c clean packages on $WORKDIR/staging.")" +} + +function list_packages { + repos=($(find "$WORKDIR/staging/" -mindepth 1 -type d \! -empty -printf '%f ' 2>/dev/null)) + for _repo in ${repos[@]}; do + msg2 "$_repo" + find ${WORKDIR}/staging/${_repo} -type f -printf "%f\n" + done + unset repos +} + +# Remove everything that's not a package or a signature +function clean_non_packages { + find $WORKDIR/staging/ -type f \ + \! -iname "*.pkg.tar.?z" -a \! -iname "*.pkg.tar.?z.sig" \ + -delete +} + +# Clean everything +function clean { + find ${WORKDIR}/staging/ -type f -delete +} + +while getopts 'hlc' arg; do + case $arg in + h) usage; exit 0 ;; + l) list_packages; exit 0 ;; + c) clean_packages; exit $? ;; + esac +done + +[[ -e $custom_config ]] && source $custom_config + +[[ ! -z ${HOOKPRERELEASE} ]] && bash -c "${HOOKPRERELEASE}" + +clean_non_packages +msg "Uploading packages..." +rsync --recursive \ + --copy-links \ + --hard-links \ + --partial \ + --prune-empty-dirs \ + --human-readable \ + --progress \ + -e "ssh " \ + ${WORKDIR}/staging \ + ${PARABOLAHOST}:${LIBREDESTDIR}/ || { + error "Sync failed, try again" + exit 1 + } + +msg "Removing packages from local [staging]" +clean + +exit 0 -- cgit v1.2.2