diff options
Diffstat (limited to 'src/librefetch')
-rwxr-xr-x | src/librefetch/librefetch | 76 | ||||
-rw-r--r-- | src/librefetch/librefetch.8.ronn | 8 |
2 files changed, 73 insertions, 11 deletions
diff --git a/src/librefetch/librefetch b/src/librefetch/librefetch index 49a8565..ea90e5b 100755 --- a/src/librefetch/librefetch +++ b/src/librefetch/librefetch @@ -3,6 +3,15 @@ # # Copyright (C) 2013-2015 Luke Shumaker <lukeshu@sbcglobal.net> # +# For just the create_signature() function: +# Copyright (C) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> +# Copyright (C) 2002-2006 Judd Vinet <jvinet@zeroflux.org> +# Copyright (C) 2005 Aurelien Foret <orelien@chez.com> +# Copyright (C) 2006 Miklos Vajna <vmiklos@frugalware.org> +# Copyright (C) 2005 Christian Hamar <krics@linuxforum.hu> +# Copyright (C) 2006 Alex Smith <alex@alex-smith.me.uk> +# Copyright (C) 2006 Andras Voroskoi <voroskoi@frugalware.org> +# # License: GNU GPLv3+ # # This file is part of Parabola. @@ -20,6 +29,9 @@ # You should have received a copy of the GNU General Public License # along with Parabola. If not, see <http://www.gnu.org/licenses/>. +# create_signature() is taken from pacman:makepkg, which is GPLv2+, +# so we take the '+' to combine it with our GPLv3+. + . "$(librelib conf)" . "$(librelib messages)" setup_traps @@ -46,9 +58,14 @@ usage() { beginning of a URL, 'libre://' expands to the first configured mirror." echo - prose "In create mode, it looks at a build script, and uses that to - create the source tarball. SOURCE_URL is ignored, except that it - is used to set the default value of OUTPUT_FILE." + prose "In create mode, it either looks at a build script and uses that + to create the source tarball, or it uses GPG to create a + signature (if OUTPUT_FILE ends with \`.sig\` or \`.sig.part\`). + If it is using GPG to create a signature, but the file that it is + trying to sign doesn't exist yet, it recurses on itself to first + create that file. SOURCE_URL is ignored, except that it is used + to set the default value of OUTPUT_FILE, and that it may be used + when recursing." echo prose "The default build script is 'PKGBUILD', or 'SRCBUILD' if it exists." @@ -83,6 +100,10 @@ main() { exit 1 fi + doit +} + +doit() { # Mode: help ########################################################### if [[ $mode =~ help ]]; then @@ -183,13 +204,26 @@ main() { # Mode: create ######################################################### if [[ $mode =~ create ]]; then - PKGEXT=${dst##*/} - export PKGEXT=${PKGEXT%.part} - export PKGDEST=${dst%/*} - export pkg_file=$dst + local base_dst=${dst%.part} + local suffix=${dst#"$base_dst"} - cd "$BUILDFILEDIR" - "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 || exit $? + if [[ $base_dst == *.sig ]]; then + if ! [[ -e $base_dst ]]; then + extra_opts=("${src%.sig}" "${base_dst%.sig}") + doit || exit $? + fi + create_signature "${base_dst%.sig}" || exit $? + if [[ -n $suffix ]]; then + mv -f "$base_dst" "$dst" + fi + else + export PKGEXT=${base_dst##*/} + export PKGDEST=${dst%/*} + export pkg_file=$dst + + cd "$BUILDFILEDIR" + "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 || exit $? + fi fi } @@ -393,4 +427,28 @@ modified_srcbuild() { printf '%s\n' "$new" } +################################################################################ + +# This function is taken almost verbatim from makepkg +create_signature() { + local ret=0 + local filename="$1" + msg "Signing package..." + + local SIGNWITHKEY=() + if [[ -n $GPGKEY ]]; then + SIGNWITHKEY=(-u "${GPGKEY}") + fi + # The signature will be generated directly in ascii-friendly format + gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" "$filename" || ret=$? + + + if (( ! ret )); then + msg2 "Created signature file %s." "$filename.sig" + else + error "Failed to sign package file." + return $ret + fi +} + main "$@" diff --git a/src/librefetch/librefetch.8.ronn b/src/librefetch/librefetch.8.ronn index da5ea60..7d3550f 100644 --- a/src/librefetch/librefetch.8.ronn +++ b/src/librefetch/librefetch.8.ronn @@ -85,8 +85,12 @@ ensure that as long as the same directory contents go in, an identical tarball will come out--the checksum of the file should not change based on when it is built or who builds it. -The `SRCBUILD` is either created, or sanitized if it already exists, -then fed to a modified version of `makepkg(8)`. +The `SRCBUILD` is either created, or sanitized if it already exists. +If the output filename does not end with `.sig` or `.sig.part`, then +the `SRCBUILD` is fed to a modified version of `makepkg(8)`. If the +output filename does end with `.sig` or `.sig.part`, then it uses GPG +to create a signature. If the file it is trying to sign does not +exist yet, librefetch recurses on itself to create it. The reason `makepkg` must be modified is that we need the resulting tarball to be deterministic (as well as not containing package |