summaryrefslogtreecommitdiff
path: root/librerelease
diff options
context:
space:
mode:
authorNicolás Reynolds <apoyosis@correo.inta.gob.ar>2011-12-14 14:45:11 -0300
committerNicolás Reynolds <apoyosis@correo.inta.gob.ar>2011-12-14 14:45:11 -0300
commit54ba056b200a5ef141f8d589a2f45478c6bd8a6b (patch)
treed97679dc76728e0f2763a1ed82d8e52fe2195dc3 /librerelease
parentade30f1b9db8e10b23439a1c90b384b93483fcc7 (diff)
Do batch signing
* Removed signing code from librestage * Make package signatures mandatory * Make librerelease sign all packages at once * Verify existing signatures before releasing
Diffstat (limited to 'librerelease')
-rwxr-xr-xlibrerelease31
1 files changed, 31 insertions, 0 deletions
diff --git a/librerelease b/librerelease
index 56cf856..64f8887 100755
--- a/librerelease
+++ b/librerelease
@@ -46,6 +46,30 @@ function list_packages {
unset repos
}
+function sign_packages {
+ if [ -z "${GPG_AGENT_INFO}" ]; then
+ warning "It's better to use gpg-agent to sign packages in batches"
+ fi
+
+ packages=($(find "${WORKDIR}/staging/" -type f -iname '*.pkg.tar.?z'))
+ for package in ${packages[@]}; do
+ if [ -f "${package}${SIGEXT}" ]; then
+
+ warning "Package signature found, verifying..."
+
+# Verify that the signature is correct, else remove for re-signing
+ if ! gpg --quiet --verify "${package}${SIGEXT}" >/dev/null 2>&1; then
+ error "Failed! Resigning..."
+ rm -f "${package}${SIGEXT}"
+ else
+ continue
+ fi
+ fi
+
+ gpg --default-key "${SIGID}" --output "${package}${SIGEXT}" --detach-sig "${package}"
+ done
+}
+
# Remove everything that's not a package or a signature
function clean_non_packages {
find $WORKDIR/staging/ -type f \
@@ -73,6 +97,13 @@ done
[[ ! -z ${HOOKPRERELEASE} ]] && bash -c "${HOOKPRERELEASE}"
clean_non_packages
+if [ ! -z "${SIGID}" ]; then
+ sign_packages
+else
+ error "Package signing is *required*"
+ exit 1
+fi
+
msg "Uploading packages..."
rsync --recursive \
${dryrun} \