put signbot templates file in a subdirectory ( cleaner to not have

everything in one directory )
author: Michael Scherer <misc@mageia.org> 2012-01-07 23:19:19 +0000
committer: Michael Scherer <misc@mageia.org> 2012-01-07 23:19:19 +0000
commit: d7851384c14811b58c0b196dece1adb27e5d0636 (patch)
tree: 72b9dc77656299dcd6c08ceb834dc2691acdf593 /modules/buildsystem/templates/signbot
parent: 40478c4d783d2f43d309d7ad82e348349761c628 (diff)
download: puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar
puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.gz
puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.bz2
puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.xz
puppet-d7851384c14811b58c0b196dece1adb27e5d0636.zip
3 files changed, 40 insertions, 0 deletions
diff --git a/modules/buildsystem/templates/signbot/sign-check-package b/modules/buildsystem/templates/signbot/sign-check-package
new file mode 100644
index 00000000..4c6d1937
--- /dev/null
+++ b/modules/buildsystem/templates/signbot/sign-check-package
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+if [ $# != 3 ] ; then 
+    echo "missing arguments"
+    echo "usage : $0 file key_number key_directory"
+    exit 1
+fi
+ 
+file="$1"
+key="$2"
+keydir="$3"
+
+tmpfile=`mktemp`
+cp -pf "$file" "$tmpfile"
+rpm --delsign "$tmpfile"
+/usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir"
+nbtry=0
+while rpmsign -Kv "$tmpfile" 2>&1 | grep BAD
+do
+    nbtry=$(($nbtry + 1))
+    if [ $nbtry -ge 30 ]
+    then
+	exit 1
+    fi
+
+    # Archive failed file for further analysis
+    mkdir -p "/tmp/failed-sign/"
+    failedfile="/tmp/failed-sign/$(basename "$file").$(date +%Y%m%d%H%M%S)"
+    cp -pf "$file" "$failedfile"
+
+    cp -pf "$file" "$tmpfile"
+    rpm --delsign "$tmpfile"
+    /usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir"
+done
+mv -f "$tmpfile" "$file"
diff --git a/modules/buildsystem/templates/signbot/signbot-rpmmacros b/modules/buildsystem/templates/signbot/signbot-rpmmacros
new file mode 100644
index 00000000..aab7e389
--- /dev/null
+++ b/modules/buildsystem/templates/signbot/signbot-rpmmacros
@@ -0,0 +1,3 @@
+%__gpg_sign_cmd                 %{__gpg} \
+        gpg --batch --force-v3-sigs --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning \
+        -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
diff --git a/modules/buildsystem/templates/signbot/sudoers.signpackage b/modules/buildsystem/templates/signbot/sudoers.signpackage
new file mode 100644
index 00000000..2322c186
--- /dev/null
+++ b/modules/buildsystem/templates/signbot/sudoers.signpackage
@@ -0,0 +1,2 @@
+<%= sched_login %>	ALL =(<%= sign_login %>) NOPASSWD: /usr/bin/mga-signpackage
+<%= sched_login %>	ALL =(<%= sign_login %>) NOPASSWD: /usr/local/bin/sign-check-package
author	Michael Scherer <misc@mageia.org>	2012-01-07 23:19:19 +0000
committer	Michael Scherer <misc@mageia.org>	2012-01-07 23:19:19 +0000
commit	d7851384c14811b58c0b196dece1adb27e5d0636 (patch)
tree	72b9dc77656299dcd6c08ceb834dc2691acdf593 /modules/buildsystem/templates/signbot
parent	40478c4d783d2f43d309d7ad82e348349761c628 (diff)
download	puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.gz puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.bz2 puppet-d7851384c14811b58c0b196dece1adb27e5d0636.tar.xz puppet-d7851384c14811b58c0b196dece1adb27e5d0636.zip