add wrapper script to sign package, check signature, and sign in a loop while signature is not correct

2 files changed, 17 insertions, 0 deletions

diff --git a/modules/buildsystem/templates/sign-check-package b/modules/buildsystem/templates/sign-check-package
new file mode 100644
index 00000000..de397f02
--- /dev/null
+++ b/modules/buildsystem/templates/sign-check-package
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+file="$1"
+key="$2"
+keydir="$3"
+
+tmpfile=`/tmp/tmp.fMzaAHPDgM`
+cp -p "$file" "$tmpfile"
+rpm --delsign "$tmpfile"
+/usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir"
+while rpmsign -Kv "$tmpfile" 2>&1 | grep BAD
+do
+    cp -p "$file" "$tmpfile"
+    /usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir"
+done
+mv -f "$tmpfile" "$file"
diff --git a/modules/buildsystem/templates/sudoers.signpackage b/modules/buildsystem/templates/sudoers.signpackage
index 094b83f5..2322c186 100644
--- a/modules/buildsystem/templates/sudoers.signpackage
+++ b/modules/buildsystem/templates/sudoers.signpackage
@@ -1 +1,2 @@
 <%= sched_login %>	ALL =(<%= sign_login %>) NOPASSWD: /usr/bin/mga-signpackage
+<%= sched_login %>	ALL =(<%= sign_login %>) NOPASSWD: /usr/local/bin/sign-check-package