diff options
author | Nicolas Vigier <boklm@mageia.org> | 2011-02-11 19:42:59 +0000 |
---|---|---|
committer | Nicolas Vigier <boklm@mageia.org> | 2011-02-11 19:42:59 +0000 |
commit | 8d84a2b3d8c833d03170c206c163264b55923eac (patch) | |
tree | 47ea6a5b47767b5d4eb571c1d47672f11ef36975 /modules | |
parent | a37d750a1919a63d5890f61448ec31f103384c58 (diff) | |
download | puppet-8d84a2b3d8c833d03170c206c163264b55923eac.tar puppet-8d84a2b3d8c833d03170c206c163264b55923eac.tar.gz puppet-8d84a2b3d8c833d03170c206c163264b55923eac.tar.bz2 puppet-8d84a2b3d8c833d03170c206c163264b55923eac.tar.xz puppet-8d84a2b3d8c833d03170c206c163264b55923eac.zip |
add wrapper script to sign package, check signature, and sign in a loop while signature is not correct
Diffstat (limited to 'modules')
-rw-r--r-- | modules/buildsystem/manifests/init.pp | 8 | ||||
-rw-r--r-- | modules/buildsystem/templates/sign-check-package | 16 | ||||
-rw-r--r-- | modules/buildsystem/templates/sudoers.signpackage | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/modules/buildsystem/manifests/init.pp b/modules/buildsystem/manifests/init.pp index 7df10179..b17c12c2 100644 --- a/modules/buildsystem/manifests/init.pp +++ b/modules/buildsystem/manifests/init.pp @@ -88,6 +88,14 @@ class buildsystem { mode => 644, content => template("buildsystem/signbot-rpmmacros") } + + file { "/usr/local/bin/sign-check-package": + ensure => present, + owner => root, + group => root, + mode => 755, + content => template("buildsystem/sign-check-package") + } } class scheduler { diff --git a/modules/buildsystem/templates/sign-check-package b/modules/buildsystem/templates/sign-check-package new file mode 100644 index 00000000..de397f02 --- /dev/null +++ b/modules/buildsystem/templates/sign-check-package @@ -0,0 +1,16 @@ +#!/bin/sh + +file="$1" +key="$2" +keydir="$3" + +tmpfile=`/tmp/tmp.fMzaAHPDgM` +cp -p "$file" "$tmpfile" +rpm --delsign "$tmpfile" +/usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir" +while rpmsign -Kv "$tmpfile" 2>&1 | grep BAD +do + cp -p "$file" "$tmpfile" + /usr/bin/mga-signpackage "$tmpfile" "$key" "$keydir" +done +mv -f "$tmpfile" "$file" diff --git a/modules/buildsystem/templates/sudoers.signpackage b/modules/buildsystem/templates/sudoers.signpackage index 094b83f5..2322c186 100644 --- a/modules/buildsystem/templates/sudoers.signpackage +++ b/modules/buildsystem/templates/sudoers.signpackage @@ -1 +1,2 @@ <%= sched_login %> ALL =(<%= sign_login %>) NOPASSWD: /usr/bin/mga-signpackage +<%= sched_login %> ALL =(<%= sign_login %>) NOPASSWD: /usr/local/bin/sign-check-package |