diff options
Diffstat (limited to 'modules/buildsystem/files/signbot')
| -rwxr-xr-x | modules/buildsystem/files/signbot/mga-signpackage | 31 | ||||
| -rw-r--r-- | modules/buildsystem/files/signbot/sign-check-package | 37 | ||||
| -rw-r--r-- | modules/buildsystem/files/signbot/signbot-rpmmacros | 3 |
3 files changed, 71 insertions, 0 deletions
diff --git a/modules/buildsystem/files/signbot/mga-signpackage b/modules/buildsystem/files/signbot/mga-signpackage new file mode 100755 index 00000000..bd88efeb --- /dev/null +++ b/modules/buildsystem/files/signbot/mga-signpackage @@ -0,0 +1,31 @@ +#!/usr/bin/perl -w + +use strict; +use warnings; +use RPM4::Sign; +use File::Spec; + +sub signpackage { + my ($file, $name, $path) = @_; + + # check if parent directory is writable + my $parent = (File::Spec->splitpath($file))[1]; + die "Unsignable package, parent directory is read-only" + unless -w $parent; + + my $sign = RPM4::Sign->new( + name => $name, + path => $path, + passphrase => '', + ); + + $sign->rpmssign($file) +} + +if (@ARGV != 3) { + exit 1; +} + +signpackage(@ARGV); +exit 0 + diff --git a/modules/buildsystem/files/signbot/sign-check-package b/modules/buildsystem/files/signbot/sign-check-package new file mode 100644 index 00000000..fc9704fd --- /dev/null +++ b/modules/buildsystem/files/signbot/sign-check-package @@ -0,0 +1,37 @@ +#!/bin/sh + +if [ $# != 3 ] ; then + echo "missing arguments" + echo "usage : $0 file key_number key_directory" + exit 1 +fi + +file="$1" +key="$2" +keydir="$3" + +tmpdir=`mktemp -d ${TMPDIR:-/tmp}/signbot-XXXXX` +tmpfile="$tmpdir/$(basename $file)" +cp -pf "$file" "$tmpfile" +rpm --delsign "$tmpfile" +/usr/local/bin/mga-signpackage "$tmpfile" "$key" "$keydir" +nbtry=0 +while rpmsign -Kv "$tmpfile" 2>&1 | grep BAD +do + nbtry=$(($nbtry + 1)) + if [ $nbtry -ge 30 ] + then + exit 1 + fi + + # Archive failed file for further analysis + mkdir -p "/tmp/failed-sign/" + failedfile="/tmp/failed-sign/$(basename "$file").$(date +%Y%m%d%H%M%S)" + cp -pf "$file" "$failedfile" + + cp -pf "$file" "$tmpfile" + rpm --delsign "$tmpfile" + /usr/local/bin/mga-signpackage "$tmpfile" "$key" "$keydir" +done +mv -f "$tmpfile" "$file" +rmdir "$tmpdir" diff --git a/modules/buildsystem/files/signbot/signbot-rpmmacros b/modules/buildsystem/files/signbot/signbot-rpmmacros new file mode 100644 index 00000000..aab7e389 --- /dev/null +++ b/modules/buildsystem/files/signbot/signbot-rpmmacros @@ -0,0 +1,3 @@ +%__gpg_sign_cmd %{__gpg} \ + gpg --batch --force-v3-sigs --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning \ + -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename} |