diff options
| author | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2008-12-18 04:08:32 +0000 |
|---|---|---|
| committer | rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58> | 2008-12-18 04:08:32 +0000 |
| commit | ebf8ab9d674570c0bd65d4b3190d6f8ae23e65fd (patch) | |
| tree | 06d3d888416b3d53ac988ecdac0774b86bfd9a2e | |
| parent | 514766efcf2150970b5c7b2b347262569d2ae63f (diff) | |
| download | simplepkg-ebf8ab9d674570c0bd65d4b3190d6f8ae23e65fd.tar.gz simplepkg-ebf8ab9d674570c0bd65d4b3190d6f8ae23e65fd.tar.bz2 | |
enhanced gpg integration
git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@673 04377dda-e619-0410-9926-eae83683ac58
| -rw-r--r-- | trunk/lib/common.sh | 51 | ||||
| -rw-r--r-- | trunk/src/createpkg | 9 | ||||
| -rwxr-xr-x | trunk/src/simplaret | 26 |
3 files changed, 82 insertions, 4 deletions
diff --git a/trunk/lib/common.sh b/trunk/lib/common.sh index d516448..53fc0f2 100644 --- a/trunk/lib/common.sh +++ b/trunk/lib/common.sh @@ -1089,6 +1089,35 @@ function gen_meta { } +function repo_gpg_key { + + # usage: repo_gpg_key <folder> + + local folder="$1" + + if [ $SIGN_PACKAGES -eq $on ]; then + if [ -f "$folder/GPG-KEY" ]; then + if ! gpg --with-colons < $folder/GPG-KEY | cut -d : -f 5 | grep -q -e "$SIGN_KEYID$"; then + echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..." + if [ ! -z "$SIGN_PACKAGES_USER" ]; then + su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEY_ID" >> $folder/GPG-KEY + else + gpg --export --armor $SIGN_KEY_ID >> $folder/GPG-KEY + fi + fi + else + echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..." + if [ ! -z "$SIGN_PACKAGES_USER" ]; then + su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEY_ID" > $folder/GPG-KEY + else + gpg --export --armor $SIGN_KEY_ID > $folder/GPG-KEY + fi + fi + svn_add $folder/GPG-KEY + fi + +} + # ----------------------------------------------- # Error functions # ----------------------------------------------- @@ -1332,3 +1361,25 @@ function is_the_same { fi } + +function check_gnupg { + + # check if there's a keyring + # usage: check_gnupg [username] + + local user="$1" home + + if [ ! -z "$user" ]; then + echo "Setting up gnupg..." + home="`grep "^$user:" /etc/passwd | cut -d : -f 6`" + if [ ! -d "$home/.gnupg" ]; then + su $user -c "gpg --list-keys" + fi + else + if [ ! -d "$HOME/.gnupg" ]; then + echo "Setting up gnupg..." + gpg --list-keys + fi + fi + +} diff --git a/trunk/src/createpkg b/trunk/src/createpkg index 86be854..fe908b5 100644 --- a/trunk/src/createpkg +++ b/trunk/src/createpkg @@ -437,6 +437,7 @@ function update_metadata { cd $makepkg_repos + repo_gpg_key $makepkg_repos gen_meta $SUBFOLDER/$PKG_NAME gen_filelist update_md5_checksum $makepkg_repos $SUBFOLDER/$PKG_NAME @@ -697,10 +698,16 @@ if [ $SIGN_PACKAGES -eq $on ]; then echo "Signing package..." + check_gnupg $SIGN_PACKAGES_USER + if [ ! -z "$SIGN_PACKAGES_KEYID" ]; then SIGN_KEYID="-u $SIGN_PACKAGES_KEYID" else - SIGN_KEYID="" + if [ ! -z "$SIGN_PACKAGES_USER" ]; then + SIGN_KEYID="-u `su $SIGN_PACKAGES_USER -c "gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5"`" + else + SIGN_KEYID="-u `gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5`" + fi fi if [ ! -z "$SIGN_PACKAGES_USER" ]; then diff --git a/trunk/src/simplaret b/trunk/src/simplaret index df55526..1d9d47a 100755 --- a/trunk/src/simplaret +++ b/trunk/src/simplaret @@ -63,8 +63,8 @@ function simplaret_backup_index { function simplaret_check_index { for file in `simplaret_metafiles`; do - if [ ! -f "$1/$file" ] && [ -f "$1/$file" ]; then - echo restoring old $file to $1... + if [ ! -f "$1/$file" ] && [ -f "$1/$file.old" ]; then + echo Restoring old $file to $1... mv $1/$file.old $1/$file else rm -f $1/$file.old @@ -73,6 +73,21 @@ function simplaret_check_index { } +function simplaret_import_gpg_keys { + + if [ "$SIGNATURE_CHECKING" == "$on" ]; then + check_gnupg + if [ -f "$1/GPG-KEY" ] && [ -f "$1/GPG-KEY.old" ]; then + if diff $1/GPG-KEY $1/GPG-KEY.old &> /dev/null; then + gpg --import < $1/GPG-KEY + fi + elif [ -f "$1/GPG-KEY" ]; then + gpg --import < $1/GPG-KEY + fi + fi + +} + function simplaret_download { # download a file from a repo to a folder @@ -262,6 +277,7 @@ function simplaret_update { simplaret_get_index $repository_url $storage/$repository_name simplaret_check_index $storage/$repository_name + simplaret_import_gpg_keys $storage/$repository_name unset repository_name repository_url repository_protocol @@ -320,7 +336,11 @@ function simplaret_filelist { function simplaret_metafiles { - echo `simplaret_filelist` CHECKSUMS.md5 + if [ "$SIGNATURE_CHECKING" == "$on" ]; then + echo `simplaret_filelist` CHECKSUMS.md5 GPG-KEY + else + echo `simplaret_filelist` CHECKSUMS.md5 + fi } |