diff options
Diffstat (limited to 'trunk/lib/common.sh')
| -rw-r--r-- | trunk/lib/common.sh | 50 |
1 files changed, 33 insertions, 17 deletions
diff --git a/trunk/lib/common.sh b/trunk/lib/common.sh index 932c1c5..cc63bc6 100644 --- a/trunk/lib/common.sh +++ b/trunk/lib/common.sh @@ -1320,6 +1320,7 @@ function gen_meta { function repo_gpg_key { + # adds or updates a repository keyring # usage: repo_gpg_key <folder> [update] local folder="$1" update="$2" tmp_gpg_folder @@ -1335,7 +1336,7 @@ function repo_gpg_key { update=false fi - if [ $SIGN_PACKAGES -eq $on ]; then + if [ $SIGN -eq $on ]; then if [ -f "$folder/GPG-KEY" ]; then if $update || ! gpg --with-colons < $folder/GPG-KEY | cut -d : -f 5 | grep -q -e "$SIGN_KEYID$"; then echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..." @@ -1343,17 +1344,17 @@ function repo_gpg_key { tmp_gpg_folder="`mktemp -d $TMP/tmp_gpg_folder.XXXXXX`" tmp_gpg_pubkey="`mktemp -d $TMP/tmp_gpg_pubkey.XXXXXX`" - if [ ! -z "$SIGN_PACKAGES_USER" ]; then - chown $SIGN_PACKAGES_USER $tmp_gpg_folder - chown $SIGN_PACKAGES_USER $tmp_gpg_pubkey + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + chown $SIGN_USER $tmp_gpg_folder + chown $SIGN_USER $tmp_gpg_pubkey # merge pubkey information in a temporary keyring - su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEYID > $tmp_gpg_pubkey/pubkey.asc" - su $SIGN_PACKAGES_USER -c "gpg --homedir $tmp_gpg_folder --import < $folder/GPG-KEY" - su $SIGN_PACKAGES_USER -c "gpg --homedir $tmp_gpg_folder --import < $tmp_gpg_pubkey/pubkey.asc" + su $SIGN_USER -c "gpg --export --armor $SIGN_KEYID > $tmp_gpg_pubkey/pubkey.asc" + su $SIGN_USER -c "gpg --homedir $tmp_gpg_folder --import < $folder/GPG-KEY" + su $SIGN_USER -c "gpg --homedir $tmp_gpg_folder --import < $tmp_gpg_pubkey/pubkey.asc" # export temporary keyring to repository keyring - su $SIGN_PACKAGES_USER -c "gpg --homedir $tmp_gpg_folder --export --armor" > $folder/GPG-KEY + su $SIGN_USER -c "gpg --homedir $tmp_gpg_folder --export --armor" > $folder/GPG-KEY else # merge pubkey information in a temporary keyring gpg --export --armor $SIGN_KEYID > $tmp_gpg_pubkey/pubkey.asc @@ -1370,8 +1371,8 @@ function repo_gpg_key { fi else echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..." - if [ ! -z "$SIGN_PACKAGES_USER" ]; then - su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEYID" > $folder/GPG-KEY + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + su $SIGN_USER -c "gpg --export --armor $SIGN_KEYID" > $folder/GPG-KEY else gpg --export --armor $SIGN_KEYID > $folder/GPG-KEY fi @@ -1650,18 +1651,33 @@ function check_gnupg { } -function get_sign_packages_user { +function strip_gpg_signature { + + # strip gpg signature from file + # usage: strip_gpg_signature <file> + + local file="$1" + + if [ -e "$file" ]; then + if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $file; then + sed -e '1,3d' -e '/^$/d' -e '/-----BEGIN PGP SIGNATURE-----/,/-----END PGP SIGNATURE-----/d' $file + else + cat $file + fi + fi + +} + +function get_sign_user { # get sign package user # usage: get_sign_package_user - check_gnupg $SIGN_PACKAGES_USER + check_gnupg $SIGN_USER - if [ ! -z "$SIGN_PACKAGES_KEYID" ]; then - SIGN_KEYID="$SIGN_PACKAGES_KEYID" - else - if [ ! -z "$SIGN_PACKAGES_USER" ]; then - SIGN_KEYID="`su $SIGN_PACKAGES_USER -c \ + if [ -z "$SIGN_KEYID" ]; then + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + SIGN_KEYID="`su $SIGN_USER -c \ "gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5 | sed 's/^.*\(.\{8\}\)$/\1/'"`" else SIGN_KEYID="`gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5 | sed 's/^.*\(.\{8\}\)$/\1/'`" |