diff options
Diffstat (limited to 'trunk/src/mkbuild')
| -rwxr-xr-x | trunk/src/mkbuild | 146 |
1 files changed, 139 insertions, 7 deletions
diff --git a/trunk/src/mkbuild b/trunk/src/mkbuild index ffa4d04..6ca1259 100755 --- a/trunk/src/mkbuild +++ b/trunk/src/mkbuild @@ -238,6 +238,7 @@ function set_parameters { ;; '--sync' ) # Synchronize mkbuilds repository + mkbuild_update_keyring sync_repo $MKBUILDS_DIR $MKBUILDS_SVN exit $? ;; @@ -664,6 +665,10 @@ function submit_slackbuild { fi done + if [ "$SIGN_MANIFESTS" -eq $on ]; then + repo_gpg_key $SLACKBUILDS_DIR + fi + cd $WORK } @@ -708,6 +713,11 @@ function submit_mkbuild { done submit_cleanup + + if [ "$SIGN_MANIFESTS" -eq $on ]; then + repo_gpg_key $MKBUILDS_DIR + fi + cd $WORK } @@ -839,6 +849,30 @@ function load_parameters { COLOR_MODE="`eval_parameter COLOR_MODE none`" TMP="`eval_parameter TMP /tmp`" + SIGN_MANIFESTS="`eval_boolean_parameter SIGN_MANIFESTS $off`" + SIGN_MANIFESTS_USER="`eval_parameter SIGN_MANIFESTS_USER`" + SIGN_MANIFESTS_KEYID="`eval_parameter SIGN_MANIFESTS_KEYID`" + SIGN_MANIFESTS_WITH_GPG_AGENT="`eval_boolean_parameter SIGN_MANIFESTS_WITH_GPG_AGENT $off`" + + if [ ! -z "$SIGN_MANIFESTS_KEYID" ]; then + SIGN_MANIFESTS_KEYID="`echo $SIGN_MANIFESTS_KEYID | tr '[:lower:]' '[:upper:]'`" + fi + + if [ "$SIGN_MANIFESTS_WITH_GPG_AGENT" -eq $on ]; then + GPG_AGENT_OPTION="--use-agent" + else + GPG_AGENT_OPTION="" + fi + + # For use at common.sh functions + SIGN="$SIGN_MANIFESTS" + SIGN_KEYID="$SIGN_MANIFESTS_KEYID" + SIGN_USER="$SIGN_MANIFESTS_USER" + + if [ "$SIGN_MANIFESTS" -eq $on ]; then + get_sign_user + fi + } function file_metainfo { @@ -941,7 +975,7 @@ function update_manifest_info { fi # Save Manifest changes - sort $tmpfile > $WORK/Manifest + strip_gpg_signature $tmpfile | sort > $WORK/Manifest rm -f $tmpfile @@ -949,6 +983,12 @@ function update_manifest_info { function edit_manifest { + # Check if existing Manifest is properly signed + if ! check_manifest_signature; then + echo "Invalid signature at $WORK/Manifest, aborting." + return 1 + fi + # Update Manifest file echo "Updating Manifest..." @@ -994,6 +1034,9 @@ function edit_manifest { fi done + # Finally, sign the Manifest + sign_manifest + } function get_file { @@ -1150,6 +1193,12 @@ function update_manifest { return fi + # Check if existing Manifest is properly signed + if ! check_manifest_signature; then + echo "Invalid signature at $WORK/Manifest, aborting." + return 1 + fi + echo "Updating DIST information at $MKBUILD_NAME Manifest..." # Determine file location @@ -1162,6 +1211,9 @@ function update_manifest { echo "Can't get $DIST_SRC_NAME." fi + # Finally, sign the Manifest + sign_manifest + } function if_previous_error { @@ -1400,11 +1452,14 @@ function make_slackbuild { # Update Manifest file edit_manifest - # Commit SlackBuild - [ $SUBMIT_SLACKBUILD -eq $on ] && submit_slackbuild + if [ "$?" == "0" ]; then - # Commit mkbuild - [ $SUBMIT_MKBUILD -eq $on ] && submit_mkbuild + # Commit SlackBuild + [ $SUBMIT_SLACKBUILD -eq $on ] && submit_slackbuild + + # Commit mkbuild + [ $SUBMIT_MKBUILD -eq $on ] && submit_mkbuild + fi } @@ -1468,8 +1523,6 @@ function edit_mkbuild { # edit a mkbuild # usage: edit_mkbuild - local match - if [ -e "$MKBUILD_NAME" ]; then if [ -z "$EDITOR" ]; then EDITOR="vi" @@ -1482,6 +1535,85 @@ function edit_mkbuild { } +function mkbuild_update_keyring { + + # Update keyring using GPG-KEY from + # mkbuild repository + + local keyring keys key + + keyring="$MKBUILDS_DIR/GPG-KEY" + + if [ ! -e "$keyring" ]; then + repo_gpg_key $MKBUILDS_DIR + return + fi + + keys="`gpg --with-colons $MKBUILDS_DIR/GPG-KEY | cut -d : -f 5 | sed -e '/^$/d'`" + + for key in $keys; do + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + su $SIGN_USER -c "gpg --list-keys $key &> /dev/null" + if [ "$?" != "0" ]; then + echo "Updating keyring using $keyring..." + su $SIGN_USER -c "gpg --import $keyring" + break + fi + else + gpg --list-keys $key &> /dev/null + if [ "$?" != "0" ]; then + echo "Updating keyring using $keyring..." + gpg --import $keyring + break + fi + fi + done + +} + +function sign_manifest { + + # sign manifest file + # usage: sign_manifest + + if [ "$SIGN_MANIFESTS" -eq $on ]; then + echo "Signing Manifest..." + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + su $SIGN_USER -c "gpg $GPG_AGENT_OPTION --clearsign -u $SIGN_KEYID $WORK/Manifest" + mv $WORK/Manifest.asc $WORK/Manifest + else + gpg $GPG_AGENT_OPTION --clearsign -u $SIGN_KEYID $WORK/Manifest + mv $WORK/Manifest.asc $WORK/Manifest + fi + fi + +} + +function check_manifest_signature { + + # check if a manifest signature is valid + # usage: check_manifest_signature + + if [ -e "$WORK/Manifest" ]; then + if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $WORK/Manifest; then + echo "Checking existing Manifest signature..." + mkbuild_update_keyring + if [ ! -z "$SIGN_USER" ] && [ "`whoami`" != "$SIGN_USER" ]; then + su $SIGN_USER -c "gpg --verify $WORK/Manifest" + if [ "$?" != "0" ]; then + return 1 + fi + else + gpg --verify $WORK/Manifest + if [ "$?" != "0" ]; then + return 1 + fi + fi + fi + fi + +} + function delete_mkbuilds { # TODO |