From 7e1b02c18e197ef37b09c15631fba20bd13b6a54 Mon Sep 17 00:00:00 2001
From: rhatto <rhatto@04377dda-e619-0410-9926-eae83683ac58>
Date: Thu, 18 Dec 2008 18:29:23 +0000
Subject: safer method to sign packages

git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@688 04377dda-e619-0410-9926-eae83683ac58
---
 trunk/src/createpkg | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'trunk')

diff --git a/trunk/src/createpkg b/trunk/src/createpkg
index a46b911..6c0a4df 100644
--- a/trunk/src/createpkg
+++ b/trunk/src/createpkg
@@ -716,10 +716,11 @@ if [ $SIGN_PACKAGES -eq $on ]; then
   fi
 
   if [ ! -z "$SIGN_PACKAGES_USER" ]; then
-    rm -f $TMP/$PKG_NAME.asc
-    su $SIGN_PACKAGES_USER -c "gpg --use-agent --armor -sb -u $SIGN_KEYID -o $TMP/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME"
-    cp $TMP/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME.asc
-    rm -f $TMP/$PKG_NAME.asc
+    tmp_sign_folder="`mktemp -d $TMP/createpkg_sign.XXXXXX`"
+    chown $SIGN_PACKAGES_USER $tmp_sign_folder
+    su $SIGN_PACKAGES_USER -c "gpg --use-agent --armor -sb -u $SIGN_KEYID -o $tmp_sign_folder/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME"
+    cp $tmp_sign_folder/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME.asc
+    rm -rf $tmp_sign_folder
   else
     gpg --use-agent --armor -sb -u $SIGN_KEYID $PACKAGES_DIR/$PKG_NAME
   fi
-- 
cgit v1.2.3