diff options
| author | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2011-12-14 14:47:40 -0300 |
|---|---|---|
| committer | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2011-12-14 14:47:40 -0300 |
| commit | 43fea251e8c25e408bb0e59a2a8f0ef2c0c72a9a (patch) | |
| tree | b1c9fe70fc82ad9b4e7819fc2a1917970b3648f0 /librerelease | |
| parent | 55abb1e683ace68905f987bdcd452df6e709a9e8 (diff) | |
| parent | 54ba056b200a5ef141f8d589a2f45478c6bd8a6b (diff) | |
Merge branch 'master' into fauno
Diffstat (limited to 'librerelease')
| -rwxr-xr-x | librerelease | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/librerelease b/librerelease index 56cf856..64f8887 100755 --- a/librerelease +++ b/librerelease @@ -46,6 +46,30 @@ function list_packages { unset repos } +function sign_packages { + if [ -z "${GPG_AGENT_INFO}" ]; then + warning "It's better to use gpg-agent to sign packages in batches" + fi + + packages=($(find "${WORKDIR}/staging/" -type f -iname '*.pkg.tar.?z')) + for package in ${packages[@]}; do + if [ -f "${package}${SIGEXT}" ]; then + + warning "Package signature found, verifying..." + +# Verify that the signature is correct, else remove for re-signing + if ! gpg --quiet --verify "${package}${SIGEXT}" >/dev/null 2>&1; then + error "Failed! Resigning..." + rm -f "${package}${SIGEXT}" + else + continue + fi + fi + + gpg --default-key "${SIGID}" --output "${package}${SIGEXT}" --detach-sig "${package}" + done +} + # Remove everything that's not a package or a signature function clean_non_packages { find $WORKDIR/staging/ -type f \ @@ -73,6 +97,13 @@ done [[ ! -z ${HOOKPRERELEASE} ]] && bash -c "${HOOKPRERELEASE}" clean_non_packages +if [ ! -z "${SIGID}" ]; then + sign_packages +else + error "Package signing is *required*" + exit 1 +fi + msg "Uploading packages..." rsync --recursive \ ${dryrun} \ |