diff options
author | Michał Górny <mgorny@gentoo.org> | 2017-11-25 09:21:33 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2017-11-25 09:21:33 +0100 |
commit | 755c290273b20ef8a804031f04d45a7346da72f0 (patch) | |
tree | 2be26b1ec2a4ec086f052deb80e2e3371f8e4bdf /rsync-gen.sh | |
parent | rsync-gen.sh: only sign toplevel Manifest for now, gemato bug. (diff) | |
download | mastermirror-scripts-755c290273b20ef8a804031f04d45a7346da72f0.tar.gz mastermirror-scripts-755c290273b20ef8a804031f04d45a7346da72f0.tar.bz2 mastermirror-scripts-755c290273b20ef8a804031f04d45a7346da72f0.zip |
rsync-gen: Sign Manifests via generation script
Diffstat (limited to 'rsync-gen.sh')
-rwxr-xr-x | rsync-gen.sh | 36 |
1 files changed, 3 insertions, 33 deletions
diff --git a/rsync-gen.sh b/rsync-gen.sh index 71b54b0..68a418a 100755 --- a/rsync-gen.sh +++ b/rsync-gen.sh @@ -223,41 +223,11 @@ timelog___end "HERDS-AND-PROJ" | timelogger # 6a) thicken and generate MetaManifests timelog_start "THICKEN-META" | timelogger /usr/local/bin/gemato/utils/gen_fast_metamanifest.py \ - "${STAGEDIR_repo_gentoo}" + "${STAGEDIR_repo_gentoo}" "${SIGNKEYID}" timelog___end "THICKEN-META" | timelogger # end 6a) -# 6b) Sign top-level MetaManifest -timelog_start "SIGN-METAMANIFEST" | timelogger -#for m in Manifest metadata/glsa/Manifest Manifest/news/Manifest ; do -for m in Manifest ; do - tmp="$(mktemp)" - rm -f "${tmp}" # gpg needs the file to NOT exist, there is no overwrite option. - src="${STAGEDIR_repo_gentoo}"/$m - [ -s "${src}" ] || continue - cmd=( \ - gpg --batch -u "${SIGNKEYID}" \ - --armor --clearsign \ - --output "${tmp}" \ - "$src" \ - ) - "${cmd[@]}" - rc=$? - if [[ $rc -ne 0 ]]; then - echo "$0: Failed to GPG-clearsign $src, tempfile at $tmp (cmd ${cmd[@]})" - exit 5 - fi - mv -f "${tmp}" "$src" - rc=$? - if [[ $rc -ne 0 ]]; then - echo "$0: Move to signed $src, tempfile at $tmp" - exit 5 - fi -done -timelog___end "SIGN-METAMANIFEST" | timelogger -# end 6b) - -# start 6c) Validate manifests +# start 6b) Validate manifests timelog_start "MANIFEST-VALIDATE" | timelogger if ! /usr/local/bin/gemato/bin/gemato verify "${STAGEDIR_repo_gentoo}" >${REGEN_LOG_DIR}/${REGEN_LOG_FILE}.validate 2>&1; then echo "$0: A Manifest has a failure!" @@ -266,7 +236,7 @@ if ! /usr/local/bin/gemato/bin/gemato verify "${STAGEDIR_repo_gentoo}" >${REGEN_ exit 5 fi timelog___end "MANIFEST-VALIDATE" | timelogger -# end 6c) +# end 6b) # 7) rsync from STAGEDIR_repo_gentoo to FINALDIR_repo_gentoo # note, call exit above if it is not desired to update the FINALDIR_repo_gentoo. This is |