smeserver-koji/utils/sign_build_list.sh

#!/bin/bash
# sign all rpms in the specified pkg list
if  [[ -z $1 ]] ; then
    echo "Must provide a pkg list"
    echo "sign_build_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
    exit 1
else
    PKGLIST=$1
fi

ARCH=x86_64
GPG_KEY="kojiadmin@koozali.org"
GPG_ID='44922a28'
DEBUG=false
DRY_RUN=false
DEBUGINFO=

for param in $2 $3 $4 $5 $6 $7 ; do
    if [ $param ] ; then
	case $param in
	    -h | --help )
		echo "sign_rpm_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
		exit 
	        ;;
	    debug )
		DEBUG=true ;;
	    dryrun )
		DRY_RUN=true ;;
            debuginfo )
                DEBUGINFO="--debuginfo" ;;
	    arches=* )
		ARCH=${param#*=} ;;
	    gpg_key=* )
		GPG_KEY=${param#*=} ;;
	    * )
		echo "Unkown parameter $param - aborting"
		exit 1
		;;
	esac
    else
	break
    fi
done
if [[ $DEBUG ]] ; then 
	echo "PKGLIST=$PKGLIST"
	echo "ARCH=$ARCH" 
	echo "GPG_KEY=$GPG_KEY" 
fi

# use a temporary directory to export the rpms for signing
#if [[ $DRY_RUN ]] ; then
#	echo "mktemp -d /tmp/sign.XXXXXX"
#else
	tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
	pushd $tmpdir > /dev/null
#fi

if [[ -e "$PKGLIST" ]] ; then
	# extract list of rpms to download
	while read -r pkgline; do
		if [[ $DEBUG ]] ; then 
			echo "$pkgline" 
			echo "koji download-build ${pkgline##*/}"
		fi
		BUILD=${pkgline##*/}
		if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi
                DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID
                if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
                if [[ -d $DIR ]] ; then
		    echo "$BUILD already signed with this key - ignoring"
		else
#		    if [[ $DRY_RUN ]] ; then
#			echo "koji download-build $DEBUGINFO ${pkgline##*/}"
#		    else
			koji download-build $DEBUGINFO $BUILD
#		    fi
		fi
	done <$PKGLIST
else
	echo "Cannot find pkglist $PKGLIST - aborting"
	exit 1
fi
#if [[ $DRY_RUN ]] ; then
#	echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm"
#	echo "koji import-sig *.rpm"
#else
	rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm
	koji import-sig *.rpm
	popd > /dev/null
#fi

exit 0
add utils (e.g. sign_build.sh) 2024-11-15 01:58:24 +01:00			`#!/bin/bash`
			`# sign all rpms in the specified pkg list`
			`if [[ -z $1 ]] ; then`
			`echo "Must provide a pkg list"`
			`echo "sign_build_list.sh <pkg list> [<arches=x86_64> \| <gpg_key=kojiadmin@koozali.org> \| <debuginfo> \| <debug> \| <dryrun> ]"`
			`exit 1`
			`else`
			`PKGLIST=$1`
			`fi`

			`ARCH=x86_64`
			`GPG_KEY="kojiadmin@koozali.org"`
			`GPG_ID='44922a28'`
			`DEBUG=false`
			`DRY_RUN=false`
			`DEBUGINFO=`

			`for param in $2 $3 $4 $5 $6 $7 ; do`
			`if [ $param ] ; then`
			`case $param in`
			`-h \| --help )`
			`echo "sign_rpm_list.sh <pkg list> [<arches=x86_64> \| <gpg_key=kojiadmin@koozali.org> \| <debuginfo> \| <debug> \| <dryrun> ]"`
			`exit`
			`;;`
			`debug )`
			`DEBUG=true ;;`
			`dryrun )`
			`DRY_RUN=true ;;`
			`debuginfo )`
			`DEBUGINFO="--debuginfo" ;;`
			`arches=* )`
			`ARCH=${param#*=} ;;`
			`gpg_key=* )`
			`GPG_KEY=${param#*=} ;;`
			`* )`
			`echo "Unkown parameter $param - aborting"`
			`exit 1`
			`;;`
			`esac`
			`else`
			`break`
			`fi`
			`done`
			`if [[ $DEBUG ]] ; then`
			`echo "PKGLIST=$PKGLIST"`
			`echo "ARCH=$ARCH"`
			`echo "GPG_KEY=$GPG_KEY"`
			`fi`

			`# use a temporary directory to export the rpms for signing`
			`#if [[ $DRY_RUN ]] ; then`
			`# echo "mktemp -d /tmp/sign.XXXXXX"`
			`#else`
			`tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"`
			`pushd $tmpdir > /dev/null`
			`#fi`

			`if [[ -e "$PKGLIST" ]] ; then`
			`# extract list of rpms to download`
			`while read -r pkgline; do`
			`if [[ $DEBUG ]] ; then`
			`echo "$pkgline"`
			`echo "koji download-build ${pkgline##*/}"`
			`fi`
			`BUILD=${pkgline##*/}`
			`if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi`
			`DIR=/mnt/koji/packages/${BUILD%--}/$(echo $BUILD \| awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID`
			`if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi`
			`if [[ -d $DIR ]] ; then`
			`echo "$BUILD already signed with this key - ignoring"`
			`else`
			`# if [[ $DRY_RUN ]] ; then`
			`# echo "koji download-build $DEBUGINFO ${pkgline##*/}"`
			`# else`
			`koji download-build $DEBUGINFO $BUILD`
			`# fi`
			`fi`
			`done <$PKGLIST`
			`else`
			`echo "Cannot find pkglist $PKGLIST - aborting"`
			`exit 1`
			`fi`
			`#if [[ $DRY_RUN ]] ; then`
			`# echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm"`
			`# echo "koji import-sig *.rpm"`
			`#else`
			`rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm`
			`koji import-sig *.rpm`
			`popd > /dev/null`
			`#fi`

			`exit 0`