#!/bin/bash # sign all rpms in the specified pkg list if [[ -z $1 ]] ; then echo "Must provide a pkg list" echo "sign_build_list.sh [ | | | | ]" exit 1 else PKGLIST=$1 fi ARCH=x86_64 GPG_KEY="kojiadmin@koozali.org" GPG_ID='44922a28' DEBUG=false DRY_RUN=false DEBUGINFO= for param in $2 $3 $4 $5 $6 $7 ; do if [ $param ] ; then case $param in -h | --help ) echo "sign_rpm_list.sh [ | | | | ]" exit ;; debug ) DEBUG=true ;; dryrun ) DRY_RUN=true ;; debuginfo ) DEBUGINFO="--debuginfo" ;; arches=* ) ARCH=${param#*=} ;; gpg_key=* ) GPG_KEY=${param#*=} ;; * ) echo "Unkown parameter $param - aborting" exit 1 ;; esac else break fi done if [[ $DEBUG ]] ; then echo "PKGLIST=$PKGLIST" echo "ARCH=$ARCH" echo "GPG_KEY=$GPG_KEY" fi # use a temporary directory to export the rpms for signing #if [[ $DRY_RUN ]] ; then # echo "mktemp -d /tmp/sign.XXXXXX" #else tmpdir="$(mktemp -d /tmp/sign.XXXXXX)" pushd $tmpdir > /dev/null #fi if [[ -e "$PKGLIST" ]] ; then # extract list of rpms to download while read -r pkgline; do if [[ $DEBUG ]] ; then echo "$pkgline" echo "koji download-build ${pkgline##*/}" fi BUILD=${pkgline##*/} if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi if [[ -d $DIR ]] ; then echo "$BUILD already signed with this key - ignoring" else # if [[ $DRY_RUN ]] ; then # echo "koji download-build $DEBUGINFO ${pkgline##*/}" # else koji download-build $DEBUGINFO $BUILD # fi fi done <$PKGLIST else echo "Cannot find pkglist $PKGLIST - aborting" exit 1 fi #if [[ $DRY_RUN ]] ; then # echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm" # echo "koji import-sig *.rpm" #else rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm koji import-sig *.rpm popd > /dev/null #fi exit 0