mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-21 09:07:29 +01:00
118 lines
2.9 KiB
Bash
Executable File
118 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
|
# sign all rpms in the specified pkg list
|
|
if [[ -z $1 ]] ; then
|
|
echo "Must provide a pkg list"
|
|
echo "sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
|
|
exit 1
|
|
else
|
|
PKGLIST=$1
|
|
fi
|
|
|
|
ARCHES=
|
|
GPG_NAME="kojiadmin@koozali.org"
|
|
GPG_KEY=
|
|
DEBUG=
|
|
DRY_RUN=
|
|
ARCHES=
|
|
DEBUGINFO="--debuginfo"
|
|
|
|
for param in $2 $3 $4 $5 $6 $7 ; do
|
|
if [ $param ] ; then
|
|
case $param in
|
|
-h | --help )
|
|
echo "sign_build_list.sh <pkg list> [<arch=x86_64> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
|
|
exit
|
|
;;
|
|
debug )
|
|
DEBUG=true ;;
|
|
dryrun )
|
|
DRY_RUN=true ;;
|
|
nodebuginfo )
|
|
DEBUGINFO= ;;
|
|
arch=* )
|
|
arches=${param#*=}
|
|
for arch in ${arches//,/ } ; do
|
|
ARCHES=ARCHES"--arch=$arch "
|
|
done
|
|
;;
|
|
gpg_name=* )
|
|
GPG_NAME=${param#*=} ;;
|
|
gpg_key=* )
|
|
GPG_KEY=${param#*=} ;;
|
|
* )
|
|
echo "Unkown parameter $param - aborting"
|
|
exit 1
|
|
;;
|
|
esac
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
if [[ $DEBUG ]] ; then
|
|
echo "PKGLIST=$PKGLIST"
|
|
echo "ARCHES=$ARCHES"
|
|
echo "DEBUGINFO=$DEBUGINFO"
|
|
echo "GPG_NAME=$GPG_NAME"
|
|
echo "GPG_KEY=$GPG_KEY"
|
|
echo "DRY_RUN=$DRY_RUN"
|
|
fi
|
|
|
|
# use a temporary directory to export the rpms for signing
|
|
if [[ $DRY_RUN ]] ; then
|
|
echo "mktemp -d /tmp/sign.XXXXXX"
|
|
else
|
|
tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
|
|
pushd $tmpdir > /dev/null
|
|
fi
|
|
|
|
if [[ -e "$PKGLIST" ]] ; then
|
|
# extract list of rpms to download
|
|
while read -r pkgline; do
|
|
BUILD=${pkgline##*/}
|
|
if [[ $DEBUG ]] ; then
|
|
echo "$pkgline"
|
|
echo "koji download-build $BUILD"
|
|
fi
|
|
# If an rpm name passed assume signing of an individual rpm, else signing all
|
|
RPM=
|
|
if (${BUILD##*.} == "rpm") ; then
|
|
RPM="--rpm"
|
|
fi
|
|
if [[ $GPG_KEY ]] ; then # check if already signed with this key
|
|
DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_KEY
|
|
if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
|
|
EXISTS=
|
|
if ($RPM == "--rpm") ; then
|
|
if [[ $DEBUG ]] ; then echo "Check for existing $DIR/$BUILD"
|
|
if [[ -f $DIR/$BUILD ]] ; then EXISTS=True ; fi
|
|
else
|
|
if [[ $DEBUG ]] ; then echo "Check for existing $DIR"
|
|
if [[ -d $DIR ]] ; then EXISTS=True ; fi
|
|
fi
|
|
if [[ $EXISTS ]] ; then
|
|
echo "$BUILD already signed with this key - ignoring"
|
|
continue
|
|
fi
|
|
fi
|
|
if [[ $DRY_RUN ]] ; then
|
|
echo "koji download-build $DEBUGINFO $ARCHES $RPM $BUILD"
|
|
else
|
|
koji download-build $DEBUGINFO $ARCHES $RPM $BUILD
|
|
fi
|
|
fi
|
|
done <$PKGLIST
|
|
else
|
|
echo "Cannot find pkglist $PKGLIST - aborting"
|
|
exit 1
|
|
fi
|
|
if [[ $DRY_RUN ]] ; then
|
|
echo "rpmsign --define \"_gpg_name $GPG_NAME\" --addsign *.rpm"
|
|
echo "koji import-sig *.rpm"
|
|
else
|
|
rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
|
|
koji import-sig *.rpm
|
|
popd > /dev/null
|
|
fi
|
|
|
|
exit 0
|