Commit 265d98d5 authored by Ram-Z's avatar Ram-Z

Merge branch 'remote-sign'

parents 17f9592a c134f961
......@@ -143,32 +143,31 @@ upload_files() {
"${files[@]}" $_ssh_user@$_rsync_server:/srv/www/rsync.chakralinux.org/packages/$repo/$(get_arch)/
}
# downloads and signs the databases to the temporary folder
# upload the new files to the server and cleanup the temp folder
# remotely sign the database
# TODO: check the agent socket is passed and working
sign_online_database() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the database"
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.xz -O "$dir/$1.db.tar.xz"
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.gz -O "$dir/$1.db.tar.gz"
gpg --batch --detach-sign "$dir/$1.db.tar.xz"
gpg --batch --detach-sign "$dir/$1.db.tar.gz"
# remove current signature file and remotely execute gpg --detach-sign command to sign the databases
# enable verbose to indicate the procedure
local _remote_socket=$(ssh $_ssh_user@$_rsync_server -p $_ssh_port gpgconf --list-dir agent-socket)
local _local_socket=$(gpgconf --list-dir agent-socket)
status_start "Remotely signing database: $1\n"
for ext in gz xz; do
ssh -R $_remote_socket:$_local_socket $_ssh_user@$_rsync_server -p $_ssh_port \
gpg --batch --yes --detach-sign packages/$1/$(get_arch)/$1.db.tar.$ext
done
newline
status_done
upload_files $1 "$dir/"*.db.tar.*
rm -r "$dir"
}
sign_online_pkg() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the pkg " $2
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$2 -O "$dir/$2"
gpg --batch --detach-sign "$dir/$2"
# remotely execute gpg --detach-sign command to sign the package
local _remote_socket=$(ssh $_ssh_user@$_rsync_server -p $_ssh_port gpgconf --list-dir agent-socket)
local _local_socket=$(gpgconf --list-dir agent-socket)
status_start "Remotely signing pkg: $1/$2 \n"
ssh -R $_remote_socket:$_local_socket $_ssh_user@$_rsync_server -p $_ssh_port \
gpg -v --batch --yes --detach-sign "packages/$1/$(get_arch)/$2"
newline
status_done
upload_files $1 "$dir/"*.sig*
rm -r "$dir"
}
# copies the files from the temporary folder to a given folder and performs a repo-clean there
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment