Commit 9179e543 authored by Chaoting Liu's avatar Chaoting Liu 😖 Committed by Ram-Z

Sign the database remotely using forwarded socket

Authored by BrLi <rainman5911@gmail.com>
Squashed by Ram-Z <ram-z@chakralinux.org>
parent 17f9592a
......@@ -143,32 +143,29 @@ upload_files() {
"${files[@]}" $_ssh_user@$_rsync_server:/srv/www/rsync.chakralinux.org/packages/$repo/$(get_arch)/
}
# downloads and signs the databases to the temporary folder
# upload the new files to the server and cleanup the temp folder
# remotely sign the database
# TODO: check the agent socket is passed and working
sign_online_database() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the database"
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.xz -O "$dir/$1.db.tar.xz"
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.gz -O "$dir/$1.db.tar.gz"
gpg --batch --detach-sign "$dir/$1.db.tar.xz"
gpg --batch --detach-sign "$dir/$1.db.tar.gz"
# remove current signature file and remotely execute gpg --detach-sign command to sign the databases
# enable verbose to indicate the procedure
local _remote_socket=$(ssh ${ssh_user}@${rsync_server} -p ${ssh_port} gpgconf --list-dir agent-socket)
status_start 'remotely signing the database \n'
for ext in gz xz; do
ssh -R${_remote_socket}:$(gpgconf --list-dir agent-socket) $_ssh_user@$_rsync_server -p $_ssh_port \
gpg --batch --detach-sign packages/$1/$(get_arch)/$1.db.tar.$ext
done
newline
status_done
upload_files $1 "$dir/"*.db.tar.*
rm -r "$dir"
}
sign_online_pkg() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the pkg " $2
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$2 -O "$dir/$2"
gpg --batch --detach-sign "$dir/$2"
# remotely execute gpg --detach-sign command to sign the package
local _remote_socket=$(ssh ${ssh_user}@${rsync_server} -p ${ssh_port} gpgconf --list-dir agent-socket)
status_start "remotely signing the pkg $2 \n"
ssh $_ssh_user@$_rsync_server -R${_remote_socket}:$(gpgconf --list-dir agent-socket) -p $_ssh_port \
gpg -v --batch --detach-sign "packages/$1/$(get_arch)/$2"
newline
status_done
upload_files $1 "$dir/"*.sig*
rm -r "$dir"
}
# copies the files from the temporary folder to a given folder and performs a repo-clean there
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment