...
 
Commits (6)
......@@ -143,32 +143,31 @@ upload_files() {
"${files[@]}" $_ssh_user@$_rsync_server:/srv/www/rsync.chakralinux.org/packages/$repo/$(get_arch)/
}
# downloads and signs the databases to the temporary folder
# upload the new files to the server and cleanup the temp folder
# remotely sign the database
# TODO: check the agent socket is passed and working
sign_online_database() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the database"
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.xz -O "$dir/$1.db.tar.xz"
wget -q $_rsync_server/packages/$1/$(get_arch)/$1.db.tar.gz -O "$dir/$1.db.tar.gz"
gpg --batch --detach-sign "$dir/$1.db.tar.xz"
gpg --batch --detach-sign "$dir/$1.db.tar.gz"
# remove current signature file and remotely execute gpg --detach-sign command to sign the databases
# enable verbose to indicate the procedure
local _remote_socket=$(ssh $_ssh_user@$_rsync_server -p $_ssh_port gpgconf --list-dir agent-socket)
local _local_socket=$(gpgconf --list-dir agent-socket)
status_start "Remotely signing database: $1\n"
for ext in gz xz; do
ssh -R $_remote_socket:$_local_socket $_ssh_user@$_rsync_server -p $_ssh_port \
gpg --batch --yes --detach-sign packages/$1/$(get_arch)/$1.db.tar.$ext
done
newline
status_done
upload_files $1 "$dir/"*.db.tar.*
rm -r "$dir"
}
sign_online_pkg() {
# downloads (and eventually signs) the databases to the temporary folder
status_start "downloading and signing the pkg " $2
dir=$(mktemp -d)
wget -q $_rsync_server/packages/$1/$(get_arch)/$2 -O "$dir/$2"
gpg --batch --detach-sign "$dir/$2"
# remotely execute gpg --detach-sign command to sign the package
local _remote_socket=$(ssh $_ssh_user@$_rsync_server -p $_ssh_port gpgconf --list-dir agent-socket)
local _local_socket=$(gpgconf --list-dir agent-socket)
status_start "Remotely signing pkg: $1/$2 \n"
ssh -R $_remote_socket:$_local_socket $_ssh_user@$_rsync_server -p $_ssh_port \
gpg -v --batch --yes --detach-sign "packages/$1/$(get_arch)/$2"
newline
status_done
upload_files $1 "$dir/"*.sig*
rm -r "$dir"
}
# copies the files from the temporary folder to a given folder and performs a repo-clean there
......
......@@ -72,7 +72,7 @@ actual_chroot() {
local gnupg_chroot=chakra/.config/gnupg
if [[ -d $gnupg ]]; then
if [[ ! -d "$gnupg_chroot" ]]; then
warning "/chakra/config/.gnupg does not exist"
warning "/chakra/.config/gnupg does not exist"
msg "To be able to sign packages you will need to import your public key!"
msg "$ gpg --import /usr/share/chakra/signatures/<user>.asc"
mkdir -pm700 $gnupg_chroot
......
......@@ -131,7 +131,7 @@ create_chroot() {
title "User setup"
status_start "Adding user: ${USER}..."
sudo systemd-nspawn -qjD $chroot_dir \
useradd -g users -u "$(id -u)" --home-dir "/$chakrafolder" --create-home "$USER"
/usr/sbin/useradd -g users -u "$(id -u)" --home-dir "/$chakrafolder" --create-home "$USER"
status_done
status_start "Setting up /etc/sudoers..."
......