Meliurwen 4 years ago
parent 0e37ecc803
commit 04e3c66415
Signed by: meliurwen
GPG Key ID: 818A8B35E9F1CE10
  1. 2
      repo-main.sh
  2. 24
      repo-sign.sh

@ -67,7 +67,7 @@ mkdir -p keys
chmod 600 keys chmod 600 keys
export GNUPGHOME="${PWD}/keys" export GNUPGHOME="${PWD}/keys"
./repo-sign.sh "${TEMP_DIR}" ./repo-sign.sh "${TEMP_DIR}" "${REPO_PATH}"/key.pub.asc
echo "Committing changes..." echo "Committing changes..."
mv "${TEMP_DIR}"/* "${REPO_PATH}"/ mv "${TEMP_DIR}"/* "${REPO_PATH}"/

@ -8,7 +8,7 @@ if [ $# -eq 0 ]; then
fi fi
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "usage: ./repo-sign.sh [-h] [REPO_PATH GPG_SUBKEY_ID] echo "usage: ./repo-sign.sh [-h] [REPO_PATH PUB_KEY_FULLPATH GPG_SUBKEY_ID]
Deploys packages for you. Deploys packages for you.
@ -22,8 +22,14 @@ Dependencies: -
exit 0 exit 0
fi fi
if [ $# -lt 2 ]; then
echo "Mandatory arguments: 'REPO_PATH', 'PUB_KEY_FULLPATH'. Aborting..."
exit 1
fi
REPO_PATH="${1}" REPO_PATH="${1}"
[ -n "${2+x}" ] && GPG_SUBKEY_ID="${2}" PUB_KEY_FULLPATH="${1}"
[ -n "${3+x}" ] && GPG_SUBKEY_ID="${3}"
if [ ! -f "${GNUPGHOME}/pubring.kbx" ]; then if [ ! -f "${GNUPGHOME}/pubring.kbx" ]; then
echo "The file 'pubring.kbx' file has not been found. Generating automatically a new one with a new set of keys..." echo "The file 'pubring.kbx' file has not been found. Generating automatically a new one with a new set of keys..."
@ -57,9 +63,19 @@ if [ -z "${GPG_SUBKEY_ID+x}" ]; then
GPG_SUBKEY_ID="$(gpg --list-secret-key --with-subkey-fingerprint --with-colons | awk -F: '$1 == "fpr" {print $10;}' | sed -n '2 p')" GPG_SUBKEY_ID="$(gpg --list-secret-key --with-subkey-fingerprint --with-colons | awk -F: '$1 == "fpr" {print $10;}' | sed -n '2 p')"
fi fi
if [ ! -f "${REPO_PATH}"/key.pub.asc ];then # - Generate the armored pub key (NEW_KEY) that has to be published;
# - If the key does not exists in PUB_KEY_FULLPATH, place NEW_KEY;
# - If PUB_KEY_FULLPATH exixts but is not identical to NEW_KEY, then backup
# the old key (PUB_KEY_FULLPATH) and replace it with the new one (NEW_KEY).
# - Else do nothing.
NEW_KEY="$(mktemp)"
gpg --armor --export "${GPG_SUBKEY_ID}" > "${NEW_KEY}"
if [ ! -f "${PUB_KEY_FULLPATH}" ];then
echo "Public key not published. Generating and publishing it..." echo "Public key not published. Generating and publishing it..."
gpg --armor --export "${GPG_SUBKEY_ID}" > "${REPO_PATH}"/key.pub.asc mv "${NEW_KEY}" "${PUB_KEY_FULLPATH}"
elif [ -f "${PUB_KEY_FULLPATH}" ] && ! cmp --silent "${PUB_KEY_FULLPATH}" "${NEW_KEY}"; then
mv "${PUB_KEY_FULLPATH}" "${PUB_KEY_FULLPATH}".bak
mv "${NEW_KEY}" "${PUB_KEY_FULLPATH}"
fi fi
echo "Signing the repo..." echo "Signing the repo..."

Loading…
Cancel
Save