makepkg: create signature files outside of fakeroot
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Allan McRae
parent
c0a5884b18
commit
c6b04c0465
2 changed files with 36 additions and 7 deletions
|
|
@ -27,11 +27,10 @@ source "$LIBRARY/util/message.sh"
|
||||||
|
|
||||||
create_signature() {
|
create_signature() {
|
||||||
if [[ $SIGNPKG != 'y' ]]; then
|
if [[ $SIGNPKG != 'y' ]]; then
|
||||||
return
|
return 0
|
||||||
fi
|
fi
|
||||||
local ret=0
|
local ret=0
|
||||||
local filename="$1"
|
local filename="$1"
|
||||||
msg "$(gettext "Signing package...")"
|
|
||||||
|
|
||||||
local SIGNWITHKEY=""
|
local SIGNWITHKEY=""
|
||||||
if [[ -n $GPGKEY ]]; then
|
if [[ -n $GPGKEY ]]; then
|
||||||
|
|
@ -42,8 +41,37 @@ create_signature() {
|
||||||
|
|
||||||
|
|
||||||
if (( ! ret )); then
|
if (( ! ret )); then
|
||||||
msg2 "$(gettext "Created signature file %s.")" "$filename.sig"
|
msg2 "$(gettext "Created signature file %s.")" "${filename##*/}.sig"
|
||||||
else
|
else
|
||||||
warning "$(gettext "Failed to sign package file.")"
|
warning "$(gettext "Failed to sign package file.")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
return $ret
|
||||||
|
}
|
||||||
|
|
||||||
|
create_package_signatures() {
|
||||||
|
local pkgarch pkg_file
|
||||||
|
local pkgname_backup=("${pkgname[@]}")
|
||||||
|
local fullver=$(get_full_version)
|
||||||
|
|
||||||
|
msg "$(gettext "Signing package(s)...")"
|
||||||
|
|
||||||
|
for pkgname in ${pkgname_backup[@]}; do
|
||||||
|
pkgarch=$(get_pkg_arch $pkgname)
|
||||||
|
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
|
||||||
|
|
||||||
|
create_signature "$pkg_file"
|
||||||
|
done
|
||||||
|
|
||||||
|
# check if debug package needs a signature
|
||||||
|
if ! check_option "debug" "y" || ! check_option "strip" "y"; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
pkgname=$pkgbase-@DEBUGSUFFIX@
|
||||||
|
pkgarch=$(get_pkg_arch)
|
||||||
|
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
|
||||||
|
create_signature "$pkg_file"
|
||||||
|
|
||||||
|
pkgname=("${pkgname_backup[@]}")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -769,8 +769,6 @@ create_package() {
|
||||||
error "$(gettext "Failed to create package file.")"
|
error "$(gettext "Failed to create package file.")"
|
||||||
exit 1 # TODO: error code
|
exit 1 # TODO: error code
|
||||||
fi
|
fi
|
||||||
|
|
||||||
create_signature "$pkg_file"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
create_debug_package() {
|
create_debug_package() {
|
||||||
|
|
@ -868,8 +866,6 @@ create_srcpackage() {
|
||||||
exit 1 # TODO: error code
|
exit 1 # TODO: error code
|
||||||
fi
|
fi
|
||||||
|
|
||||||
create_signature "$pkg_file"
|
|
||||||
|
|
||||||
cd_safe "${startdir}"
|
cd_safe "${startdir}"
|
||||||
rm -rf "${srclinks}"
|
rm -rf "${srclinks}"
|
||||||
}
|
}
|
||||||
|
|
@ -1625,6 +1621,9 @@ if (( SOURCEONLY )); then
|
||||||
|
|
||||||
enter_fakeroot
|
enter_fakeroot
|
||||||
|
|
||||||
|
msg "$(gettext "Signing package...")"
|
||||||
|
create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
|
||||||
|
|
||||||
msg "$(gettext "Source package created: %s")" "$pkgbase ($(date))"
|
msg "$(gettext "Source package created: %s")" "$pkgbase ($(date))"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
@ -1716,6 +1715,8 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
enter_fakeroot
|
enter_fakeroot
|
||||||
|
|
||||||
|
create_package_signatures
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if inhibiting archive creation, go no further
|
# if inhibiting archive creation, go no further
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue