c54621d819
Followup on c6b04c0465 which refactored
the signing function to run outside of fakeroot, and in the process
moved the status message to outside the $SIGNPKG check.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
77 lines
2.1 KiB
Bash
77 lines
2.1 KiB
Bash
#!/bin/bash
|
|
#
|
|
# generate_signature.sh - functions for generating PGP signatures
|
|
#
|
|
# Copyright (c) 2008-2018 Pacman Development Team <pacman-dev@archlinux.org>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
[[ -n "$LIBMAKEPKG_INTEGRITY_GENERATE_SIGNATURE_SH" ]] && return
|
|
LIBMAKEPKG_INTEGRITY_GENERATE_SIGNATURE_SH=1
|
|
|
|
LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
|
|
|
|
source "$LIBRARY/util/message.sh"
|
|
|
|
create_signature() {
|
|
local ret=0
|
|
local filename="$1"
|
|
|
|
local SIGNWITHKEY=""
|
|
if [[ -n $GPGKEY ]]; then
|
|
SIGNWITHKEY="-u ${GPGKEY}"
|
|
fi
|
|
|
|
gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?
|
|
|
|
|
|
if (( ! ret )); then
|
|
msg2 "$(gettext "Created signature file %s.")" "${filename##*/}.sig"
|
|
else
|
|
warning "$(gettext "Failed to sign package file.")"
|
|
fi
|
|
|
|
return $ret
|
|
}
|
|
|
|
create_package_signatures() {
|
|
if [[ $SIGNPKG != 'y' ]]; then
|
|
return 0
|
|
fi
|
|
local pkgarch pkg_file
|
|
local pkgname_backup=("${pkgname[@]}")
|
|
local fullver=$(get_full_version)
|
|
|
|
msg "$(gettext "Signing package(s)...")"
|
|
|
|
for pkgname in ${pkgname_backup[@]}; do
|
|
pkgarch=$(get_pkg_arch $pkgname)
|
|
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
|
|
|
|
create_signature "$pkg_file"
|
|
done
|
|
|
|
# check if debug package needs a signature
|
|
if ! check_option "debug" "y" || ! check_option "strip" "y"; then
|
|
return
|
|
fi
|
|
|
|
pkgname=$pkgbase-@DEBUGSUFFIX@
|
|
pkgarch=$(get_pkg_arch)
|
|
pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
|
|
create_signature "$pkg_file"
|
|
|
|
pkgname=("${pkgname_backup[@]}")
|
|
}
|