jmq/Documentation
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkgmeek: automatically create new signature if one is not present, similar to how footprints are handled

Browse Source
This commit is contained in:
John McQuah
2023-06-12 13:14:03 -04:00
parent b740564de5
commit 01bba80566
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/pkgmeek
View File

@@ -13,7 +13,7 @@ local errDL=0; local errUZ=0; local BSDTAR="/usr/bin/bsdtar --format=gnutar"
parse_options "$@"
# Exit early if refreshing an existing sha256 manifest was requested
[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh && info "signature refreshed."; exit $?; }
[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh; exit $?; }
#
# Read the Pkgfile to determine what to do next. But first ensure that
# it came from a trusted source (FS#1851)
@@ -109,7 +109,7 @@ if [ "$PKGMK_UPDATE_FOOTPRINT" = "yes" ]; then
fi
# Updating signatures (option -us) requires only sources and footprint, not a built package.
# As with -uf, exit after fulfilling the explicit request for a manifest.
[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new && info "signature created."; cleanup_work; exit $?; }
[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new; cleanup_work; exit $?; }
# All the sources should be here by now, let's verify that we can trust them.
readonly cs_fail_msg="Use '--ignore-signature' to override, if you have determined integrity by other means."
@@ -184,6 +184,9 @@ if [ "$pkg_utd" = 0 ] || [[ "$PKGMK_FORCE $PKGMK_EXTRACT_ONLY" =~ yes ]]; then
fi # Continue from here if extract and build were skipped
[ "$PKGMK_IGNORE_SIG" = "yes" ] || [ -e "$PKGMK_ROOT/.signature" ] \
|| make_signature new
# Clean up the work directory.
find . -maxdepth 1 -mindepth 1 -type l -delete; cleanup_work
@@ -483,7 +486,8 @@ get_repo_key() {
make_signature() {
local ordered si pub
[ -w "$PKGMK_ROOT/.signature" ] || { error ".signature not writable."; return $E_DIRPERM; }
[ ! -e "$PKGMK_ROOT/.signature" ] || [ -w "$PKGMK_ROOT/.signature" ] \
|| { error ".signature not writable."; return $E_DIRPERM; }
[ -n "$PKGMK_PRIVATEKEY" ] || PKGMK_PRIVATEKEY="$(get_repo_key secret)"
if [ -n "$PKGMK_PRIVATEKEY" ]; then
@@ -522,6 +526,7 @@ make_signature() {
fi
;;
esac
[ "$1" = "new" ] && echo "signature created." || echo "signature updated."
}
interrupted() {