pkgmeek: automatically create new signature if one is not present, similar to how footprints are handled
This commit is contained in:
parent
b740564de5
commit
01bba80566
|
|
@ -43,10 +43,13 @@ Build package without checking footprint.
|
|||
Update footprint and treat last build as successful.
|
||||
.TP
|
||||
.B "\-us, \-\-update\-signature"
|
||||
Update port signature and sha256sums.
|
||||
Update port signature and sha256sums. Only needed after editing a
|
||||
previously-built port, since the first build of a new port will automatically
|
||||
create \fB.signature\fP in the port directory.
|
||||
.TP
|
||||
.B "\-cs, \-\-check\-signature"
|
||||
Check the validity of Pkgfile, footprint, and sources using the signature and sha256sums.
|
||||
Check the validity of Pkgfile, footprint, and sources using the signature and
|
||||
sha256sums.
|
||||
.TP
|
||||
.B "\-is, \-\-ignore\-signature"
|
||||
Build package without checking the signature and sha256sums.
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ local errDL=0; local errUZ=0; local BSDTAR="/usr/bin/bsdtar --format=gnutar"
|
|||
parse_options "$@"
|
||||
|
||||
# Exit early if refreshing an existing sha256 manifest was requested
|
||||
[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh && info "signature refreshed."; exit $?; }
|
||||
[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh; exit $?; }
|
||||
#
|
||||
# Read the Pkgfile to determine what to do next. But first ensure that
|
||||
# it came from a trusted source (FS#1851)
|
||||
|
|
@ -109,7 +109,7 @@ if [ "$PKGMK_UPDATE_FOOTPRINT" = "yes" ]; then
|
|||
fi
|
||||
# Updating signatures (option -us) requires only sources and footprint, not a built package.
|
||||
# As with -uf, exit after fulfilling the explicit request for a manifest.
|
||||
[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new && info "signature created."; cleanup_work; exit $?; }
|
||||
[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new; cleanup_work; exit $?; }
|
||||
|
||||
# All the sources should be here by now, let's verify that we can trust them.
|
||||
readonly cs_fail_msg="Use '--ignore-signature' to override, if you have determined integrity by other means."
|
||||
|
|
@ -184,6 +184,9 @@ if [ "$pkg_utd" = 0 ] || [[ "$PKGMK_FORCE $PKGMK_EXTRACT_ONLY" =~ yes ]]; then
|
|||
|
||||
fi # Continue from here if extract and build were skipped
|
||||
|
||||
[ "$PKGMK_IGNORE_SIG" = "yes" ] || [ -e "$PKGMK_ROOT/.signature" ] \
|
||||
|| make_signature new
|
||||
|
||||
# Clean up the work directory.
|
||||
find . -maxdepth 1 -mindepth 1 -type l -delete; cleanup_work
|
||||
|
||||
|
|
@ -483,7 +486,8 @@ get_repo_key() {
|
|||
|
||||
make_signature() {
|
||||
local ordered si pub
|
||||
[ -w "$PKGMK_ROOT/.signature" ] || { error ".signature not writable."; return $E_DIRPERM; }
|
||||
[ ! -e "$PKGMK_ROOT/.signature" ] || [ -w "$PKGMK_ROOT/.signature" ] \
|
||||
|| { error ".signature not writable."; return $E_DIRPERM; }
|
||||
|
||||
[ -n "$PKGMK_PRIVATEKEY" ] || PKGMK_PRIVATEKEY="$(get_repo_key secret)"
|
||||
if [ -n "$PKGMK_PRIVATEKEY" ]; then
|
||||
|
|
@ -522,6 +526,7 @@ make_signature() {
|
|||
fi
|
||||
;;
|
||||
esac
|
||||
[ "$1" = "new" ] && echo "signature created." || echo "signature updated."
|
||||
}
|
||||
|
||||
interrupted() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue