diff options
| author | mail_redacted_for_web | 2025-03-23 08:02:00 +0100 |
|---|---|---|
| committer | mail_redacted_for_web | 2025-03-23 08:02:00 +0100 |
| commit | d637f80eb84c7962dfd78cb4a9b6fbe9bc31858f (patch) | |
| tree | 6be0beedfb2fcb4900432d6def62bfcd64b0f516 | |
| parent | d191e029e5151581beeb1ddd625cfc93f62ae44d (diff) | |
| download | packages.lirion.de-d637f80eb84c7962dfd78cb4a9b6fbe9bc31858f.tar.bz2 | |
Introduce GPG ID as parameter to createrepo wrapper
| -rwxr-xr-x | createrepo/bin/createrepo-lirionde | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/createrepo/bin/createrepo-lirionde b/createrepo/bin/createrepo-lirionde index e1356db..bc3329a 100755 --- a/createrepo/bin/createrepo-lirionde +++ b/createrepo/bin/createrepo-lirionde @@ -1,17 +1,20 @@ #!/usr/bin/env bash declare -a REPOS +declare GPGID REPOSDEF=( 'all' 'el' 'suse' ) function hayulp { - printf 'USAGE: %b [ -r repo [ -r repo ... ] ]\n' "$(basename "$0")" + printf 'USAGE: %b -g GPG_ID [ -r REPO [ -r REPO ... ] ]\n' "$(basename "$0")" printf '\n' ( printf -- '-r,\n' printf -- '--repos;Repo to be published.\n' printf ';Specify multiple times for multiple repositores.\n' printf ';Default: all, el, suse\n' + printf -- '-g,\n' + printf -- '--gpg-id;GPG key ID with which to sign the repository metadata file\n' )|column -ts\; } @@ -22,6 +25,11 @@ while [[ $# -gt 0 ]]; do shift # past argument shift # past value ;; + "-g"|"--gpg") + GPGID="$2" + shift + shift + ;; "-"*) hayulp printf '\nUnknown option: %b\n' "$1" >&2 @@ -40,6 +48,21 @@ if [ "${#REPOS[@]}" -lt 1 ]; then # if we can't be sure that indexes are sequential ints: # for idx in "${!REPOSDEF[@]}"; do REPOS["$idx"]="${REPOSDEF[$idx]}"; done fi +if [ -z "$GPGID" ]; then + # We do not accept that, we mandate here that repositories have to be GPG signed. + # You actually can set up repositories without GPG signatures - we don't, it's + # insecure and bad practice. + hayulp + printf '\nNo GPG ID supplied, exiting.\n' >&2 + exit 101 +fi + +# test signature creation +printf 'Testing GPG signing: ' +MYTMP="$(mktemp -p /tmp createrepo-lirionde.XXXXXX)" || exit 110 +gpg --local-user "$GPGID" --detach-sign --armour "$MYTMP" || exit 111 +rm -f "$MYTMP" "${MYTMP}.asc" || exit 112 +printf 'done.\n' for repo in "${REPOS[@]}"; do faketime "$(date -I) 13:37:08" createrepo_c --update "/var/cache/rpm/$repo" &&\ |