Skip to content

Commit

Permalink
Restore sign_rpms script, it's used in sign_stage_rpms
Browse files Browse the repository at this point in the history 
This partially reverts "drop signing scripts that were used with koji"

Fixes: 39674f4
  • Loading branch information
@evgeni
evgeni committed Sep 20, 2024
1 parent 32cdc99 commit 3856df4
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions sign_rpms
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash -e

. settings

gpg_pass=$(mktemp)
trap 'shred --remove "${gpg_pass}"' EXIT
chmod 0700 "$gpg_pass"
show_gpg_password > "$gpg_pass"

SIGN_FLAGS=(--define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-file ${gpg_pass}" --define "_gpg_path $KEYDIR" --define="_gpg_name $SIGNER")

rpmdev-vercmp $(rpm --query --queryformat='%{EVR}' rpm) 4.16.0 || RESULT=$?

Check warning

Code scanning / shellcheck

Quote this to prevent word splitting. Warning

Quote this to prevent word splitting.
if [[ $RESULT == "11" ]]; then
SIGN_FLAGS+=("--rpmv3")
fi

if [[ -n $1 ]] ; then
echo "$@" | xargs $XARGS_JOBS rpmsign --addsign "${SIGN_FLAGS[@]}"

Check notice

Code scanning / shellcheck

Double quote to prevent globbing and word splitting. Note

Double quote to prevent globbing and word splitting.
else
find "$RPMDIR" -name '*.rpm' | xargs $XARGS_JOBS rpmsign --addsign "${SIGN_FLAGS[@]}"

Check warning

Code scanning / shellcheck

Use -print0/-0 or -exec + to allow for non-alphanumeric filenames. Warning

Use -print0/-0 or -exec + to allow for non-alphanumeric filenames.

Check notice

Code scanning / shellcheck

Double quote to prevent globbing and word splitting. Note

Double quote to prevent globbing and word splitting.
fi

0 comments on commit 3856df4

Please sign in to comment.