blob: 8fa84754abd253e0416d5449a54de65e2ed0d74b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/bash
# Copyright 2010-2023 Gentoo Authors; Distributed under the GPL v2
# might be earlier copyright, no history available
# for testing
ARCHES="arm64 sparc"
# Keep this variable in sync
_ARCHES="alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86"
#alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86
ARCHES=${ARCHES:-${_ARCHES}}
INTREE=/release/weekly/binpackages
SIGTREE=/release/binpackages
DEBUG=''
VERBOSE=''
BINPKG_GPG_SIGNING_GPG_HOME=/home/gmirror/.gnupg-releng
BINPKG_GPG_SIGNING_KEY=DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
gpgconf --kill all
## step 0: ensure all directories exist and have the right
## permissions
## we can't actually do that here since this script runs as
## unprivileged user
#
#for a in $ARCHES ; do
# if ! [[ -d ${INTREE}/${a} ]]; then
# mkdir -p ${INTREE}/${a}
# chown ${a}:${a} ${INTREE}/${a}
# chmod u+rwx,o+rx ${INTREE}/${a}
# fi
#done
#
#[[ -d SIGTREE ]] || mkdir -p ${SIGTREE}
# step 1: rsync from the dirs where the arches copy in
# make sure to *not* overwrite existing newer files (obviously
# the signature changed them)...
for a in $ARCHES ; do
rsync --recursive --delete --delete-after --update ${INTREE}/${a}/ ${SIGTREE}/${a}/
done
# step 2: iterate over all binary package trees, sign
# all unsigned files
# we assume the directory structure to be
# /binpackages/amd64/17.1/x86-64
# /binpackages/amd64/17.1/x86-64_musl
# /binpackages/mips/17.0/mipsel3_n32
# /binpackages/x86/17.0/x86_musl_hardened
for t in ${SIGTREE}/*/*/* ; do
find ${t} -name '*.gpkg' -exec gpkg-sign --skip-signed \{\} \;
PKGDIR=${t} emaint binhost fix
done
|