From ac599d0f96496eea71143dec6b5e844de13deac0 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 8 Jul 2010 14:52:41 +0200 Subject: [PATCH] Add some root/sudo checks and pkg singing (disabled) Why disabled? Well, it is IMPOSSIBLE to sign packages unattended using 'rpm --add-sing' as it ALWAYS asks for passphrase (eventhough our PPH is empty). Do you feel like typing that PPH for every single rpm during archive rebuild? I don't. Btw, anyone experienced with 'expect' is welcome to fix this. --- update-archive/update-yum-archve.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/update-archive/update-yum-archve.sh b/update-archive/update-yum-archve.sh index 4800c0a..aa6b283 100755 --- a/update-archive/update-yum-archve.sh +++ b/update-archive/update-yum-archve.sh @@ -1,9 +1,26 @@ #!/bin/sh +if [ "$(id -u)" != "0" -o $HOME != "/root" ]; then + echo "This script must be run as root (not sudo) to perform package singning." 1>&2 + exit 1 +fi + +if test ! -f ~/.rpmmacros; then + echo "$0: Make sure ~/.rpmmacros file exsits and contains macros from git-tools/update-archive/root-rpmmacros" + exit 1 +fi + if test ! -x /usr/bin/createrepo; then echo "$0: /usr/bin/createrepo missing. Install createrepo" exit 1 fi +if test ! -x /usr/bin/gpg; then + echo "$0: /usr/bin/gpg missing. Install gpg" + exit 1 +fi + +#check if root has rpm macros + confdir=`pwd` architectures="i386 x86_64" for vdist in centos/5.5 rhel/5.5; do @@ -62,11 +79,15 @@ for vdist in centos/5.5 rhel/5.5; do mkdir -p $d/${arch}/Packages for f in $distdir/RPMS/${arch}/*.rpm $distdir/RPMS/noarch/*.rpm; do if test -f $f; then + #rpm --addsign $f ln -sf $f $d/${arch}/Packages/ has_packages=true fi done createrepo --update $d/${arch} + if test -f $d/${arch}/repodata/repomd.xml.asc; then + rm $d/${arch}/repodata/repomd.xml.asc + fi gpg --detach-sign -u "Index Data" --armor $d/${arch}/repodata/repomd.xml done fi -- 1.7.10.4