safer method to sign packages

git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@688 04377dda-e619-0410-9926-eae83683ac58

diff --git a/trunk/src/createpkg b/trunk/src/createpkg
index a46b911b8fa8f11854952229931e1014b3c1fafe..6c0a4dfdc9945eacb55b36ed25ba624e88c21c72 100644 (file)
--- a/trunk/src/createpkg
+++ b/trunk/src/createpkg
@@ -716,10 +716,11 @@ if [ $SIGN_PACKAGES -eq $on ]; then
   fi
 
   if [ ! -z "$SIGN_PACKAGES_USER" ]; then
-    rm -f $TMP/$PKG_NAME.asc
-    su $SIGN_PACKAGES_USER -c "gpg --use-agent --armor -sb -u $SIGN_KEYID -o $TMP/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME"
-    cp $TMP/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME.asc
-    rm -f $TMP/$PKG_NAME.asc
+    tmp_sign_folder="`mktemp -d $TMP/createpkg_sign.XXXXXX`"
+    chown $SIGN_PACKAGES_USER $tmp_sign_folder
+    su $SIGN_PACKAGES_USER -c "gpg --use-agent --armor -sb -u $SIGN_KEYID -o $tmp_sign_folder/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME"
+    cp $tmp_sign_folder/$PKG_NAME.asc $PACKAGES_DIR/$PKG_NAME.asc
+    rm -rf $tmp_sign_folder
   else
     gpg --use-agent --armor -sb -u $SIGN_KEYID $PACKAGES_DIR/$PKG_NAME
   fi