enhanced gpg integration

git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@673 04377dda-e619-0410-9926-eae83683ac58

diff --git a/trunk/lib/common.sh b/trunk/lib/common.sh
index d5164481cfe0d0e99bcde5ef7895bcd319009c85..53fc0f2a14bb6994aac09c86a90bccc2864c70e0 100644 (file)
--- a/trunk/lib/common.sh
+++ b/trunk/lib/common.sh
@@ -1089,6 +1089,35 @@ function gen_meta {
 
 }
 
+function repo_gpg_key {
+
+  # usage: repo_gpg_key <folder>
+
+  local folder="$1"
+
+  if [ $SIGN_PACKAGES -eq $on ]; then
+    if [ -f "$folder/GPG-KEY" ]; then
+      if ! gpg --with-colons < $folder/GPG-KEY | cut -d : -f 5 | grep -q -e "$SIGN_KEYID$"; then
+        echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..."
+        if [ ! -z "$SIGN_PACKAGES_USER" ]; then
+          su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEY_ID" >> $folder/GPG-KEY
+        else
+          gpg --export --armor $SIGN_KEY_ID >> $folder/GPG-KEY
+        fi
+      fi
+    else
+      echo "Adding OpenPGP key id $SIGN_KEYID to $folder/GPG-KEY file..."
+      if [ ! -z "$SIGN_PACKAGES_USER" ]; then
+        su $SIGN_PACKAGES_USER -c "gpg --export --armor $SIGN_KEY_ID" > $folder/GPG-KEY
+      else
+        gpg --export --armor $SIGN_KEY_ID > $folder/GPG-KEY
+      fi
+    fi
+    svn_add $folder/GPG-KEY
+  fi
+
+}
+
 # -----------------------------------------------
 #                 Error functions
 # -----------------------------------------------
@@ -1332,3 +1361,25 @@ function is_the_same {
   fi
 
 }
+
+function check_gnupg {
+
+  # check if there's a keyring
+  # usage: check_gnupg [username]
+
+  local user="$1" home
+
+  if [ ! -z "$user" ]; then
+    echo "Setting up gnupg..."
+    home="`grep "^$user:" /etc/passwd | cut -d : -f 6`"
+    if [ ! -d "$home/.gnupg" ]; then
+      su $user -c "gpg --list-keys"
+    fi
+  else
+    if [ ! -d "$HOME/.gnupg" ]; then
+      echo "Setting up gnupg..."
+      gpg --list-keys
+    fi
+  fi
+
+}

diff --git a/trunk/src/createpkg b/trunk/src/createpkg
index 86be85445e1299d3f0e85fe3ce432808102c3aea..fe908b56401e6ca0b5c40df1b39fcc70d0f0e700 100644 (file)
--- a/trunk/src/createpkg
+++ b/trunk/src/createpkg
@@ -437,6 +437,7 @@ function update_metadata {
 
   cd $makepkg_repos
 
+  repo_gpg_key $makepkg_repos
   gen_meta $SUBFOLDER/$PKG_NAME
   gen_filelist
   update_md5_checksum $makepkg_repos $SUBFOLDER/$PKG_NAME
@@ -697,10 +698,16 @@ if [ $SIGN_PACKAGES -eq $on ]; then
 
   echo "Signing package..."
 
+  check_gnupg $SIGN_PACKAGES_USER
+
   if [ ! -z "$SIGN_PACKAGES_KEYID" ]; then
     SIGN_KEYID="-u $SIGN_PACKAGES_KEYID"
   else
-    SIGN_KEYID=""
+    if [ ! -z "$SIGN_PACKAGES_USER" ]; then
+      SIGN_KEYID="-u `su $SIGN_PACKAGES_USER -c "gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5"`"
+    else
+      SIGN_KEYID="-u `gpg --list-secret-keys --with-colons | grep ^sec | head -n 1 | cut -d : -f 5`"
+    fi
   fi
 
   if [ ! -z "$SIGN_PACKAGES_USER" ]; then

diff --git a/trunk/src/simplaret b/trunk/src/simplaret
index df5552666a9109379cfdbaed517a74d99102443d..1d9d47a666ae4a0ce3c7badb92089317b271e6cd 100755 (executable)
--- a/trunk/src/simplaret
+++ b/trunk/src/simplaret
@@ -63,8 +63,8 @@ function simplaret_backup_index {
 function simplaret_check_index {
 
   for file in `simplaret_metafiles`; do
-    if [ ! -f "$1/$file" ] && [ -f "$1/$file" ]; then
-      echo restoring old $file to $1...
+    if [ ! -f "$1/$file" ] && [ -f "$1/$file.old" ]; then
+      echo Restoring old $file to $1...
       mv $1/$file.old $1/$file
      else
       rm -f $1/$file.old
@@ -73,6 +73,21 @@ function simplaret_check_index {
 
 }
 
+function simplaret_import_gpg_keys {
+
+  if [ "$SIGNATURE_CHECKING" == "$on" ]; then
+    check_gnupg
+    if [ -f "$1/GPG-KEY" ] && [ -f "$1/GPG-KEY.old" ]; then
+      if diff $1/GPG-KEY $1/GPG-KEY.old &> /dev/null; then
+        gpg --import < $1/GPG-KEY
+      fi
+    elif [ -f "$1/GPG-KEY" ]; then
+      gpg --import < $1/GPG-KEY
+    fi
+  fi
+
+}
+
 function simplaret_download {
 
   # download a file from a repo to a folder
@@ -262,6 +277,7 @@ function simplaret_update {
 
       simplaret_get_index $repository_url $storage/$repository_name
       simplaret_check_index $storage/$repository_name
+      simplaret_import_gpg_keys $storage/$repository_name
 
       unset repository_name repository_url repository_protocol
 
@@ -320,7 +336,11 @@ function simplaret_filelist {
 
 function simplaret_metafiles {
 
-  echo `simplaret_filelist` CHECKSUMS.md5
+  if [ "$SIGNATURE_CHECKING" == "$on" ]; then
+    echo `simplaret_filelist` CHECKSUMS.md5 GPG-KEY
+  else
+    echo `simplaret_filelist` CHECKSUMS.md5
+  fi
 
 }