#!/bin/bash # Copyright 2010-2015 Gentoo Authors; Distributed under the GPL v2 # might be earlier copyright, no history available # Keep this variable in sync in both sign-autobuilds.sh & sync-autobuilds.sh _ARCHES="alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86" #alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86 ARCHES=${ARCHES:-${_ARCHES}} RELEASES=/var/tmp/gmirror-releases/releases/ [[ $HOSTNAME == TODO ]] && RELEASES=/var/tmp/gmirror/releases/ DEBUG='' VERBOSE='' GPG='gpg --homedir /home/gmirror/.gnupg-releng/ --batch --no-tty' # Do not change DEBUGP= VERBOSEP=false [ -n "$DEBUG" ] && DEBUGP=echo [ -n "$VERBOSE" ] && VERBOSEP= [ -n "$DEBUG" ] && RSYNC_OPTS="${RSYNC_OPTS} -n" [ -n "$VERBOSE" ] && RSYNC_OPTS="${RSYNC_OPTS} -v" # needs more debugging # set -e signone() { f="$1" $DEBUGP ${GPG} --armor --detach-sign "${f}" } signone_clearsign() { # only for text files! f="$1" d="${1}.asc.tmp" rm -f "$d" # Clearsign aborts if the destfile exists $DEBUGP ${GPG} --armor --clearsign --output "$d" "${f}" $DEBUGP mv "${d}" "${f}" } gpgconf --kill all for a in $ARCHES ; do pushd $RELEASES/$a >/dev/null || continue [[ -d autobuilds ]] || exit #echo "Release files:" files="$(find autobuilds -name '*.tar.xz' -or -name '*.iso' -or -name '*.tar.bz2' -or -name '*.lif')" sigs="$(find autobuilds -name '*.asc' )" unsigned="$(comm -23 <(echo "$files" |sort) <(echo "$sigs" | sed -e 's,.asc$,,g' |sort))" #$VERBOSEP echo "=== ARCH: $a" for dgst in $unsigned ; do if [ ! -f ${dgst}.asc ]; then $VERBOSEP echo "Signing $dgst" signone $dgst fi done for dgst in $digests ; do if [ -f ${dgst}.asc -a ${dgst} -nt ${dgst}.asc ]; then $VERBOSEP echo "Resigning $dgst" rm -f ${dgst}.asc signone $dgst fi done #echo "Text helper files:" unsigned="$(find autobuilds \( -name '*.sha256' -or -name '*.DIGESTS' \) -exec grep -L -e '^-----BEGIN PGP SIGNED MESSAGE-----$' \{} \+ )" for dgst in $unsigned ; do $VERBOSEP echo "Signing (inline/cleartext) $dgst" signone_clearsign $dgst done popd >/dev/null done