Fix gpg repo signing command
This commit is contained in:
10
installJRMC
10
installJRMC
@@ -1209,20 +1209,20 @@ run_createrepo() {
|
|||||||
repomd_xml="$CREATEREPO_WEBROOT/repodata/repomd.xml"
|
repomd_xml="$CREATEREPO_WEBROOT/repodata/repomd.xml"
|
||||||
repomd_asc="$repomd_xml.asc"
|
repomd_asc="$repomd_xml.asc"
|
||||||
[[ -f $repomd_xml ]] || { err "repomd.xml missing after createrepo"; return 1; }
|
[[ -f $repomd_xml ]] || { err "repomd.xml missing after createrepo"; return 1; }
|
||||||
|
[[ -n $SIGN_KEY ]] || { err "--sign requires --sign-key for repodata signing"; return 1; }
|
||||||
|
|
||||||
if [[ $(id -un) == "$SIGN_USER" ]]; then
|
if [[ $(id -un) == "$SIGN_USER" ]]; then
|
||||||
sign_prefix=()
|
sign_prefix=()
|
||||||
else
|
else
|
||||||
sign_prefix=(sudo -u "$SIGN_USER")
|
sign_prefix=(sudo -H -u "$SIGN_USER")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Sign repo.md to a temp file first and then move to webroot
|
# Sign repo.md to a temp file first and then move to webroot
|
||||||
local repomd_asc_tmp
|
local repomd_asc_tmp
|
||||||
repomd_asc_tmp=$(mktemp) || { err "Failed to create temp file for signature"; return 1; }
|
repomd_asc_tmp=$(mktemp) || { err "Failed to create temp file for signature"; return 1; }
|
||||||
|
|
||||||
gpg_cmd=(gpg --batch --yes --armor --detach-sign --output "$repomd_asc_tmp")
|
gpg_cmd=(gpg --batch --yes --pinentry-mode loopback --default-key "$SIGN_KEY" --armor --detach-sign --output "$repomd_asc_tmp")
|
||||||
((DEBUG)) && gpg_cmd+=(--verbose)
|
((DEBUG)) && gpg_cmd+=(--verbose)
|
||||||
[[ -n $SIGN_KEY ]] && gpg_cmd+=(--local-user "$SIGN_KEY")
|
|
||||||
gpg_cmd+=("$repomd_xml")
|
gpg_cmd+=("$repomd_xml")
|
||||||
|
|
||||||
echo "Signing repodata: $repomd_xml"
|
echo "Signing repodata: $repomd_xml"
|
||||||
@@ -1236,7 +1236,6 @@ run_createrepo() {
|
|||||||
rm -f "$repomd_asc_tmp"
|
rm -f "$repomd_asc_tmp"
|
||||||
|
|
||||||
# Export public key so clients can import it via repo gpgkey URL
|
# Export public key so clients can import it via repo gpgkey URL
|
||||||
if [[ -n $SIGN_KEY ]]; then
|
|
||||||
pubkey_file="$CREATEREPO_WEBROOT/RPM-GPG-KEY-jriver.asc"
|
pubkey_file="$CREATEREPO_WEBROOT/RPM-GPG-KEY-jriver.asc"
|
||||||
local pubkey_tmp
|
local pubkey_tmp
|
||||||
pubkey_tmp=$(mktemp) || { err "Failed to create temp file for public key"; return 1; }
|
pubkey_tmp=$(mktemp) || { err "Failed to create temp file for public key"; return 1; }
|
||||||
@@ -1248,9 +1247,6 @@ run_createrepo() {
|
|||||||
execute sudo install -m 0644 "$pubkey_tmp" "$pubkey_file"
|
execute sudo install -m 0644 "$pubkey_tmp" "$pubkey_file"
|
||||||
execute sudo chown "$WEBROOT_USER:$WEBROOT_USER" "$pubkey_file"
|
execute sudo chown "$WEBROOT_USER:$WEBROOT_USER" "$pubkey_file"
|
||||||
rm -f "$pubkey_tmp"
|
rm -f "$pubkey_tmp"
|
||||||
else
|
|
||||||
err "SIGN_SWITCH enabled without --sign-key; skipping public key export"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user