Changeset 1556


Ignore:
Timestamp:
May 21, 2012, 3:46:31 AM (7 years ago)
Author:
bruno
Message:

pb: Use new pbgpgcheck option to control whether we enable gpgcheck in the repo script. Problem is that signing failure is tolerated, so the rpms can be unsigned, but gpgcheck is on by default. Preserve those semantics by default, but allow for control. (Eric Anderson)

  • pbgpgcheck is optional and default to 1 (Bruno Cornec)
Location:
devel
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • devel/pb-modules/etc/pb.conf.pod

    r1545 r1556  
    477477 Nature: Optional
    478478 Key: project (as defined in the -p option or PBPROJ environment variable)
    479  Value: Whether the repository file should be generated specifying that gpg checking of the packages is on. Note that failures to sign packages is tolerated by default, which means that signatures can fail making the repository file generated not work. The default is to require gpg checks.
     479 Value: Whether the repository file should be generated specifying that gpg checking of the packages is on. Note that failures to sign packages is tolerated by default, which means that signatures can fail making the repository file generated not work. The default is to require gpg checks (value is 1)
    480480 Conffile: project
    481481 Example: pbgpgcheck Lintel = 0
  • devel/pb-modules/lib/ProjectBuilder/Env.pm

    r1555 r1556  
    440440#pbwf $ENV{'PBPROJ'} = 1
    441441
     442# Do we check GPG keys
     443#pbgpgcheck $ENV{'PBPROJ'} = 1
     444
    442445#
    443446# Packager label
  • devel/pb/bin/pb

    r1555 r1556  
    20252025        if ($pbos->{'type'} eq "rpm") {
    20262026            my $pbsha = pb_distro_get_param($pbos,pb_conf_get("ossha"));
     2027            my $gpgcheck = pb_conf_get_if("pbgpgcheck");
     2028            my $pbgpgcheck;
     2029            $pbgpgcheck = $gpgcheck->{$ENV{PBPROJ}} if (defined $gpgcheck);
     2030            # By default force GPG check in repo even if we support signature of packages to fail. This is a best practice
     2031            $pbgpgcheck = 1 if (not defined $pbgpgcheck);
    20272032            # Also make a pbscript to generate yum/urpmi bases
    20282033            print PBS << "EOF";
     
    20372042baseurl=$pbrepo->{$ENV{'PBPROJ'}}/$repodir
    20382043enabled=1
    2039 gpgcheck=1
     2044gpgcheck=$pbgpgcheck
    20402045gpgkey=$pbrepo->{$ENV{'PBPROJ'}}/$repodir/$ENV{'PBPROJ'}.pubkey
    20412046EOT
Note: See TracChangeset for help on using the changeset viewer.