Changeset 2106 in ProjectBuilder

Timestamp:

Jul 21, 2016, 3:10:20 AM (9 years ago)

Author:

Bruno Cornec

Message:

• Start fixing #108 by adding functions to sign files and file transfer for deb Release content
• Fix again the tdir setup

File:

• devel/pb/bin/pb (modified) (8 diffs)

devel/pb/bin/pb

@@ -2195 +2195 @@
         $tdir = "$remdir/$delivery->{$ENV{'PBPROJ'}}";
     } elsif ($cmt eq "Packages") {
+        my $debarch = "";
+
         if (($pbos->{'type'} eq "rpm") || ($pbos->{'type'} eq "pkg") || ($pbos->{'type'} eq "hpux") || ($pbos->{'type'} eq "tgz")) {
             # put packages under an arch subdir
@@ -2343 +2345 @@
             # Cf: http://www.debian.org/doc/manuals/repository-howto/repository-howto.fr.html
             # This dirname removes ver
-            my $debarch = $pbos->{'arch'};
-            $debarch = "amd64" if ($pbos->{'arch'} eq "x86_64");
+            my $debarch = pb_get_debarch($pbos);
+            my $projcomponent = pb_get_debpc($pbos);
             my $rpd = dirname("$pbrepo->{$ENV{'PBPROJ'}}/$repodir");
             # Remove extra . in path to fix #522
             $rpd =~ s|/./|/|g;
-            my ($projcomponent_map) = pb_conf_get_if("projcomponent");
-            pb_log(2,"projcomponent = ".Dumper($projcomponent_map)."\n");
-            my $projcomponent = $projcomponent_map->{$ENV{PBPROJ}};
-            $projcomponent ||= 'contrib';
             print PBS << "EOF";
 #!/bin/bash
@@ -2587 +2585 @@
             # Nothing to do here
         } else {
-            pb_system("$shcmd \"rm -rf $tdir ; mkdir -p $tdir ; $cmd\' | bash -e\"","Preparing $tdir on $cptarget");
+            pb_system("$shcmd \"rm -rf $tdir ; mkdir -p $tdir ; cd $tdir ; $cmd\"","Preparing $tdir on $cptarget");
         }
     } else {
@@ -2723 +2721 @@
     }
     my $ret = pb_system("$shcmd","Executing pbscript on $cptarget if needed",$cmdverb);
+    
+    # If target is deb family then sign Release file for Packages
+    if (($cmt =~ /Packages/) && ($pbos->{'type'} eq "deb")) {
+        my $debarch = pb_get_debarch($pbos);
+        my $projcomponent = pb_get_debpc($pbos);
+        for my $f ("dists/$pbos->{'version'}/$projcomponent/binary-$debarch/Release","dists/$pbos->{'version'}/$projcomponent/source/Release","dists/$pbos->{'version'}/Release") {
+            pb_system("cd $ENV{'PBBUILDDIR'} ; $cpcmd $cptarget/$f . 2> /dev/null","Getting deb $f file from $cptarget");
+            pb_sign_file("$ENV{'PBBUILDDIR'}/Release");
+            pb_system("cd $ENV{'PBBUILDDIR'} ; $cpcmd Release.gpg $cptarget/$f 2> /dev/null","Putting back deb $f file to $cptarget");
+        }
+    } 
 
     if ($cmt =~ /^(V[EM]|RM)build/) {
@@ -4833 +4842 @@
 }
 
-sub pb_sign_pkgs {
-
-my $pbos = shift;
-my $made = shift;
-
-pb_log(2,"entering pb_sign_pkg: $made ".Dumper($pbos)."\n");
+sub pb_sign_setenv {
+
 my ($passfile, $passphrase, $passpath) = pb_conf_get_if("pbpassfile","pbpassphrase","pbpasspath");
 $ENV{'PBPASSPHRASE'} = $passphrase->{$ENV{'PBPROJ'}} if ((not defined $ENV{'PBPASSPHRASE'}) && (defined $passphrase->{$ENV{'PBPROJ'}}));
@@ -4844 +4849 @@
 $ENV{'PBPASSPATH'} = $passpath->{$ENV{'PBPROJ'}} if ((not defined $ENV{'PBPASSPATH'})&& (defined $passpath->{$ENV{'PBPROJ'}})) ;
 
+eval
+{
+    require RPM4::Sign;
+    RPM4::Sign->import();
+};
+if ($@) {
+    # RPM4::Sign not found
+    pb_log(1,"WARNING: Install RPM4::Sign to benefit from automatic package signing.\n");
+} else {
+    return(undef) if (((not defined $ENV{'PBPASSPHRASE'}) and (not defined $ENV{'PBPASSFILE'})) || (not defined $ENV{'PBPACKAGER'}) || (not defined $ENV{'PBPASSPATH'}));
+    my $sign = RPM4::Sign->new(
+        passphrase => $ENV{'PBPASSPHRASE'},
+        name => $ENV{'PBPACKAGER'},
+        path => $ENV{'PBPASSPATH'},
+        password_file => $ENV{'PBPASSFILE'}, 
+    );
+    return(undef) if (not defined $sign);
+    return(undef) if (not defined $sign->{name});
+    return(undef) if (not defined $sign->{path});
+    return(undef) if ((not defined $sign->{passphrase}) && (not defined $sign->{password_file}));
+    return(undef) if (not defined $sign->{keyid});
+
+    return($sign);
+}
+}
+
+sub pb_sign_file {
+
+my $file = shift;
+
+eval
+{
+    require Crypt::OpenPGP;
+    Crypt::OpenPGP->import();
+};
+if ($@) {
+    # Crypt::OpenPGP not found
+    pb_log(1,"WARNING: Install Crypt::OpenPGP to benefit from debian Release file signing.\n");
+} else {
+    my $sign = pb_sign_setenv();
+    my $pgp = Crypt::OpenPGP->new;
+    my $pgpsign = $pgp->sign(
+        Filename   => $file,
+        KeyID      => $sign->{keyid},
+        Passphrase => $sign->{passphrase},
+        Detach     => 1,
+        Armour     => 1,
+    );
+    open(DEST, "> $file.gpg") || confess "Unable to write to $file.gpg";
+    print DEST $pgpsign if (defined $pgpsign);
+    close(DEST);
+}
+}
+
+sub pb_sign_pkgs {
+
+my $pbos = shift;
+my $made = shift;
+
+pb_log(2,"entering pb_sign_pkg: $made ".Dumper($pbos)."\n");
+pb_sign_setenv();
 # Remove extra spaces
 $made =~ s/\s+/ /g;
@@ -4850 +4916 @@
 
 if ($pbos->{'type'} eq "rpm") {
-    eval
-    {
-        require RPM4::Sign;
-        RPM4::Sign->import();
-    };
-    if ($@) {
-        # RPM4::Sign not found
-        pb_log(1,"WARNING: Install RPM4::Sign to benefit from automatic package signing.\n");
-    } else {
-        return if (((not defined $ENV{'PBPASSPHRASE'}) and (not defined $ENV{'PBPASSFILE'})) || (not defined $ENV{'PBPACKAGER'}) || (not defined $ENV{'PBPASSPATH'}));
-        my $sign = RPM4::Sign->new(
-            passphrase => $ENV{'PBPASSPHRASE'},
-            name => $ENV{'PBPACKAGER'},
-            path => $ENV{'PBPASSPATH'},
-            password_file => $ENV{'PBPASSFILE'}, 
-        );
-        return if (not defined $sign);
-        return if (not defined $sign->{name});
-        return if (not defined $sign->{path});
-        return if ((not defined $sign->{passphrase}) && (not defined $sign->{password_file}));
-        return if (not defined $sign->{keyid});
-
-        pb_log(0,"Signing RPM packages...\n");
-        pb_log(2,"pb_sign_pkg: pkgs:".Dumper(split(/ /,$made))."\n");
-        $sign->rpmssign(split(/ /,$made));
-    }
+    my $sign = pb_sign_setenv();
+    pb_log(0,"Signing RPM packages...\n");
+    pb_log(2,"pb_sign_pkg: pkgs:".Dumper(split(/ /,$made))."\n");
+    $sign->rpmssign(split(/ /,$made));
 } elsif ($pbos->{'type'} eq "deb") {
     my $changes = "";
@@ -5011 +5055 @@
 }
 
+# Returns debian architecture
+#
+sub pb_get_debarch {
+
+my $pbos = shift;
+
+my $debarch = $pbos->{'arch'};
+$debarch = "amd64" if ($pbos->{'arch'} eq "x86_64");
+
+return($debarch);
+}
+
+sub pb_get_debpc {
+
+my ($projcomponent_map) = pb_conf_get_if("projcomponent");
+pb_log(2,"projcomponent = ".Dumper($projcomponent_map)."\n");
+my $projcomponent = $projcomponent_map->{$ENV{PBPROJ}};
+$projcomponent ||= 'contrib';
+
+return($projcomponent);
+}
+
 1;