Changeset 2246


Ignore:
Timestamp:
Aug 30, 2017, 4:39:22 PM (3 weeks ago)
Author:
bruno
Message:

Fix #163 by adding support for additional GPG keys to export and for YUM repos

File:
1 edited

Legend:

Unmodified
Added
Removed
  • 0.14.6/pb/bin/pb

    r2242 r2246  
    55# $Id$
    66#
    7 # Copyright B. Cornec 2007-2016
     7# Copyright B. Cornec 2007-today
    88# Eric Anderson's changes are (c) Copyright 2012 Hewlett Packard
    99# Provided under the GPL v2
     
    448448=item B<getvar>
    449449
    450 Print the full variables expanded based on the distrubution tuple. Help to debug conf issues.
     450Print the full variables expanded based on the distribution tuple. Help to debug conf issues.
    451451Also accepts a parameter to display only the values for this package, and a VM/VE/RM
    452452
     
    22302230        chmod 0644,"$ENV{'PBDESTDIR'}/$ENV{'PBPROJ'}.pubkey";
    22312231        $src = "$src $ENV{'PBDESTDIR'}/$ENV{'PBPROJ'}.pubkey";
     2232
     2233        my ($gpgaddkey) = pb_conf_get_if("pbadditionalgpg");
     2234        my $pbadditionalgpg;
     2235        $pbadditionalgpg = $gpgaddkey->{$ENV{PBPROJ}} if (defined $gpgaddkey);
     2236        if (defined $pbadditionalgpg) {
     2237            foreach my $k (split(/,/,$pbadditionalgpg)) {
     2238                pb_log(0,"Exporting public key $k\n");
     2239                system("gpg --export -a \'$k\' > $ENV{'PBDESTDIR'}/$ENV{'PBPROJ'}-$k.pubkey");
     2240                $src = "$src $ENV{'PBDESTDIR'}/$ENV{'PBPROJ'}-$k.pubkey";
     2241            }
     2242        }
    22322243    }
    22332244    # Remove potential leading spaces (cause problem with basename)
     
    23172328        if ($pbos->{'type'} eq "rpm") {
    23182329            my $pbsha = pb_distro_get_param($pbos,pb_conf_get("ossha"));
    2319             my $gpgcheck = pb_conf_get_if("pbgpgcheck");
     2330            my ($gpgcheck) = pb_conf_get_if("pbgpgcheck");
    23202331            my $pbgpgcheck;
    23212332            $pbgpgcheck = $gpgcheck->{$ENV{PBPROJ}} if (defined $gpgcheck);
     2333            my $pbgpgkey = "$pbrepo->{$ENV{'PBPROJ'}}/$repodir/$ENV{'PBPROJ'}.pubkey";
     2334            my ($gpgaddpkey) = pb_conf_get_if("pbadditionalgpg");
     2335            my $pbadditionalgpg;
     2336            $pbadditionalgpg = $gpgaddpkey->{$ENV{PBPROJ}} if (defined $gpgaddpkey);
     2337            if (defined $pbadditionalgpg) {
     2338                foreach my $k (split(/,/,$pbadditionalgpg)) {
     2339                    $pbgpgkey .= " $pbrepo->{$ENV{'PBPROJ'}}/$repodir/$ENV{'PBPROJ'}-$k.pubkey";
     2340                }
     2341            }
    23222342            # By default force GPG check in repo even if we support signature of packages to fail. This is a best practice
    23232343            $pbgpgcheck = 1 if (not defined $pbgpgcheck);
     
    23352355enabled=1
    23362356gpgcheck=$pbgpgcheck
    2337 gpgkey=$pbrepo->{$ENV{'PBPROJ'}}/$repodir/$ENV{'PBPROJ'}.pubkey
     2357gpgkey=$pbgpgkey
    23382358EOT
    23392359chmod 644 $ENV{'PBPROJ'}$repotag.repo
Note: See TracChangeset for help on using the changeset viewer.