Always sign unsigned packages
We do not allow packages to be uploaded without signatures so force all unsigned packages to be signed. This has the bonus of not breaking makepkg signing support by requiring you use an internal makepkg variable. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
This commit is contained in:
parent
9ab0d94578
commit
afc93f3430
12
commitpkg.in
12
commitpkg.in
|
@ -143,21 +143,17 @@ for _arch in ${arch[@]}; do
|
||||||
uploads+=("$pkgfile")
|
uploads+=("$pkgfile")
|
||||||
|
|
||||||
sigfile="${pkgfile}.sig"
|
sigfile="${pkgfile}.sig"
|
||||||
if [[ $SIGNPKG == 'y' && ! -f $sigfile ]]; then
|
if [[ ! -f $sigfile ]]; then
|
||||||
msg "Signing package ${pkgfile}..."
|
msg "Signing package ${pkgfile}..."
|
||||||
if [[ -n $GPGKEY ]]; then
|
if [[ -n $GPGKEY ]]; then
|
||||||
SIGNWITHKEY="-u ${GPGKEY}"
|
SIGNWITHKEY="-u ${GPGKEY}"
|
||||||
fi
|
fi
|
||||||
gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
|
gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
|
||||||
fi
|
fi
|
||||||
if [[ -f $sigfile ]]; then
|
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
|
||||||
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
|
die "Signature ${pkgfile}.sig is incorrect!"
|
||||||
die "Signature ${pkgfile}.sig is incorrect!"
|
|
||||||
fi
|
|
||||||
uploads+=("$sigfile")
|
|
||||||
else
|
|
||||||
die "Signature ${pkgfile}.sig was not found"
|
|
||||||
fi
|
fi
|
||||||
|
uploads+=("$sigfile")
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue