tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [patch] Building signed packages directly



On 31/03/2014 17:54, Joerg Sonnenberger wrote:
> On Mon, Mar 31, 2014 at 04:50:33PM +0200, Pierre Pronchery wrote:
>> The patch also updates mk/pkgformat/pkg/package.mk to create signed
>> packages, copying the staging unsigned package directly as a signed one
>> thanks to pkg_admin(1).
> 
> Don't duplicate the target, just operate on the intermediate package
> directly.

Is this new patch better?

Thanks,
-- 
khorben
commit f67a82dc936faa79a9dea153dd2ff43e9ca1d857
Author: Pierre Pronchery <khorben%EdgeBSD.org@localhost>
Date:   Wed Mar 26 14:28:02 2014 +0100

    Added support for creating signed binary packages directly

diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
index 2e42e86..d00bcc4 100644
--- a/mk/defaults/mk.conf
+++ b/mk/defaults/mk.conf
@@ -61,7 +61,7 @@ GZIP?=        -9
 # Default: yes
 
 SIGN_PACKAGES= gpg
-# sign the packages generated (when supported) with the method specified.
+# sign the packages generated with the method specified.
 # Possible: gpg, x509, not defined
 # Default: gpg
 
@@ -86,6 +86,21 @@ SIGN_PACKAGES= gpg
 # Possible: defined, not defined
 # Default: not defined
 
+#SIGN_PACKAGES=
+# sign the packages generated (when supported) with the method specified.
+# Possible: gpg, x509, not defined
+# Default: not defined
+
+#X509_KEY=
+# key to use when signing packages with an X509 certificate.
+# Possible: pathname to the key file, not defined
+# Default: not defined
+
+#X509_CERTIFICATE=
+# certificate to use when signing packages with an X509 certificate.
+# Possible: pathname to the X509 certificate, not defined
+# Default: not defined
+
 .if defined(PKG_DEVELOPER) && ${PKG_DEVELOPER} != "no"
 PATCH_DEBUG?=
 .endif
diff --git a/mk/pkgformat/pkg/package.mk b/mk/pkgformat/pkg/package.mk
index 3a0175b..6de8501 100644
--- a/mk/pkgformat/pkg/package.mk
+++ b/mk/pkgformat/pkg/package.mk
@@ -68,6 +68,29 @@ _PKG_ARGS_PACKAGE+=  -E
 
 ${STAGE_PKGFILE}: ${_CONTENTS_TARGETS}
        ${RUN} ${MKDIR} ${.TARGET:H}
+.if !empty(SIGN_PACKAGES:Mgpg)
+       @${STEP_MSG} "Creating signed binary package ${.TARGET}"
+       ${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},};      \
+       if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then         \
+               ${PKG_ADMIN} gpg-sign-package "$$tmpname" ${.TARGET};   \
+               exitcode=$$?;                                           \
+               ${RM} -f "$$tmpname";                                   \
+               [ $$exitcode -eq 0 ] || exit $$exitcode;                \
+       else                                                            \
+               exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode;    \
+       fi
+.elif !empty(SIGN_PACKAGES:Mx509)
+       @${STEP_MSG} "Creating signed binary package ${.TARGET}"
+       ${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},};      \
+       if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then         \
+               ${PKG_ADMIN} x509-sign-package "$$tmpname" ${.TARGET};  \
+               exitcode=$$?;                                           \
+               ${RM} -f "$$tmpname";                                   \
+               [ $$exitcode -eq 0 ] || exit $$exitcode;                \
+       else                                                            \
+               exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode;    \
+       fi
+.else
        @${STEP_MSG} "Creating binary package ${.TARGET}"
        ${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},};      \
        if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then         \
@@ -75,6 +98,7 @@ ${STAGE_PKGFILE}: ${_CONTENTS_TARGETS}
        else                                                            \
                exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode;    \
        fi
+.endif
 
 .if ${_USE_DESTDIR} != "no"
 .if !empty(SIGN_PACKAGES:Mgpg)


Home | Main Index | Thread Index | Old Index