tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [patch] Building signed packages directly
[re-sending because apparently gmane lost it in the recent outage]
On 31/03/2014 17:54, Joerg Sonnenberger wrote:
> On Mon, Mar 31, 2014 at 04:50:33PM +0200, Pierre Pronchery wrote:
>> The patch also updates mk/pkgformat/pkg/package.mk to create signed
>> packages, copying the staging unsigned package directly as a signed one
>> thanks to pkg_admin(1).
>
> Don't duplicate the target, just operate on the intermediate package
> directly.
Is this new patch better?
Thanks,
--
khorben
commit f67a82dc936faa79a9dea153dd2ff43e9ca1d857
Author: Pierre Pronchery <khorben%EdgeBSD.org@localhost>
Date: Wed Mar 26 14:28:02 2014 +0100
Added support for creating signed binary packages directly
diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
index 2e42e86..d00bcc4 100644
--- a/mk/defaults/mk.conf
+++ b/mk/defaults/mk.conf
@@ -61,7 +61,7 @@ GZIP?= -9
# Default: yes
SIGN_PACKAGES= gpg
-# sign the packages generated (when supported) with the method specified.
+# sign the packages generated with the method specified.
# Possible: gpg, x509, not defined
# Default: gpg
@@ -86,6 +86,21 @@ SIGN_PACKAGES= gpg
# Possible: defined, not defined
# Default: not defined
+#SIGN_PACKAGES=
+# sign the packages generated (when supported) with the method specified.
+# Possible: gpg, x509, not defined
+# Default: not defined
+
+#X509_KEY=
+# key to use when signing packages with an X509 certificate.
+# Possible: pathname to the key file, not defined
+# Default: not defined
+
+#X509_CERTIFICATE=
+# certificate to use when signing packages with an X509 certificate.
+# Possible: pathname to the X509 certificate, not defined
+# Default: not defined
+
.if defined(PKG_DEVELOPER) && ${PKG_DEVELOPER} != "no"
PATCH_DEBUG?=
.endif
diff --git a/mk/pkgformat/pkg/package.mk b/mk/pkgformat/pkg/package.mk
index 3a0175b..6de8501 100644
--- a/mk/pkgformat/pkg/package.mk
+++ b/mk/pkgformat/pkg/package.mk
@@ -68,6 +68,29 @@ _PKG_ARGS_PACKAGE+= -E
${STAGE_PKGFILE}: ${_CONTENTS_TARGETS}
${RUN} ${MKDIR} ${.TARGET:H}
+.if !empty(SIGN_PACKAGES:Mgpg)
+ @${STEP_MSG} "Creating signed binary package ${.TARGET}"
+ ${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},}; \
+ if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then \
+ ${PKG_ADMIN} gpg-sign-package "$$tmpname" ${.TARGET}; \
+ exitcode=$$?; \
+ ${RM} -f "$$tmpname"; \
+ [ $$exitcode -eq 0 ] || exit $$exitcode; \
+ else \
+ exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode; \
+ fi
+.elif !empty(SIGN_PACKAGES:Mx509)
+ @${STEP_MSG} "Creating signed binary package ${.TARGET}"
+ ${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},}; \
+ if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then \
+ ${PKG_ADMIN} x509-sign-package "$$tmpname" ${.TARGET}; \
+ exitcode=$$?; \
+ ${RM} -f "$$tmpname"; \
+ [ $$exitcode -eq 0 ] || exit $$exitcode; \
+ else \
+ exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode; \
+ fi
+.else
@${STEP_MSG} "Creating binary package ${.TARGET}"
${RUN} tmpname=${.TARGET:S,${PKG_SUFX}$,.tmp${PKG_SUFX},}; \
if ${PKG_CREATE} ${_PKG_ARGS_PACKAGE} "$$tmpname"; then \
@@ -75,6 +98,7 @@ ${STAGE_PKGFILE}: ${_CONTENTS_TARGETS}
else \
exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode; \
fi
+.endif
.if ${_USE_DESTDIR} != "no"
.if !empty(SIGN_PACKAGES:Mgpg)
Home |
Main Index |
Thread Index |
Old Index