projects / buildbot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5c7fd6)
Allow overriding GnuPG home directory
authorJo-Philipp Wich <jo@mein.io>
Tue, 15 Nov 2016 20:02:28 +0000 (21:02 +0100)
committerJo-Philipp Wich <jo@mein.io>
Tue, 15 Nov 2016 20:02:28 +0000 (21:02 +0100)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
phase1/config.ini.example patch | blob | history
phase1/master.cfg patch | blob | history
phase1/signall.sh patch | blob | history
phase2/config.ini.example patch | blob | history
phase2/master.cfg patch | blob | history

diff --git a/phase1/config.ini.example b/phase1/config.ini.example
index c502d139fd3a0566030fc15eba30545e0ad97be6..dcacc5fcf594db1e8574ba0ad9ddf8fb0af7befb 100644 (file)
--- a/phase1/config.ini.example
+++ b/phase1/config.ini.example
@@ -29,6 +29,7 @@ source_url = user@example.org::upload-sources
 source_password = example2
 
 [gpg]
+home = ~/.gnupg
 keyid = 626471F1
 passfile = ./gpg-passphrase.txt
 comment = Unattended build signature
diff --git a/phase1/master.cfg b/phase1/master.cfg
index 939649dd70529e4df84fcb369531b100ab9ea97f..7740840d2283f7412b88fffff4918f5cd29e1e3a 100644 (file)
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -74,10 +74,14 @@ if ini.has_option("rsync", "source_url"):
        rsync_src_url = ini.get("rsync", "source_url")
        rsync_src_key = ini.get("rsync", "source_password")
 
+gpg_home = "~/.gnupg"
 gpg_keyid = None
 gpg_comment = "Unattended build signature"
 gpg_passfile = "/dev/null"
 
+if ini.has_option("gpg", "home"):
+       gpg_home = ini.get("gpg", "home")
+
 if ini.has_option("gpg", "keyid"):
        gpg_keyid = ini.get("gpg", "keyid")
 
@@ -469,8 +473,10 @@ for target in targets:
                factory.addStep(MasterShellCommand(
                        name = "signfiles",
                        description = "Signing files",
-                       command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_passfile, gpg_comment],
-                       haltOnFailure = True
+                       command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_comment],
+                       env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile},
+                       haltOnFailure = True,
+                       logEnviron = False
                ))
 
                factory.addStep(FileDownload(
diff --git a/phase1/signall.sh b/phase1/signall.sh
index 015470dd45ef59628228f64054c2617f954b0a9a..d256131623a3372a76a275172a3dd52dbfc57419 100755 (executable)
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -2,8 +2,7 @@
 
 tarball="$1"
 keyid="$2"
-passfile="$3"
-comment="$4"
+comment="$3"
 
 tmpdir="signall.$$"
 tarball="$(readlink -f "$tarball")"
@@ -13,7 +12,7 @@ finish() { rm -rf "$tmpdir"; exit $1; }
 trap "finish 255" HUP INT TERM
 
 if [ ! -f "$tarball" ]; then
-       echo "Usage: $0 <tarball> [<keyid> [<passfile> [<comment>]]]"
+       echo "Usage: [GNUPGHOME=... [PASSFILE=...]] $0 <tarball> [<keyid> [<comment>]]"
        finish 1
 fi
 
@@ -21,7 +20,15 @@ umask 022
 
 mkdir "$tmpdir" || finish 2
 tar -C "$tmpdir/" -xzf "$tarball" || finish 3
-find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4
+
+find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg \
+       --no-version --batch --yes -a -b \
+       ${keyid:+-u "$keyid"} \
+       ${comment:+--comment="$comment"} \
+       ${GNUPGHOME:+--homedir "$GNUPGHOME"} \
+       ${PASSFILE:+--passphrase-file "$PASSFILE"} \
+       -o "{}.gpg" "{}" \; || finish 4
+
 tar -C "$tmpdir/" -czf "$tarball" . || finish 5
 
 finish 0
diff --git a/phase2/config.ini.example b/phase2/config.ini.example
index 0ad799b45f7e244259d509c8c82ddba1f6e5b008..dae0673bb79d267e73c63588363ed750bf8efeb6 100644 (file)
--- a/phase2/config.ini.example
+++ b/phase2/config.ini.example
@@ -20,6 +20,7 @@ sdk_password = example3
 sdk_pattern = lede-sdk-*.tar.xz
 
 [gpg]
+home = ~/.gnupg
 keyid = 626471F1
 passfile = ./gpg-passphrase.txt
 comment = Unattended build signature
diff --git a/phase2/master.cfg b/phase2/master.cfg
index c3e2600c463f626e775890aab6c9c5e95622dcaf..3845854d2bbe35975efc4e87ad2e73dc2efdb255 100644 (file)
--- a/phase2/master.cfg
+++ b/phase2/master.cfg
@@ -79,10 +79,14 @@ if ini.has_option("rsync", "sdk_password"):
 if ini.has_option("rsync", "sdk_pattern"):
        rsync_sdk_pat = ini.get("rsync", "sdk_pattern")
 
+gpg_home = "~/.gnupg"
 gpg_keyid = None
 gpg_comment = "Unattended build signature"
 gpg_passfile = "/dev/null"
 
+if ini.has_option("gpg", "home"):
+       gpg_home = ini.get("gpg", "home")
+
 if ini.has_option("gpg", "keyid"):
        gpg_keyid = ini.get("gpg", "keyid")
 
@@ -274,8 +278,10 @@ for arch in arches:
                factory.addStep(MasterShellCommand(
                        name = "signfiles",
                        description = "Signing files",
-                       command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_passfile, gpg_comment],
-                       haltOnFailure = True
+                       command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_comment],
+                       env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile},
+                       haltOnFailure = True,
+                       logEnviron = False
                ))
 
                factory.addStep(FileDownload(
LEDE buildbot configuration