From e49a30b0b1ab797fb4857067345a4d4c74fd063b Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 15 Nov 2016 21:02:28 +0100 Subject: [PATCH] Allow overriding GnuPG home directory Signed-off-by: Jo-Philipp Wich --- phase1/config.ini.example | 1 + phase1/master.cfg | 10 ++++++++-- phase1/signall.sh | 15 +++++++++++---- phase2/config.ini.example | 1 + phase2/master.cfg | 10 ++++++++-- 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/phase1/config.ini.example b/phase1/config.ini.example index c502d13..dcacc5f 100644 --- a/phase1/config.ini.example +++ b/phase1/config.ini.example @@ -29,6 +29,7 @@ source_url = user@example.org::upload-sources source_password = example2 [gpg] +home = ~/.gnupg keyid = 626471F1 passfile = ./gpg-passphrase.txt comment = Unattended build signature diff --git a/phase1/master.cfg b/phase1/master.cfg index 939649d..7740840 100644 --- a/phase1/master.cfg +++ b/phase1/master.cfg @@ -74,10 +74,14 @@ if ini.has_option("rsync", "source_url"): rsync_src_url = ini.get("rsync", "source_url") rsync_src_key = ini.get("rsync", "source_password") +gpg_home = "~/.gnupg" gpg_keyid = None gpg_comment = "Unattended build signature" gpg_passfile = "/dev/null" +if ini.has_option("gpg", "home"): + gpg_home = ini.get("gpg", "home") + if ini.has_option("gpg", "keyid"): gpg_keyid = ini.get("gpg", "keyid") @@ -469,8 +473,10 @@ for target in targets: factory.addStep(MasterShellCommand( name = "signfiles", description = "Signing files", - command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_passfile, gpg_comment], - haltOnFailure = True + command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_comment], + env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile}, + haltOnFailure = True, + logEnviron = False )) factory.addStep(FileDownload( diff --git a/phase1/signall.sh b/phase1/signall.sh index 015470d..d256131 100755 --- a/phase1/signall.sh +++ b/phase1/signall.sh @@ -2,8 +2,7 @@ tarball="$1" keyid="$2" -passfile="$3" -comment="$4" +comment="$3" tmpdir="signall.$$" tarball="$(readlink -f "$tarball")" @@ -13,7 +12,7 @@ finish() { rm -rf "$tmpdir"; exit $1; } trap "finish 255" HUP INT TERM if [ ! -f "$tarball" ]; then - echo "Usage: $0 [ [ []]]" + echo "Usage: [GNUPGHOME=... [PASSFILE=...]] $0 [ []]" finish 1 fi @@ -21,7 +20,15 @@ umask 022 mkdir "$tmpdir" || finish 2 tar -C "$tmpdir/" -xzf "$tarball" || finish 3 -find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4 + +find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg \ + --no-version --batch --yes -a -b \ + ${keyid:+-u "$keyid"} \ + ${comment:+--comment="$comment"} \ + ${GNUPGHOME:+--homedir "$GNUPGHOME"} \ + ${PASSFILE:+--passphrase-file "$PASSFILE"} \ + -o "{}.gpg" "{}" \; || finish 4 + tar -C "$tmpdir/" -czf "$tarball" . || finish 5 finish 0 diff --git a/phase2/config.ini.example b/phase2/config.ini.example index 0ad799b..dae0673 100644 --- a/phase2/config.ini.example +++ b/phase2/config.ini.example @@ -20,6 +20,7 @@ sdk_password = example3 sdk_pattern = lede-sdk-*.tar.xz [gpg] +home = ~/.gnupg keyid = 626471F1 passfile = ./gpg-passphrase.txt comment = Unattended build signature diff --git a/phase2/master.cfg b/phase2/master.cfg index c3e2600..3845854 100644 --- a/phase2/master.cfg +++ b/phase2/master.cfg @@ -79,10 +79,14 @@ if ini.has_option("rsync", "sdk_password"): if ini.has_option("rsync", "sdk_pattern"): rsync_sdk_pat = ini.get("rsync", "sdk_pattern") +gpg_home = "~/.gnupg" gpg_keyid = None gpg_comment = "Unattended build signature" gpg_passfile = "/dev/null" +if ini.has_option("gpg", "home"): + gpg_home = ini.get("gpg", "home") + if ini.has_option("gpg", "keyid"): gpg_keyid = ini.get("gpg", "keyid") @@ -274,8 +278,10 @@ for arch in arches: factory.addStep(MasterShellCommand( name = "signfiles", description = "Signing files", - command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_passfile, gpg_comment], - haltOnFailure = True + command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_comment], + env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile}, + haltOnFailure = True, + logEnviron = False )) factory.addStep(FileDownload( -- 2.30.2