Browse Source

save release and package name in build report, rename build report to package-build.assert

tags/0.1
devrandom 9 years ago
parent
commit
1233d278d6
3 changed files with 34 additions and 8 deletions
  1. 12
    2
      bin/gsign
  2. 16
    5
      bin/gverify
  3. 6
    1
      doc/NOTES

+ 12
- 2
bin/gsign View File

@@ -63,15 +63,25 @@ package_name = sanitize(package_name, "package name")
result_file = "#{package_name}-res.yml"
result_path = File.join(result_dir, result_file)
File.exists?(result_path) or raise "#{result_path} does not exist"
result = YAML.load_file(result_path)

destination = @options[:destination] || File.join(base_dir, "sigs", package_name)
release = @options[:release] || "current"
release = @options[:release] || "test"
release = sanitize(release, "release")

result['release'] = release
result['name'] = package_name
result['type'] = 'build'

signer = @options[:signer] or raise "must supply signer with --signer"

FileUtils.mkdir_p(destination)

release_path = File.join(destination, release, signer)
FileUtils.mkdir_p(release_path)
assert_path = File.join(release_path, "#{package_name}-build.assert")
File.open(assert_path, "w") do |io|
io.write result.to_yaml
end
FileUtils.cp(result_path, release_path)
system!("gpg --detach-sign -u \"#{signer}\" -o \"#{release_path}/signature.pgp\" #{result_path}")
system!("gpg --detach-sign -u \"#{signer}\" #{assert_path}")

+ 16
- 5
bin/gverify View File

@@ -63,9 +63,8 @@ release_path = File.join(destination, release)

File.exists?(release_path) or raise "#{release_path} does not exist"

result_file = "#{package_name}-res.yml"

#system!("gpg --detach-sign -u #{signer} -o #{release_path}/signature.pgp #{result_path}")
result_file = "#{package_name}-build.assert"
sig_file = "#{result_file}.sig"

current_manifest = nil

@@ -76,9 +75,21 @@ Dir.foreach(release_path) do |signer_dir|
signer_path = sanitize_path(File.join(release_path, signer_dir), "signer path")
next if !File.directory?(signer_path)
result_path = sanitize_path(File.join(signer_path, result_file), "result path")
sig_path = sanitize_path(File.join(signer_path, sig_file), "result path")

if !File.exist?(result_path)
puts "missing result at #{result_path}"
next
end

if !File.exist?(sig_path)
puts "missing signature at #{sig_path}"
next
end

result = YAML.load_file(result_path)
system("gpg --keyserver pgp.mit.edu --recv-keys `gpg --quiet --batch --verify \"#{File.join(signer_path, 'signature.pgp')}\" \"#{result_path}\" 2>&1 | head -n1 | grep \"key ID\" | awk '{ print $15 }'` > /dev/null 2>&1")
out = `gpg --quiet --batch --verify \"#{File.join(signer_path, 'signature.pgp')}\" \"#{result_path}\" 2>&1`
out = `gpg --quiet --batch --verify \"#{sig_path}\" \"#{result_path}\" 2>&1`
if $? != 0
out.each do |line|
if line =~ /^gpg: Signature made/
@@ -89,7 +100,7 @@ Dir.foreach(release_path) do |signer_dir|
end
puts "#{signer_dir}: BAD SIGNATURE"
did_fail = true
elsif current_manifest and result['out_manifest'] != current_manifest
elsif current_manifest and (result['out_manifest'] != current_manifest or result['release'] != release or result['name'] != package_name)
out.each do |line|
if line =~ /^gpg: Signature made/
info(line)

+ 6
- 1
doc/NOTES View File

@@ -1,5 +1,10 @@
Downloader

* incremental update of dest directory
* check version #
* check that manifest exists
* check version # increases
* overwrite existing files (optionally balk if sha256sum changed)
* remove files that are in manifest and not in new version
* remove empty dirs as result of previous action
* save version in manifest
* json

Loading…
Cancel
Save