summaryrefslogtreecommitdiffstats
path: root/scripts/libmakepkg/integrity
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2017-04-17 10:30:05 +0200
committerAllan McRae <allan@archlinux.org>2017-05-08 10:53:53 +0200
commitc6b04c04653ba9933fe978829148312e412a9ea7 (patch)
treec70702eba703754b94ec540ad7bb53d5fc8044e5 /scripts/libmakepkg/integrity
parentc0a5884b186c9e0e5c54e8515d0982fcba134073 (diff)
downloadpacman-c6b04c04653ba9933fe978829148312e412a9ea7.tar.gz
pacman-c6b04c04653ba9933fe978829148312e412a9ea7.tar.xz
makepkg: create signature files outside of fakeroot
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/integrity')
-rw-r--r--scripts/libmakepkg/integrity/generate_signature.sh.in34
1 files changed, 31 insertions, 3 deletions
diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in
index 060ae344..6d65d82d 100644
--- a/scripts/libmakepkg/integrity/generate_signature.sh.in
+++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
@@ -27,11 +27,10 @@ source "$LIBRARY/util/message.sh"
create_signature() {
if [[ $SIGNPKG != 'y' ]]; then
- return
+ return 0
fi
local ret=0
local filename="$1"
- msg "$(gettext "Signing package...")"
local SIGNWITHKEY=""
if [[ -n $GPGKEY ]]; then
@@ -42,8 +41,37 @@ create_signature() {
if (( ! ret )); then
- msg2 "$(gettext "Created signature file %s.")" "$filename.sig"
+ msg2 "$(gettext "Created signature file %s.")" "${filename##*/}.sig"
else
warning "$(gettext "Failed to sign package file.")"
fi
+
+ return $ret
+}
+
+create_package_signatures() {
+ local pkgarch pkg_file
+ local pkgname_backup=("${pkgname[@]}")
+ local fullver=$(get_full_version)
+
+ msg "$(gettext "Signing package(s)...")"
+
+ for pkgname in ${pkgname_backup[@]}; do
+ pkgarch=$(get_pkg_arch $pkgname)
+ pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
+
+ create_signature "$pkg_file"
+ done
+
+ # check if debug package needs a signature
+ if ! check_option "debug" "y" || ! check_option "strip" "y"; then
+ return
+ fi
+
+ pkgname=$pkgbase-@DEBUGSUFFIX@
+ pkgarch=$(get_pkg_arch)
+ pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
+ create_signature "$pkg_file"
+
+ pkgname=("${pkgname_backup[@]}")
}