rsync_defopts = ["-4", "-v", "--timeout=120", "--contimeout=20"]
-gpg_key = None
-gpg_passphrase = None
-gpg_comment = repo_branch.replace("-", " ").title() + " key"
-
-if ini.has_option("gpg", "key"):
- gpg_key = ini.get("gpg", "key")
-
-if ini.has_option("gpg", "passphrase"):
- gpg_passphrase = ini.get("gpg", "passphrase")
-
-if ini.has_option("gpg", "comment"):
- gpg_comment = ini.get("gpg", "comment")
-
usign_key = None
usign_comment = "untrusted comment: " + repo_branch.replace("-", " ").title() + " key"
))
# sign
- if gpg_key is not None or usign_key is not None:
+ if ini.has_option("gpg", "key") or usign_key is not None:
factory.addStep(MasterShellCommand(
name = "signprepare",
description = "Preparing temporary signing directory",
name = "signfiles",
description = "Signing files",
command = ["%s/signall.sh" %(scripts_dir), "%s/signing/%s.%s.tar.gz" %(work_dir, ts[0], ts[1])],
- env = {
- 'GPGKEY': gpg_key,
- 'GPGPASS': gpg_passphrase,
- 'GPGCOMMENT': gpg_comment,
- 'USIGNKEY': usign_key,
- 'USIGNCOMMENT': usign_comment
- },
+ env = { 'CONFIG_INI': os.getenv("BUILDMASTER_CONFIG", "./config.ini") },
haltOnFailure = True
))
if ini.has_option("repo", "branch"):
repo_branch = ini.get("repo", "branch")
-gpg_key = None
-gpg_passphrase = None
-gpg_comment = repo_branch.replace("-", " ").title() + " key"
-
-if ini.has_option("gpg", "key"):
- gpg_key = ini.get("gpg", "key")
-
-if ini.has_option("gpg", "passphrase"):
- gpg_passphrase = ini.get("gpg", "passphrase")
-
-if ini.has_option("gpg", "comment"):
- gpg_comment = ini.get("gpg", "comment")
-
usign_key = None
usign_comment = "untrusted comment: " + repo_branch.replace("-", " ").title() + " key"
workdir = "build/sdk",
command = "./scripts/feeds list -s -f > bin/packages/%s/feeds.conf" %(arch[0])))
- if gpg_key is not None or usign_key is not None:
+ if ini.has_option("gpg", "key") or usign_key is not None:
factory.addStep(MasterShellCommand(
name = "signprepare",
description = "Preparing temporary signing directory",
name = "signfiles",
description = "Signing files",
command = ["%s/signall.sh" %(scripts_dir), "%s/signing/%s.tar.gz" %(work_dir, arch[0])],
- env = {
- 'GPGKEY': gpg_key,
- 'GPGPASS': gpg_passphrase,
- 'GPGCOMMENT': gpg_comment,
- 'USIGNKEY': usign_key,
- 'USIGNCOMMENT': usign_comment
- },
+ env = { 'CONFIG_INI': os.getenv("BUILDMASTER_CONFIG", "./config.ini") },
haltOnFailure = True
))
finish() { rm -rf "$tmpdir"; exit $1; }
+iniget() {
+ local file="$1" section="$2" option="$3"
+
+ sed -rne '
+ /\['"$section"'\]/,$ {
+ /^[ \t]*'"$option"'[ \t]*=[ \t]*/ {
+ s/^[^=]+=[ \t]*//; h;
+ :c; n;
+ /^([ \t]|$)/ {
+ s/^[ \t]+//; H;
+ b c
+ };
+ x; p; q
+ }
+ }
+ ' "$file" | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}'
+}
+
trap "finish 255" HUP INT TERM
-if [ ! -f "$tarball" ]; then
- echo "Usage: [GPGKEY=... [GPGCOMMENT=... [GPGPASS=...]]] [USIGNKEY=... [USIGNCOMMENT=...]] $0 <tarball>" >&2
+if [ ! -f "$tarball" ] || [ ! -f "${CONFIG_INI:-config.ini}" ]; then
+ echo "Usage: [CONFIG_INI=...] $0 <tarball>" >&2
finish 1
fi
*\ 2.*) loopback=1 ;;
esac
+GPGKEY="$(iniget "${CONFIG_INI:-config.ini}" gpg key)"
+GPGPASS="$(iniget "${CONFIG_INI:-config.ini}" gpg passphrase)"
+GPGCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" gpg comment)"
+
+USIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" usign key)"
+USIGNCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" usign comment)"
+
if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then
umask 077
echo "$GPGPASS" > "$tmpdir/gpg.pass"
-o "{}.asc" "{}" \; || finish 4
fi
-USIGNID="$(echo "$USIGNKEY" | base64 -d -i | dd bs=1 skip=32 count=8 2>/dev/null | od -v -t x1 | sed -rne 's/^0+ //p' | tr -d ' ')"
+if [ -n "$USIGNKEY" ]; then
+ USIGNID="$(echo "$USIGNKEY" | base64 -d -i | dd bs=1 skip=32 count=8 2>/dev/null | od -v -t x1 | sed -rne 's/^0+ //p' | tr -d ' ')"
+
+ if ! echo "$USIGNID" | grep -qxE "[0-9a-f]{16}"; then
+ echo "Invalid usign key specified" >&2
+ finish 5
+ fi
-if echo "$USIGNID" | grep -qxE "[0-9a-f]{16}"; then
umask 077
printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key"
projects / buildbot.git / commitdiff