From: Petr Štetiar Date: Sat, 28 Sep 2024 12:22:35 +0000 (+0000) Subject: scripts: signall: fix wrong GPG signature on apk packages.adb index X-Git-Tag: v19~5 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=75930d3a890b1f4f4c3df153331a22f60d7429a9;p=buildbot.git scripts: signall: fix wrong GPG signature on apk packages.adb index Currently the GPG signature verification of apk's packages.adb index fails as the file is modified with `apk adbsign` after its GPG signed. So lets fix it by moving the `apk adbsign` before the GPG signing step. Fixes: a94d4e15fdc1 ("add APK signing logic") Signed-off-by: Petr Štetiar --- diff --git a/scripts/signall.sh b/scripts/signall.sh index c15c9f2..2159349 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -71,6 +71,15 @@ USIGNCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "usign_comme APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "apk_key")" fi +if [ -n "$APKSIGNKEY" ]; then + umask 077 + echo "$APKSIGNKEY" > "$tmpdir/apk.pem" + + umask 022 + find "$tmpdir/tar/" -type f -name "packages.adb" -exec \ + "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6 +fi + if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then umask 077 echo "$GPGPASS" > "$tmpdir/gpg.pass" @@ -105,15 +114,6 @@ if [ -n "$USIGNKEY" ]; then signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5 fi -if [ -n "$APKSIGNKEY" ]; then - umask 077 - echo "$APKSIGNKEY" > "$tmpdir/apk.pem" - - umask 022 - find "$tmpdir/tar/" -type f -name "packages.adb" -exec \ - "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6 -fi - tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6 finish 0