mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2025-04-20 11:16:26 +02:00
WIP: add GnuPG verifications
This commit is contained in:
parent
e07317104e
commit
3a606c50fc
37
debian/create-packages.sh
vendored
37
debian/create-packages.sh
vendored
@ -31,6 +31,14 @@ declare -A ARCHES_DP=(
|
||||
["amd64"]=amd64
|
||||
)
|
||||
|
||||
|
||||
#architecture mapping array linux <-> RPM package control file
|
||||
declare -A ARCHES_FP=(
|
||||
["armv7"]=armhf
|
||||
["aarch64"]=arm64
|
||||
["amd64"]=x86_64
|
||||
)
|
||||
|
||||
echo -e "SRCDIR: ${SRCDIR}"
|
||||
BFFHV=$(grep "Standards-Version: " fabaccess-bffh-src/debian/control | awk -F ' ' '{print $2}')
|
||||
echo -e "BFFH target build version: ${BFFHV}"
|
||||
@ -42,12 +50,14 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
|
||||
ARCH_R=${ARCHES_LR[$ARCH_L]}
|
||||
ARCH_D=${ARCHES_LD[$ARCH_L]}
|
||||
ARCH_P=${ARCHES_DP[$ARCH_L]}
|
||||
ARCH_F=${ARCHES_FP[$ARCH_L]}
|
||||
|
||||
echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
|
||||
echo -e "ARCH_L (Linux) : ${ARCH_L}"
|
||||
echo -e "ARCH_R (Rust) : ${ARCH_R}"
|
||||
echo -e "ARCH_D (Docker Registry) : ${ARCH_D}"
|
||||
echo -e "ARCH_P (Debian Package) : ${ARCH_P}"
|
||||
echo -e "ARCH_P (RPM Package) : ${ARCH_F}"
|
||||
echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
|
||||
|
||||
# remove existing target dir if exists (from possible previous builds)
|
||||
@ -81,15 +91,16 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# build deb archive with signing key; export deb package + debug symbol deb package + deb buildinfo
|
||||
if [[ "${ARCH_L}" == "amd64" ]]; then
|
||||
echo -e "native architecture. no podman required. Building deb + rpm"
|
||||
cd ${SRCDIR}/fabaccess-bffh-${BFFHV}/
|
||||
#dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41 --host-arch "${ARCH_L}" --target-arch "${ARCH_L}"
|
||||
dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41
|
||||
time dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41
|
||||
cd ${SRCDIR}/
|
||||
cp fabaccess-bffh_${BFFHV}_${ARCH_L}.deb /tmp/
|
||||
cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb
|
||||
cp fabaccess-bffh_${BFFHV}_${ARCH_L}.buildinfo ${DOWNLOAD}/
|
||||
cd /tmp/
|
||||
sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_L}.deb
|
||||
sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb
|
||||
@ -115,20 +126,21 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
|
||||
#test the container
|
||||
sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "echo"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "Error creating or attaching to container 'fabinfra_deb_"${ARCH_L}"'. You might need to re-run 'install-requirements.sh'."
|
||||
echo -e "Error creating or attaching to container 'fabinfra_deb_"${ARCH_L}"'. You might need to re-run 'install-requirements.sh' or reboot system (due to possibly happened library upgrades in the meantime)."
|
||||
sudo podman logs fabinfra_deb_${ARCH_L}
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# now attach to that container and start building the packages
|
||||
#sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash
|
||||
sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "
|
||||
apt update && apt upgrade;
|
||||
time sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "
|
||||
apt update && apt upgrade -y;
|
||||
cd /srcdir/fabaccess-bffh-${BFFHV}/;
|
||||
dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41;
|
||||
cd /srcdir/;
|
||||
cp fabaccess-bffh_${BFFHV}_${ARCH_P}.deb /tmp/;
|
||||
cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb;
|
||||
cp fabaccess-bffh_${BFFHV}_${ARCH_P}.buildinfo /download/;
|
||||
cd /tmp/;
|
||||
alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb;
|
||||
alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb;
|
||||
@ -141,6 +153,21 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
|
||||
# free up resources
|
||||
sudo podman stop fabinfra_deb_${ARCH_L}
|
||||
fi
|
||||
|
||||
echo -e "Signing deb files with gpg (AFTER rpm creation) to allow verification for the users who are going to install later (creating sig + asc) ..."
|
||||
gpg --yes --output ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig --detach-sig ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb
|
||||
gpg --yes --output ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig --detach-sig ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb
|
||||
gpg --yes --enarmor ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig
|
||||
gpg --yes --enarmor ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig
|
||||
|
||||
echo -e "Verifying DEB signatures ..."
|
||||
gpg --verify ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig.asc ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb
|
||||
gpg --verify ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig.asc ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb
|
||||
|
||||
echo -e "Verifying RPM signatures ..."
|
||||
rpm --verbose --checksig ${DOWNLOAD}/fabaccess-bffh-${BFFHV}-1.${ARCH_F}.rpm
|
||||
rpm --verbose --checksig ${DOWNLOAD}/fabaccess-bffh-dbgsym-${BFFHV}-1.${ARCH_F}.rpm
|
||||
|
||||
done
|
||||
|
||||
echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user