|
|
@ -63,9 +63,8 @@ release_path = File.join(destination, release)
|
|
|
|
|
|
|
|
|
|
|
|
File.exists?(release_path) or raise "#{release_path} does not exist"
|
|
|
|
File.exists?(release_path) or raise "#{release_path} does not exist"
|
|
|
|
|
|
|
|
|
|
|
|
result_file = "#{package_name}-res.yml"
|
|
|
|
result_file = "#{package_name}-build.assert"
|
|
|
|
|
|
|
|
sig_file = "#{result_file}.sig"
|
|
|
|
#system!("gpg --detach-sign -u #{signer} -o #{release_path}/signature.pgp #{result_path}")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
current_manifest = nil
|
|
|
|
current_manifest = nil
|
|
|
|
|
|
|
|
|
|
|
@ -76,9 +75,21 @@ Dir.foreach(release_path) do |signer_dir|
|
|
|
|
signer_path = sanitize_path(File.join(release_path, signer_dir), "signer path")
|
|
|
|
signer_path = sanitize_path(File.join(release_path, signer_dir), "signer path")
|
|
|
|
next if !File.directory?(signer_path)
|
|
|
|
next if !File.directory?(signer_path)
|
|
|
|
result_path = sanitize_path(File.join(signer_path, result_file), "result path")
|
|
|
|
result_path = sanitize_path(File.join(signer_path, result_file), "result path")
|
|
|
|
|
|
|
|
sig_path = sanitize_path(File.join(signer_path, sig_file), "result path")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !File.exist?(result_path)
|
|
|
|
|
|
|
|
puts "missing result at #{result_path}"
|
|
|
|
|
|
|
|
next
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !File.exist?(sig_path)
|
|
|
|
|
|
|
|
puts "missing signature at #{sig_path}"
|
|
|
|
|
|
|
|
next
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
result = YAML.load_file(result_path)
|
|
|
|
result = YAML.load_file(result_path)
|
|
|
|
system("gpg --keyserver pgp.mit.edu --recv-keys `gpg --quiet --batch --verify \"#{File.join(signer_path, 'signature.pgp')}\" \"#{result_path}\" 2>&1 | head -n1 | grep \"key ID\" | awk '{ print $15 }'` > /dev/null 2>&1")
|
|
|
|
system("gpg --keyserver pgp.mit.edu --recv-keys `gpg --quiet --batch --verify \"#{File.join(signer_path, 'signature.pgp')}\" \"#{result_path}\" 2>&1 | head -n1 | grep \"key ID\" | awk '{ print $15 }'` > /dev/null 2>&1")
|
|
|
|
out = `gpg --quiet --batch --verify \"#{File.join(signer_path, 'signature.pgp')}\" \"#{result_path}\" 2>&1`
|
|
|
|
out = `gpg --quiet --batch --verify \"#{sig_path}\" \"#{result_path}\" 2>&1`
|
|
|
|
if $? != 0
|
|
|
|
if $? != 0
|
|
|
|
out.each do |line|
|
|
|
|
out.each do |line|
|
|
|
|
if line =~ /^gpg: Signature made/
|
|
|
|
if line =~ /^gpg: Signature made/
|
|
|
@ -89,7 +100,7 @@ Dir.foreach(release_path) do |signer_dir|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
puts "#{signer_dir}: BAD SIGNATURE"
|
|
|
|
puts "#{signer_dir}: BAD SIGNATURE"
|
|
|
|
did_fail = true
|
|
|
|
did_fail = true
|
|
|
|
elsif current_manifest and result['out_manifest'] != current_manifest
|
|
|
|
elsif current_manifest and (result['out_manifest'] != current_manifest or result['release'] != release or result['name'] != package_name)
|
|
|
|
out.each do |line|
|
|
|
|
out.each do |line|
|
|
|
|
if line =~ /^gpg: Signature made/
|
|
|
|
if line =~ /^gpg: Signature made/
|
|
|
|
info(line)
|
|
|
|
info(line)
|
|
|
|