summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Lamb <lamby@debian.org>2016-10-28 18:18:19 +0100
committerHolger Levsen <holger@layer-acht.org>2016-10-31 22:29:29 +0100
commit8bdd5bb476e3e4952bb3d6b79ae5fd446cb72b89 (patch)
treee4c43a26c15d311af70faeb2e1e096bec700ba4f
parentc1294524086e363851b548313038c1ea4457966f (diff)
downloadjenkins.debian.net-8bdd5bb476e3e4952bb3d6b79ae5fd446cb72b89.tar.xz
reproducible Debian: submit signed .buildinfo files to buildinfo.debian.net
Signed-off-by: Holger Levsen <holger@layer-acht.org>
-rwxr-xr-xbin/reproducible_build.sh29
1 files changed, 27 insertions, 2 deletions
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index 750dcc8d..3ea3eab4 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -773,6 +773,30 @@ check_buildinfo() {
rm -f $TMPFILE1 $TMPFILE2
}
+sign_buildinfo() {
+ # Greate GPG key if it does not already exist
+ if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1
+ then
+ log_info "Generating GPG key"
+
+ gpg --batch --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 4096
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: $(hostname -f)
+Name-Comment: Automatically generated key
+Expire-Date: 0
+%no-ask-passphrase
+%commit
+EOF
+ fi
+
+ log_info "Signing $BUILDINFO as $BUILDINFO_SIGNED"
+ gpg --output=$BUILDINFO_SIGNED --clearsign $BUILDINFO
+ log_info "Signed $BUILDINFO as $BUILDINFO_SIGNED"
+}
+
share_buildinfo() {
# Submit the -buildinfo files to third-party archives:
log_info "Submitting .buildinfo files to external archives."
@@ -781,8 +805,8 @@ share_buildinfo() {
mail -s "buildinfo from $NODE1" submit@buildinfo.kfreebsd.eu < ./b1/$BUILDINFO || true
mail -s "buildinfo from $NODE2" submit@buildinfo.kfreebsd.eu < ./b2/$BUILDINFO || true
# buildinfo.debian.net administred by Chris Lamb <lamby@debian.org>
- curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE1" < ./b1/$BUILDINFO || true
- curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE2" < ./b2/$BUILDINFO || true
+ curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE1" < ./b1/$BUILDINFO_SIGNED || true
+ curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE2" < ./b2/$BUILDINFO_SIGNED || true
log_info "Done submitting .buildinfo files."
}
@@ -848,6 +872,7 @@ elif [ "$1" = "1" ] || [ "$1" = "2" ] ; then
else
second_build
fi
+ sign_buildinfo
echo "$(date -u) - build #$MODE for $SRCPACKAGE/$SUITE/$ARCH on $HOSTNAME done."
exit 0
elif [ "$2" != "" ] ; then