diff options
| author | Chris Lamb <lamby@debian.org> | 2016-10-28 18:18:19 +0100 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2016-10-31 22:29:29 +0100 |
| commit | 8bdd5bb476e3e4952bb3d6b79ae5fd446cb72b89 (patch) | |
| tree | e4c43a26c15d311af70faeb2e1e096bec700ba4f | |
| parent | c1294524086e363851b548313038c1ea4457966f (diff) | |
| download | jenkins.debian.net-8bdd5bb476e3e4952bb3d6b79ae5fd446cb72b89.tar.xz | |
reproducible Debian: submit signed .buildinfo files to buildinfo.debian.net
Signed-off-by: Holger Levsen <holger@layer-acht.org>
| -rwxr-xr-x | bin/reproducible_build.sh | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh index 750dcc8d..3ea3eab4 100755 --- a/bin/reproducible_build.sh +++ b/bin/reproducible_build.sh @@ -773,6 +773,30 @@ check_buildinfo() { rm -f $TMPFILE1 $TMPFILE2 } +sign_buildinfo() { + # Greate GPG key if it does not already exist + if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1 + then + log_info "Generating GPG key" + + gpg --batch --gen-key <<EOF +Key-Type: RSA +Key-Length: 4096 +Subkey-Type: ELG-E +Subkey-Length: 1024 +Name-Real: $(hostname -f) +Name-Comment: Automatically generated key +Expire-Date: 0 +%no-ask-passphrase +%commit +EOF + fi + + log_info "Signing $BUILDINFO as $BUILDINFO_SIGNED" + gpg --output=$BUILDINFO_SIGNED --clearsign $BUILDINFO + log_info "Signed $BUILDINFO as $BUILDINFO_SIGNED" +} + share_buildinfo() { # Submit the -buildinfo files to third-party archives: log_info "Submitting .buildinfo files to external archives." @@ -781,8 +805,8 @@ share_buildinfo() { mail -s "buildinfo from $NODE1" submit@buildinfo.kfreebsd.eu < ./b1/$BUILDINFO || true mail -s "buildinfo from $NODE2" submit@buildinfo.kfreebsd.eu < ./b2/$BUILDINFO || true # buildinfo.debian.net administred by Chris Lamb <lamby@debian.org> - curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE1" < ./b1/$BUILDINFO || true - curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE2" < ./b2/$BUILDINFO || true + curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE1" < ./b1/$BUILDINFO_SIGNED || true + curl -X PUT --max-time 30 --data-binary @- "http://buildinfo.debian.net/api/submit?node=$NODE2" < ./b2/$BUILDINFO_SIGNED || true log_info "Done submitting .buildinfo files." } @@ -848,6 +872,7 @@ elif [ "$1" = "1" ] || [ "$1" = "2" ] ; then else second_build fi + sign_buildinfo echo "$(date -u) - build #$MODE for $SRCPACKAGE/$SUITE/$ARCH on $HOSTNAME done." exit 0 elif [ "$2" != "" ] ; then |