Add support for GPG signing builds

2014-01-30 16:36:47 -05:00 · 2014-01-30 16:36:47 -05:00 · 7a0676a001
commit 7a0676a001
parent 31b11a7512
4 changed files with 13 additions and 1 deletions
--- a/fedostree/products.json
+++ b/fedostree/products.json
@ -3,6 +3,8 @@

    "osname": "fedostree",
    "repo": "http://rpm-ostree.cloud.fedoraproject.org/repo",
+    
+    "gpg_key": "843833DF",

    "architectures": ["x86_64"],

--- a/src/autobuilder/js/tasks/task-build.js
+++ b/src/autobuilder/js/tasks/task-build.js
@ -86,6 +86,13 @@ const TaskBuild = new Lang.Class({
 	argv.push.apply(argv, bootstrapBase.map(function (a) { return '--bootstrap-package=' + a; }));
 	argv.push.apply(argv, repos.map(function (a) { return '--enablerepo=' + a; }));
 	argv.push.apply(argv, postprocessSteps.map(function (a) { return '--post=' + a; }));
+
+	let keyId = this._productData['gpg_key'];
+	if (keyId) {
+	    print("Signing using " + keyId);
+	    argv.push('--gpg-sign=' + keyId);
+	}
+
 	argv.push.apply(argv, ['create', ref]);
 	argv.push.apply(argv, packages);
 	let productNameUnix = ref.replace(/\//g, '_');
--- a/src/rpm-ostree.c
+++ b/src/rpm-ostree.c
@ -32,6 +32,7 @@ static char *opt_workdir;
 static char **opt_bootstrap_packages;
 static char **opt_internal_postprocessing;
 static char **opt_external_postprocessing;
+static char *opt_gpg_sign;

 static GOptionEntry option_entries[] = {
  { "bootstrap-package", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_bootstrap_packages, "Install this package first", "PACKAGE" },
@ -39,6 +40,7 @@ static GOptionEntry option_entries[] = {
  { "workdir", 0, 0, G_OPTION_ARG_STRING, &opt_workdir, "Working directory", "REPO" },
  { "post", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_internal_postprocessing, "Run this builtin postprocessing step before commit", "NAME" },
  { "xpost", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_external_postprocessing, "Run this external script on rootfs before committing", "PATH" },
+  { "gpg-sign", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_sign, "Sign commits with thiskey", "KEYID" },
  { NULL }
 };

@ -653,7 +655,7 @@ main (int     argc,
    if (!ostree_repo_open (repo, cancellable, error))
      goto out;

-    if (!rpmostree_commit (yumroot, repo, ref, NULL,
+    if (!rpmostree_commit (yumroot, repo, ref, opt_gpg_sign,
                           cancellable, error))
      goto out;

--- a/src/rpmostree-postprocess.c
+++ b/src/rpmostree-postprocess.c
@ -664,6 +664,7 @@ rpmostree_commit (GFile         *rootfs,

  if (gpg_keyid)
    {
+      g_print ("Signing commit %s with key %s\n", new_revision, gpg_keyid);
      if (!ostree_repo_sign_commit (repo, new_revision, gpg_keyid, NULL,
                                    cancellable, error))
        goto out;