+ echo -n "============================== End $COMMAND:run_log on $(date)"
+}
+
+function in_root_context () {
+ rpm -q util-vserver > /dev/null
+}
+
+# this part won't work if WEBHOST does not match the local host
+# would need to be made webpublish_* compliant
+# but do we really need this feature anyway ?
+function sign_node_packages () {
+
+ echo "Signing node packages"
+
+ need_createrepo=""
+
+ repository=$WEBPATH/$BASE/RPMS/
+ # the rpms that need signing
+ new_rpms=
+ # and the corresponding stamps
+ new_stamps=
+
+ for package in $(find $repository/ -name '*.rpm') ; do
+ stamp=$repository/signed-stamps/$(basename $package).signed
+ # If package is newer than signature stamp
+ if [ $package -nt $stamp ] ; then
+ new_rpms="$new_rpms $package"
+ new_stamps="$new_stamps $stamp"
+ fi
+ # Or than createrepo database
+ [ $package -nt $repository/repodata/repomd.xml ] && need_createrepo=true
+ done
+
+ if [ -n "$new_rpms" ] ; then
+ # Create a stamp once the package gets signed
+ mkdir $repository/signed-stamps 2> /dev/null
+
+ # Sign RPMS. setsid detaches rpm from the terminal,
+ # allowing the (hopefully blank) GPG password to be
+ # entered from stdin instead of /dev/tty.
+ echo | setsid rpm \
+ --define "_signature gpg" \
+ --define "_gpg_path $GPGPATH" \
+ --define "_gpg_name $GPGUID" \
+ --resign $new_rpms && touch $new_stamps
+ fi
+
+ # Update repository index / yum metadata.
+ if [ -n "$need_createrepo" ] ; then
+ echo "Indexing node packages after signing"
+ if [ -f $repository/yumgroups.xml ] ; then
+ createrepo --quiet -g yumgroups.xml $repository
+ else
+ createrepo --quiet $repository
+ fi
+ fi