- # create yum repo and sign packages.
- if [ -n $MKYUMREPO ] ; then
- echo "Signing signing node packages"
-
- ### availability of repo indexing tools
- # old one - might be needed for old-style nodes
- type -p yum-arch > /dev/null && have_yum_arch="true"
- # new one
- type -p createrepo > /dev/null && have_createrepo="true"
-
- repository=$WEBPATH/$BASE/RPMS/
- # the rpms that need signing
- new_rpms=
- # and the corresponding stamps
- new_stamps=
- # is there a need to refresh yum metadata
- need_yum_arch=
- need_createrepo=
-
- # right after installation, no package is present
- # but we still need to create index
- [ -n "$have_yum_arch" -a ! -f $repository/headers/header.info ] && need_yum_arch=true
- [ -n "$have_createrepo" -a ! -f $repository/repodata/repomd.xml ] && need_createrepo=true
-
- for package in $(find $repository/ -name '*.rpm') ; do
- stamp=$repository/signed-stamps/$(basename $package).signed
- # If package is newer than signature stamp
- if [ $package -nt $stamp ] ; then
- new_rpms="$new_rpms $package"
- new_stamps="$new_stamps $stamp"
- fi
- # Or than yum-arch headers
- [ -n "$have_yum_arch" ] && [ $package -nt $repository/headers/header.info ] && need_yum_arch=true
- # Or than createrepo database
- [ -n "$have_createrepo" ] && [ $package -nt $repository/repodata/repomd.xml ] && need_createrepo=true
- done
-
- if [ -n "$new_rpms" ] ; then
- # Create a stamp once the package gets signed
- mkdir $repository/signed-stamps 2> /dev/null
-
- # Sign RPMS. setsid detaches rpm from the terminal,
- # allowing the (hopefully blank) GPG password to be
- # entered from stdin instead of /dev/tty.
- echo | setsid rpm \
- --define "_signature gpg" \
- --define "_gpg_path $GPGPATH" \
- --define "_gpg_name $GPGUID" \
- --resign $new_rpms && touch $new_stamps
- fi
-
- # Update repository index / yum metadata.
-
- if [ -n "$need_yum_arch" ] ; then
- # yum-arch sometimes leaves behind
- # .oldheaders and .olddata directories accidentally.
- rm -rf $repository/{.oldheaders,.olddata}
- yum-arch $repository
- fi
-
- if [ -n "$need_createrepo" ] ; then
- if [ -f $repository/yumgroups.xml ] ; then
- createrepo --quiet -g yumgroups.xml $repository
- else
- createrepo --quiet $repository
- fi
- fi
-
- fi