From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Mon, 8 May 2006 19:04:29 +0000 (+0000)
Subject: - sign all RPMS during installation if the signing key is available
X-Git-Tag: plc-0_2-14~8
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=77223829f73afa8fa732dd61ff8d0e060d8ef34d;p=build.git

- sign all RPMS during installation if the signing key is available
---

diff --git a/planetlab.mk b/planetlab.mk
index c1287f8b..1eee967b 100644
--- a/planetlab.mk
+++ b/planetlab.mk
@@ -340,6 +340,17 @@ install:
 ifeq ($(BASE),)
 	@echo make install is only meant to be called from ./build.sh
 else
+ifneq ($(wildcard /etc/planetlab/secring.gpg),)
+        # Sign all RPMS. setsid detaches rpm from the terminal,
+        # allowing the (hopefully blank) GPG password to be entered
+        # from stdin instead of /dev/tty. Obviously, the build server
+        # should be secure.
+	echo | setsid rpm \
+	--define "_signature gpg" \
+	--define "_gpg_path /etc/planetlab" \
+	--define "_gpg_name PlanetLab <info@planet-lab.org>" \
+	--resign RPMS/*/*.rpm SRPMS/*.rpm
+endif
 ifneq ($(BUILDS),)
         # Remove old runs
 	echo "cd $(ARCHIVE) && ls -t | sed -n $(BUILDS)~1p | xargs rm -rf" | ssh $(SERVER) /bin/bash -s