From 4676d39bd9d50904474640aea5e80ecc1524f252 Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Mon, 8 May 2006 19:05:09 +0000
Subject: [PATCH] - merge revision 1.17 date: 2006/05/08 19:04:29;  author:
 mlhuang;  state: Exp;  lines: +11 -0 - sign all RPMS during installation if
 the signing key is available

---
 planetlab.mk | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/planetlab.mk b/planetlab.mk
index bf704903..ee647f59 100644
--- a/planetlab.mk
+++ b/planetlab.mk
@@ -4,7 +4,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2003-2006 The Trustees of Princeton University
 #
-# $Id$
+# $Id: planetlab.mk,v 1.7.2.4 2006/03/31 18:25:33 mlhuang Exp $
 #
 
 #
@@ -354,6 +354,17 @@ install:
 ifeq ($(BASE),)
 	@echo make install is only meant to be called from ./build.sh
 else
+ifneq ($(wildcard /etc/planetlab/secring.gpg),)
+        # Sign all RPMS. setsid detaches rpm from the terminal,
+        # allowing the (hopefully blank) GPG password to be entered
+        # from stdin instead of /dev/tty. Obviously, the build server
+        # should be secure.
+	echo | setsid rpm \
+	--define "_signature gpg" \
+	--define "_gpg_path /etc/planetlab" \
+	--define "_gpg_name PlanetLab <info@planet-lab.org>" \
+	--resign RPMS/*/*.rpm SRPMS/*.rpm
+endif
 ifneq ($(BUILDS),)
         # Remove old runs
 	echo "cd $(ARCHIVE) && ls -t | sed -n $(BUILDS)~1p | xargs rm -rf" | ssh $(SERVER) /bin/bash -s
-- 
2.47.0