From 77223829f73afa8fa732dd61ff8d0e060d8ef34d Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Mon, 8 May 2006 19:04:29 +0000
Subject: [PATCH] - sign all RPMS during installation if the signing key is
 available

---
 planetlab.mk | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/planetlab.mk b/planetlab.mk
index c1287f8b..1eee967b 100644
--- a/planetlab.mk
+++ b/planetlab.mk
@@ -340,6 +340,17 @@ install:
 ifeq ($(BASE),)
 	@echo make install is only meant to be called from ./build.sh
 else
+ifneq ($(wildcard /etc/planetlab/secring.gpg),)
+        # Sign all RPMS. setsid detaches rpm from the terminal,
+        # allowing the (hopefully blank) GPG password to be entered
+        # from stdin instead of /dev/tty. Obviously, the build server
+        # should be secure.
+	echo | setsid rpm \
+	--define "_signature gpg" \
+	--define "_gpg_path /etc/planetlab" \
+	--define "_gpg_name PlanetLab <info@planet-lab.org>" \
+	--resign RPMS/*/*.rpm SRPMS/*.rpm
+endif
 ifneq ($(BUILDS),)
         # Remove old runs
 	echo "cd $(ARCHIVE) && ls -t | sed -n $(BUILDS)~1p | xargs rm -rf" | ssh $(SERVER) /bin/bash -s
-- 
2.47.0