rsync-gen: Sign Manifests via generation script

1 files changed, 3 insertions, 33 deletions

diff --git a/rsync-gen.sh b/rsync-gen.sh
index 71b54b0..68a418a 100755
--- a/rsync-gen.sh
+++ b/rsync-gen.sh
@@ -223,41 +223,11 @@ timelog___end "HERDS-AND-PROJ" | timelogger
 # 6a) thicken and generate MetaManifests
 timelog_start "THICKEN-META" | timelogger
 /usr/local/bin/gemato/utils/gen_fast_metamanifest.py \
-	"${STAGEDIR_repo_gentoo}"
+	"${STAGEDIR_repo_gentoo}" "${SIGNKEYID}"
 timelog___end "THICKEN-META" | timelogger
 # end 6a)
 
-# 6b) Sign top-level MetaManifest
-timelog_start "SIGN-METAMANIFEST" | timelogger
-#for m in Manifest metadata/glsa/Manifest Manifest/news/Manifest ; do
-for m in Manifest ; do
-	tmp="$(mktemp)"
-	rm -f "${tmp}" # gpg needs the file to NOT exist, there is no overwrite option.
-	src="${STAGEDIR_repo_gentoo}"/$m
-	[ -s "${src}" ] || continue
-	cmd=( \
-		gpg --batch -u "${SIGNKEYID}" \
-		--armor --clearsign \
-		--output "${tmp}" \
-		"$src" \
-		)
-	"${cmd[@]}"
-	rc=$?
-	if [[ $rc -ne 0 ]]; then
-		echo "$0: Failed to GPG-clearsign $src, tempfile at $tmp (cmd ${cmd[@]})"
-		exit 5
-	fi
-	mv -f "${tmp}" "$src"
-	rc=$?
-	if [[ $rc -ne 0 ]]; then
-		echo "$0: Move to signed $src, tempfile at $tmp"
-		exit 5
-	fi
-done
-timelog___end "SIGN-METAMANIFEST" | timelogger
-# end 6b)
-
-# start 6c) Validate manifests
+# start 6b) Validate manifests
 timelog_start "MANIFEST-VALIDATE" | timelogger
 if ! /usr/local/bin/gemato/bin/gemato verify "${STAGEDIR_repo_gentoo}" >${REGEN_LOG_DIR}/${REGEN_LOG_FILE}.validate 2>&1; then
 	echo "$0: A Manifest has a failure!"
@@ -266,7 +236,7 @@ if ! /usr/local/bin/gemato/bin/gemato verify "${STAGEDIR_repo_gentoo}" >${REGEN_
 	exit 5
 fi
 timelog___end "MANIFEST-VALIDATE" | timelogger
-# end 6c)
+# end 6b)
 
 # 7) rsync from STAGEDIR_repo_gentoo to FINALDIR_repo_gentoo
 # note, call exit above if it is not desired to update the FINALDIR_repo_gentoo. This is