diff options
| author |   Fabian Groffen <grobian@gentoo.org> | 2018-02-17 09:11:44 +0100 |
|---|---|---|
| committer | Fabian Groffen <grobian@gentoo.org> | 2018-02-17 09:11:44 +0100 |
| commit | 7555f191b3b49230fa00d9bb85da5c2e56928189 (patch) | |
| tree | c4984913c15d9f901b79e4ce9ef5b1929d1e3974 | |
| parent | sys-apps/coreutils: add back libstdbuf fixes, bug #647708 (diff) | |
| download | prefix-7555f191b3b49230fa00d9bb85da5c2e56928189.tar.gz prefix-7555f191b3b49230fa00d9bb85da5c2e56928189.tar.bz2 prefix-7555f191b3b49230fa00d9bb85da5c2e56928189.zip | |
scripts/rsync-generation/update-rsync-master: generate/sign manifest last
Generate manifests as last thing, else we invalidate the signatures due
to other work preparing the tree.
| -rwxr-xr-x | scripts/rsync-generation/update-rsync-master.sh | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/scripts/rsync-generation/update-rsync-master.sh b/scripts/rsync-generation/update-rsync-master.sh index 459edebce0..e78b89f896 100755 --- a/scripts/rsync-generation/update-rsync-master.sh +++ b/scripts/rsync-generation/update-rsync-master.sh @@ -185,34 +185,6 @@ echo "($(date +"%F %R")) Prefix tree rsynced" STOP=$(date +%s) TIME_SVNPREFIX=$((STOP - START)) -START=$(date +%s) - -echo "($(date +"%F %R")) signing Manifest" - -# generate Thick Manifests -${BASE_PATH}/hashgen "${RSYNCDIR}" - -# Signing is done with our snapshot signing key, and only on the top -# level Manifest, for it covers indirectly the entire tree - -# remember, HOME is set to misc/ so .gnupg keychain lives there -gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \ - --pinentry-mode loopback \ - --sign --clearsign --digest-algo SHA512 \ - --yes "${RSYNCDIR}"/Manifest \ - < "${BASE_PATH}"/autosigner.pwd >& /dev/null -if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then - touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc - mv "${RSYNCDIR}"/Manifest{.asc,} -else - echo "signing failed!" >> /dev/stderr -fi - -echo "($(date +"%F %R")) Manifest signed" - -STOP=$(date +%s) -TIME_MANISIGN=$((STOP - START)) - # define repo_name, can't use gx86's name as we're different echo "($(date +"%F %R")) setting repo_name and making the prefix profiles development ones (iso exp)" @@ -264,6 +236,34 @@ chmod -R u-s,g-s "${RSYNCDIR}"/metadata STOP=$(date +%s) TIME_TOTAL=$((STOP - GLOBALSTART)) +START=$(date +%s) + +echo "($(date +"%F %R")) signing Manifest" + +# generate Thick Manifests +${BASE_PATH}/hashgen "${RSYNCDIR}" + +# Signing is done with our snapshot signing key, and only on the top +# level Manifest, for it covers indirectly the entire tree + +# remember, HOME is set to misc/ so .gnupg keychain lives there +gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \ + --pinentry-mode loopback \ + --sign --clearsign --digest-algo SHA512 \ + --yes "${RSYNCDIR}"/Manifest \ + < "${BASE_PATH}"/autosigner.pwd 2>&1 +if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then + touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc + mv "${RSYNCDIR}"/Manifest{.asc,} +else + echo "signing failed!" >> /dev/stderr +fi + +echo "($(date +"%F %R")) Manifest signed" + +STOP=$(date +%s) +TIME_MANISIGN=$((STOP - START)) + # feed timings to graphite prefix="gentoo.rsync-generation.$(hostname -s)" { |