From 439c7ff2058c85475db2566a55f45f1531d67a20 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 3 May 2021 12:18:39 +0200
Subject: sign repo metadata gh#175

---
 mkmodular | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'mkmodular')

diff --git a/mkmodular b/mkmodular
index 9ad0754..51fd59a 100755
--- a/mkmodular
+++ b/mkmodular
@@ -327,7 +327,31 @@ function createRepo($dest, $mod) {
 $old = getcwd();
 chdir($dest);
 
+// Key
+[$dis,$ver]=explode("/", $dest);
+$GPG_NAME="Remi's RPM repository";
+if ($dis == "fedora") {
+	if ($ver >= 34) {
+		$GPG_PATH="/home/remi/.gnupg2021";
+	} else if ($ver >= 32) {
+		$GPG_PATH="/home/remi/.gnupg2020";
+	} else {
+		$GPG_PATH="/home/remi/.gnupg2019";
+	}
+} else {
+	if ($ver >= 8) {
+		$GPG_PATH="/home/remi/.gnupg2018";
+	} else {
+		$GPG_PATH="/home/remi/.gnupgrpm";
+		$GPG_NAME="Remi Collet";
+	}
+}
+echo "Metadata, signing with $GPG_PATH, ";
+
+// Repository content
 exec("mkrepo nocheck noclean");
+
+// Modular data
 $data = '/tmp/modules.yaml';
 file_put_contents($data, $mod);
 $hash = hash('sha256', $mod);
@@ -335,6 +359,9 @@ exec("modifyrepo_c --mdtype=modules $data repodata >/dev/null");
 $arch = basename($dest);
 rename($data, "$data.$arch");
 
+// Sign
+@unlink("repodata/repomd.xml.asc");
+exec("gpg --armor --detach-sign --default-key \"$GPG_NAME\" --homedir \"$GPG_PATH\" repodata/repomd.xml");
 chdir($old);
 }
 /*
-- 
cgit