From 439c7ff2058c85475db2566a55f45f1531d67a20 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 3 May 2021 12:18:39 +0200
Subject: sign repo metadata gh#175

---
 mkrepo | 59 +++++++++++++++++++++++++++++++----------------------------
 1 file changed, 31 insertions(+), 28 deletions(-)

(limited to 'mkrepo')

diff --git a/mkrepo b/mkrepo
index 5f25de6..93e946e 100755
--- a/mkrepo
+++ b/mkrepo
@@ -23,39 +23,40 @@ else
   dst=/data/rpms/old
 fi
 
+GPG_NAME="Remi's RPM repository"
+if [ "$dis" == "fedora" ]; then
+	# Fedora
+	if [ "$ver" -ge 34 ]
+	then echo "key 2021"
+		GPG_PATH=/home/remi/.gnupg2021
+	elif [ "$ver" -ge 32 ]
+	then echo "key 2020"
+		GPG_PATH=/home/remi/.gnupg2020
+	elif [ "$ver" -ge 30 ]
+	then echo "key 2019"
+		GPG_PATH=/home/remi/.gnupg2019
+	else echo "older key"
+		exit 1
+	fi
+else
+	# Enterprise
+	if [ "$dis" == "enterprise" -a "$ver" -ge 8 ]
+	then echo "key 2018"
+		GPG_PATH=/home/remi/.gnupg2018
+	else echo "old key"
+		GPG_PATH=/home/remi/.gnupgrpm
+		GPG_NAME="Remi Collet"
+	fi
+fi
+
 if [ ${1:-check} != nocheck ]; then
 	echo "+ Controle des signatures"
 	rpm -K *.rpm | grep -v 'signatures.*OK' | cut -d: -f1 | tee $TMP
 	if [ -s $TMP ]
 	then
-		if [ "$dis" == "fedora" -a "$ver" -ge 34 ]
-		then echo "key 2021"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2021' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		elif [ "$dis" == "fedora" -a "$ver" -ge 32 ]
-		then echo "key 2020"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2020' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		elif [ "$dis" == "fedora" -a "$ver" -ge 30 ]
-		then echo "key 2019"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2019' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		elif [ "$dis" == "fedora" -a "$ver" -ge 28 ]
-		then echo "key 2018"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2018' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		elif [ "$dis" == "enterprise" -a "$ver" -ge 8 ]
-		then echo "key 2018"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2018' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		elif [ "$dis" == "fedora" -a "$ver" -ge 26 ]
-		then echo "key 2017"
-			rpmsign --define '_gpg_path /home/remi/.gnupg2017' --define "_gpg_name Remi's RPM repository"  --addsign $(cat $TMP)
-
-		else echo "old key"
-			rpmsign --define '_gpg_path /home/remi/.gnupgrpm'  --define "_gpg_name Remi Collet"            --addsign $(cat $TMP)
-		fi
-	else	echo OK.
+		rpmsign --define "_gpg_path $GPG_PATH" --define "_gpg_name $GPG_NAME"  --addsign $(cat $TMP)
+	else
+		echo OK.
 	fi
 fi
 
@@ -101,6 +102,8 @@ else
                --compress-type=bz2   \
                --database .
 fi
+rm -f repodata/repomd.xml.asc
+gpg --armor --detach-sign --default-key "$GPG_NAME" --homedir "$GPG_PATH" repodata/repomd.xml
 
 #echo "+ Génération repoview"
 #nom=${PWD#/home/rpmbuild/site/rpms/}
-- 
cgit