diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2023-10-08 16:52:06 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-10-08 16:54:19 -0700 |
commit | d2d0fcc8506c4e583a60ea99b6340293279776d7 (patch) | |
tree | 28ccfbae6ef5cda5bd9b5608ef22be68810b11ed | |
parent | sync-distfiles: disable distfile symlinks (diff) | |
download | mastermirror-scripts-d2d0fcc8506c4e583a60ea99b6340293279776d7.tar.gz mastermirror-scripts-d2d0fcc8506c4e583a60ea99b6340293279776d7.tar.bz2 mastermirror-scripts-d2d0fcc8506c4e583a60ea99b6340293279776d7.zip |
sign-autobuilds.sh: ensure all tarballs, netboots, and latest*txt are signed20231008T235650Z
Some binary release artifacts were not being signed:
- older tarballs with different suffix
- netboot files
- latest marker files.
Ensure they are signed going forward, and a little bit of future
proofing for other compress suffixes.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rwxr-xr-x | sign-autobuilds.sh | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/sign-autobuilds.sh b/sign-autobuilds.sh index bbb835b..cac8b7e 100755 --- a/sign-autobuilds.sh +++ b/sign-autobuilds.sh @@ -49,7 +49,31 @@ pushd $RELEASES/$a >/dev/null || continue #echo "Release files:" -files="$(find autobuilds -name '*.tar.xz' -or -name '*.iso' -or -name '*.tar.bz2' -or -name '*.lif')" +# 2023/10/08: Unknown if the latest files are consumed by any machine-readable +# process that would break if the changed into being clearsigned, so use a +# detached signature for now. +find_files_cmd=( + find autobuilds + -type f + '(' + -false + -or -name '*.tar.xz' + -or -name '*.tar.bz2' # old builds + -or -name '*.tar.gz' # old builds + -or -name '*.tar.zst' # future builds? + -or -name '*.tar.zstd' # future builds? + -or -name '*.iso' + -or -name '*.tar.bz2' + # hppa netboot + -or -name '*.lif' + # s390 netboot + -or -name 'netboot*T[0-9][0-9][0-9][0-9][0-9][0-9]Z' + # marker files to declare latest builds. + -or -name 'latest*txt' + ')' +) + +files="$( "${find_files_cmd[@]}" )" sigs="$(find autobuilds -name '*.asc' )" unsigned="$(comm -23 <(echo "$files" |sort) <(echo "$sigs" | sed -e 's,.asc$,,g' |sort))" |