From 5278c06190dee9ef266f0caf45553fffc9e8cdc5 Mon Sep 17 00:00:00 2001 From: Simon Praetorius Date: Fri, 11 Nov 2016 17:56:34 +0100 Subject: [PATCH] package signing and uploading without passwords --- tools/packaging/debian/create_package.cmake | 7 +++--- tools/packaging/debian/generate_package.sh | 27 +++++++++++++++++++++ tools/packaging/debian/gpg_pass.sh | 15 ++++++++++++ tools/packaging/debian/ssh_add_pass.sh | 16 ++++++++++++ 4 files changed, 61 insertions(+), 4 deletions(-) create mode 100755 tools/packaging/debian/generate_package.sh create mode 100755 tools/packaging/debian/gpg_pass.sh create mode 100755 tools/packaging/debian/ssh_add_pass.sh diff --git a/tools/packaging/debian/create_package.cmake b/tools/packaging/debian/create_package.cmake index 59a95b40..123f7fad 100644 --- a/tools/packaging/debian/create_package.cmake +++ b/tools/packaging/debian/create_package.cmake @@ -24,7 +24,7 @@ if (NOT IS_RELEASE) set(PACKAGE_VERSION "${PACKAGE_VERSION}~rc${PACKAGE_RELEASE_CANDIDATE}") endif () -set(PACKAGE_VERSION "${PACKAGE_VERSION}~ppa1~${PACKAGE_DISTRIBUTION}") +set(PACKAGE_VERSION "${PACKAGE_VERSION}~ppa5~${PACKAGE_DISTRIBUTION}") set(PACKAGE_VERSION_FULL "${PACKAGE_VERSION}-1") set(PACKAGE_CONTACT "Simon Praetorius ") @@ -88,6 +88,5 @@ file(WRITE ${DEBIAN_DIR}/compat "9\n") file(WRITE ${DEBIAN_DIR}/soure/format "3.0 (quilt)\n") # generate the debian package -execute_process(COMMAND debuild -S -sa -# execute_process(COMMAND debuild -d -us -uc - WORKING_DIRECTORY ${OUT_DIR}/${PACKAGE_PREFIX}) +execute_process(COMMAND ./generate_package.sh ${OUT_DIR}/${PACKAGE_PREFIX} ${PACKAGE_VERSION_FULL} ${IN_DIR} + WORKING_DIRECTORY ${IN_DIR}) diff --git a/tools/packaging/debian/generate_package.sh b/tools/packaging/debian/generate_package.sh new file mode 100755 index 00000000..6f96d4bb --- /dev/null +++ b/tools/packaging/debian/generate_package.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +if [ $# -lt 3 ] ; then + echo "Usage: generate_package.sh root-dir amdis-version bin-dir" + exit 1 +fi + +ROOT="$1" +VERSION="$2" +BIN="$3" +CHANGES_FILE="${ROOT}/../amdis_${VERSION}_source.changes" + +cd $ROOT +debuild -uc -us -S -sa + +# export GNUPGHOME=/srv/amdis-deploy/gnupg + +# build debian source package and sign it using gpg +echo "${AMDIS_PGP_PASSPHRASE}" >> /tmp/amdis_passphrase +debsign -p"$BIN/gpg_pass.sh /tmp/amdis_passphrase" -S -k99F411D7 ${CHANGES_FILE} #3B1E713A + +$BIN/ssh_add_pass.sh /amdis/id_rsa /tmp/amdis_passphrase + +# upload the package +dput ppa:math-iwr/ppa ${CHANGES_FILE} + +rm -f /tmp/amdis_passphrase diff --git a/tools/packaging/debian/gpg_pass.sh b/tools/packaging/debian/gpg_pass.sh new file mode 100755 index 00000000..41eeeb9d --- /dev/null +++ b/tools/packaging/debian/gpg_pass.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ $# -ne 1 ] ; then + echo "Usage: gpg-pass.sh passfile additional-arguments..." + exit 1 +fi + +PWD_FILE="$1" +shift 1 + +eval $(gpg-agent --daemon --allow-preset-passphrase --max-cache-ttl 7200) +cat ${PWD_FILE} | /usr/lib/gnupg/gpg-preset-passphrase --preset key:99F411D7 +export GPG_TTY=`tty` +gpg --batch --use-agent $@ +/usr/lib/gnupg/gpg-preset-passphrase --forget key:99F411D7 diff --git a/tools/packaging/debian/ssh_add_pass.sh b/tools/packaging/debian/ssh_add_pass.sh new file mode 100755 index 00000000..55fb95f3 --- /dev/null +++ b/tools/packaging/debian/ssh_add_pass.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [ $# -ne 2 ] ; then + echo "Usage: ssh-add-pass.sh keyfile passfile" + exit 1 +fi + +eval $(ssh-agent) +pass=$(cat $2) + +/amdis/tools/tcl/bin/expect << EOF + spawn ssh-add $1 + expect "Enter passphrase" + send "$pass\r" + expect eof +EOF -- GitLab