-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathrpmbuild.sh
More file actions
executable file
·81 lines (63 loc) · 2.03 KB
/
rpmbuild.sh
File metadata and controls
executable file
·81 lines (63 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/bash
#
# Generic script to build a RPM from spec and sources.
#
# Usage: rpmbuild.sh SPEC [SOURCE ...]
#
# Runs rpmbuild as testuser.
set -eux
BUILDDIR="${BUILDDIR-_build}"
SPEC="$1"; shift
SOURCES=("$@")
specname="${SPEC##*/}"
basespec="${specname%.spec}"
# TOOLS
retry yum-builddep -y "$SPEC"
# SOURCES
topdir=~testuser/rpmbuild
mkdir -p "$topdir/SOURCES" "$topdir/SPECS"
cp -vf "$SPEC" "$topdir/SPECS/"
cp -rvf "${SOURCES[@]}" "$topdir/SOURCES/"
# rpmbuild exige la propriété des fichiers.
chown -R testuser "$topdir"
# BUILD
sudo -u testuser rpmbuild \
--clean \
--define "_topdir $topdir" \
--nocheck \
-bb "$SPEC"
rpms=( "$topdir"/RPMS/*/*.rpm )
# SIGN
if [ -v GPG_PRIVATE_KEY ] ; then
export GPG_TTY=
gpg --batch --import <<<"$GPG_PRIVATE_KEY"
uid="$(gpg --with-colons --list-keys | grep --max-count=1 --only-matching --perl-regexp '^uid:.+[0-9A-Z]::\K([^:]+)')"
if [ -v GPG_PASSPHRASE ] ; then
echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf
gpg-connect-agent reloadagent /bye
grip="$(gpg --with-colons --with-keygrip --list-keys | grep --max-count=1 --only-matching --perl-regexp '^grp:+\K[^:]+')"
# Avoid leaking secret by sending through stdin.
xargs -I% /usr/libexec/gpg-preset-passphrase --passphrase % --preset "$grip" <<<"$GPG_PASSPHRASE"
fi
rpm --addsign --define "_gpg_name $uid" "${rpms[@]}"
# test signature
gpg --armor --export "$uid" > /etc/pki/rpm-gpg/RPM-GPG-KEY-RPMBUILD
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-RPMBUILD
rpm --checksig "${rpms[@]}"
fi
# VERIFY
retry yum install -y "${rpms[@]}"
for rpm in "${rpms[@]}" ; do
rpm -v --verify -p "${rpm}"
name="${rpm##*/}"
yum -y remove "${name%%-[0-9]*}"
done
# EXPORT
ownership="$(stat -c %u:%g "$SPEC")"
destdir="$(rpm --eval "$BUILDDIR/rhel%{rhel}/$basespec/")"
mkdir -p "$destdir"
chown -v "$ownership" "${destdir%/*/*}" "${destdir%/*}"
cp -avf "${rpms[@]}" "$destdir"
chown -Rv "$ownership" "$destdir"
find "$destdir" -type f -printf "%P\n"
rm -rf "$topdir"