@@ -69,7 +69,10 @@ for arch in x86_64 i386 aarch64; do
6969 printf " Signing repository metadata for ${arch} ...\n"
7070 # Remove existing signature file if it exists
7171 rm -f rpm-repo/${arch} /repodata/repomd.xml.asc
72- gpg --batch --detach-sign --armor --local-user " ${GPG_PRIVATE_KEY_FINGERPRINT} " " ${GPG_PASSPHRASE} " ${arch} /repodata/repomd.xml
72+ gpg --batch --pinentry-mode loopback --detach-sign --armor \
73+ --local-user " ${GPG_PRIVATE_KEY_FINGERPRINT} "
74+ --passphrase " ${GPG_PASSPHRASE} "
75+ rpm-repo/${arch} /repodata/repomd.xml
7376
7477 # Verify the signature was created
7578 if [ -f " rpm-repo/${arch} /repodata/repomd.xml.asc" ; then
@@ -82,11 +85,21 @@ for arch in x86_64 i386 aarch64; do
8285 fi
8386done
8487
85- # Upload the updated repository to S3
86- printf " \n>>> Uploading repository to S3 \n"
87- # Remove old metadata files first to avoid duplicates
88- aws s3 rm s3://${RPM_BUCKET_NAME} /${RPM_REPO_PATH} / --recursive --exclude " *" " */repodata/*" " ${AWS_ENDPOINT_URL} " || echo " No old metadata to remove"
89- aws s3 sync rpm-repo/ s3://${RPM_BUCKET_NAME} /${RPM_REPO_PATH} / --endpoint-url " ${AWS_ENDPOINT_URL} "
88+ # Upload the updated repository to S3 in two phases (repodata pointers last)
89+ # clients reading the repo won't see a state where repomd.xml points to files not uploaded yet.
90+ printf " \n>>> Uploading repository to S3 (phase 1: all except repomd*) \n"
91+ aws s3 sync rpm-repo/ s3://${RPM_BUCKET_NAME} /${RPM_REPO_PATH} / \
92+ --endpoint-url " ${AWS_ENDPOINT_URL} "
93+ --delete \
94+ --exclude " */repodata/repomd.xml"
95+ --exclude " */repodata/repomd.xml.asc"
96+
97+ printf " \n>>> Uploading repository to S3 (phase 2: repomd* only) \n"
98+ aws s3 sync rpm-repo/ s3://${RPM_BUCKET_NAME} /${RPM_REPO_PATH} / \
99+ --endpoint-url " ${AWS_ENDPOINT_URL} "
100+ --exclude " *"
101+ --include " */repodata/repomd.xml"
102+ --include " */repodata/repomd.xml.asc"
90103
91104# Upload the public key
92105printf " \n>>> Uploading public key \n"
0 commit comments