github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-20 01:17:46 +00:00
Code Issues Projects Releases Wiki Activity

update(scripts): regenerate repos signatures

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2023-01-19 15:53:03 +00:00
committed by poiana
parent 95940d2e16
commit 717dcaf473
2 changed files with 35 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/publish-deb
View File

@@ -63,6 +63,27 @@ falco_arch_from_deb_arch() {
esac esac
} }
# Sign the local DEB repository
#
# $1: path of the repository
# $2: suite (eg. "stable")
sign_repo() {
local release_dir=dists/$2
pushd $1 > /dev/null
# release signature - Release.gpg file
gpg --detach-sign --digest-algo SHA256 --armor ${release_dir}/Release
rm -f ${release_dir}/Release.gpg
mv ${release_dir}/Release.asc ${release_dir}/Release.gpg
# release signature - InRelease file
gpg --armor --sign --clearsign --digest-algo SHA256 ${release_dir}/Release
rm -f ${release_dir}/InRelease
mv ${release_dir}/Release.asc ${release_dir}/InRelease
popd > /dev/null
}
# Update the local DEB repository # Update the local DEB repository
# #
# $1: path of the repository # $1: path of the repository
@@ -97,16 +118,6 @@ update_repo() {
-o APT::FTPArchive::Release::Architectures="$(join_arr , "${architectures[@]}")" \ -o APT::FTPArchive::Release::Architectures="$(join_arr , "${architectures[@]}")" \
${release_dir} > ${release_dir}/Release ${release_dir} > ${release_dir}/Release
# release signature - Release.gpg file
gpg --detach-sign --digest-algo SHA256 --armor ${release_dir}/Release
rm -f ${release_dir}/Release.gpg
mv ${release_dir}/Release.asc ${release_dir}/Release.gpg
# release signature - InRelease file
gpg --armor --sign --clearsign --digest-algo SHA256 ${release_dir}/Release
rm -f ${release_dir}/InRelease
mv ${release_dir}/Release.asc ${release_dir}/InRelease
popd > /dev/null popd > /dev/null
} }
@@ -174,6 +185,7 @@ if [ "${sign_all}" ]; then
fi fi
fi fi
done done
sign_repo ${tmp_repo_path} ${debSuite}
fi fi
# update the repo by adding new packages # update the repo by adding new packages
@@ -183,6 +195,7 @@ if ! [ ${#files[@]} -eq 0 ]; then
add_deb ${tmp_repo_path} ${debSuite} ${file} add_deb ${tmp_repo_path} ${debSuite} ${file}
done done
update_repo ${tmp_repo_path} ${debSuite} update_repo ${tmp_repo_path} ${debSuite}
sign_repo ${tmp_repo_path} ${debSuite}
# publish # publish
for file in "${files[@]}"; do for file in "${files[@]}"; do

15
scripts/publish-rpm
View File

@@ -34,18 +34,25 @@ add_rpm() {
sign_rpm $1 $2 sign_rpm $1 $2
} }
# Sign the local RPM repository
#
# $1: path of the repository.
sign_repo() {
pushd $1 > /dev/null
rm -f repodata/repomd.xml.asc
gpg --detach-sign --digest-algo SHA256 --armor repodata/repomd.xml
popd > /dev/null
}
# Update the local RPM repository # Update the local RPM repository
# #
# $1: path of the repository. # $1: path of the repository.
update_repo() { update_repo() {
pushd $1 > /dev/null pushd $1 > /dev/null
createrepo --update --no-database . createrepo --update --no-database .
rm -f repodata/repomd.xml.asc
gpg --detach-sign --digest-algo SHA256 --armor repodata/repomd.xml
popd > /dev/null popd > /dev/null
} }
# parse options # parse options
while getopts ":f::r::s" opt; do while getopts ":f::r::s" opt; do
case "${opt}" in case "${opt}" in
@@ -105,6 +112,7 @@ if [ "${sign_all}" ]; then
fi fi
fi fi
done done
sign_repo ${tmp_repo_path}
fi fi
# update the repo by adding new packages # update the repo by adding new packages
@@ -114,6 +122,7 @@ if ! [ ${#files[@]} -eq 0 ]; then
add_rpm ${tmp_repo_path} ${file} add_rpm ${tmp_repo_path} ${file}
done done
update_repo ${tmp_repo_path} update_repo ${tmp_repo_path}
sign_repo ${tmp_repo_path}
# publish # publish
for file in "${files[@]}"; do for file in "${files[@]}"; do