afc93f3430
We do not allow packages to be uploaded without signatures so force all unsigned packages to be signed. This has the bonus of not breaking makepkg signing support by requiring you use an internal makepkg variable. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
202 lines
4.7 KiB
Bash
202 lines
4.7 KiB
Bash
#!/bin/bash
|
|
|
|
m4_include(lib/common.sh)
|
|
|
|
getpkgfile() {
|
|
case $# in
|
|
0)
|
|
error 'No canonical package found!'
|
|
return 1
|
|
;;
|
|
[!1])
|
|
error 'Failed to canonicalize package name -- multiple packages found:'
|
|
msg2 '%s' "$@"
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
echo "$1"
|
|
}
|
|
|
|
# Source makepkg.conf; fail if it is not found
|
|
if [[ -r '/etc/makepkg.conf' ]]; then
|
|
source '/etc/makepkg.conf'
|
|
else
|
|
die '/etc/makepkg.conf not found!'
|
|
fi
|
|
|
|
# Source user-specific makepkg.conf overrides
|
|
if [[ -r ~/.makepkg.conf ]]; then
|
|
. ~/.makepkg.conf
|
|
fi
|
|
|
|
cmd=${0##*/}
|
|
|
|
if [[ ! -f PKGBUILD ]]; then
|
|
die 'No PKGBUILD file'
|
|
fi
|
|
|
|
. PKGBUILD
|
|
pkgbase=${pkgbase:-$pkgname}
|
|
|
|
case "$cmd" in
|
|
commitpkg)
|
|
if (( $# == 0 )); then
|
|
die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
|
|
fi
|
|
repo="$1"
|
|
shift
|
|
;;
|
|
*pkg)
|
|
repo="${cmd%pkg}"
|
|
;;
|
|
*)
|
|
die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
|
|
;;
|
|
esac
|
|
|
|
case "$repo" in
|
|
core|extra|testing|staging|kde-unstable|gnome-unstable)
|
|
server='gerolde.archlinux.org' ;;
|
|
community*|multilib*)
|
|
server='aur.archlinux.org' ;;
|
|
*)
|
|
server='gerolde.archlinux.org'
|
|
msg "Non-standard repository $repo in use, defaulting to server $server" ;;
|
|
esac
|
|
|
|
# check if all local source files are under version control
|
|
for s in "${source[@]}"; do
|
|
if [[ $s != *://* ]] && ! svn status -v "$s" | grep -q '^[ AMRX~]'; then
|
|
die "$s is not under version control"
|
|
fi
|
|
done
|
|
|
|
# check if changelog and install files are under version control
|
|
for i in 'changelog' 'install'; do
|
|
while read -r file; do
|
|
# evaluate any bash variables used
|
|
eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\"
|
|
if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then
|
|
die "${file} is not under version control"
|
|
fi
|
|
done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
|
|
done
|
|
|
|
# see if any limit options were passed, we'll send them to rsync
|
|
rsyncopts=(-e ssh -p --chmod=ug=rw,o=r -c -h -L --progress --partial -y)
|
|
while getopts ':l:a:' flag; do
|
|
case $flag in
|
|
l) rsyncopts+=("--bwlimit=$2") ;;
|
|
a) commit_arch=$2 ;;
|
|
:) die "Option requires an argument -- '$OPTARG'" ;;
|
|
\?) die "Invalid option -- '$OPTARG'" ;;
|
|
esac
|
|
done
|
|
shift $(( OPTIND - 1 ))
|
|
|
|
if [[ -n $(svn status -q) ]]; then
|
|
msgtemplate="upgpkg: $pkgbase $(get_full_version)"$'\n\n'
|
|
if [[ -n $1 ]]; then
|
|
stat_busy 'Committing changes to trunk'
|
|
svn commit -q -m "${msgtemplate}${1}" || die
|
|
stat_done
|
|
else
|
|
msgfile="$(mktemp)"
|
|
echo "$msgtemplate" > "$msgfile"
|
|
if [[ -n $SVN_EDITOR ]]; then
|
|
$SVN_EDITOR "$msgfile"
|
|
elif [[ -n $VISUAL ]]; then
|
|
$VISUAL "$msgfile"
|
|
elif [[ -n $EDITOR ]]; then
|
|
$EDITOR "$msgfile"
|
|
else
|
|
vi "$msgfile"
|
|
fi
|
|
[[ -s $msgfile ]] || die
|
|
stat_busy 'Committing changes to trunk'
|
|
svn commit -q -F "$msgfile" || die
|
|
unlink "$msgfile"
|
|
stat_done
|
|
fi
|
|
fi
|
|
|
|
declare -a uploads
|
|
declare -a commit_arches
|
|
declare -a skip_arches
|
|
|
|
for _arch in ${arch[@]}; do
|
|
if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
|
|
skip_arches+=($_arch)
|
|
continue
|
|
fi
|
|
|
|
for _pkgname in ${pkgname[@]}; do
|
|
fullver=$(get_full_version $_pkgname)
|
|
|
|
if ! pkgfile=$(shopt -s nullglob;
|
|
getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
|
|
warning "Skipping $_pkgname-$fullver-$_arch: failed to locate package file"
|
|
skip_arches+=($_arch)
|
|
continue 2
|
|
fi
|
|
uploads+=("$pkgfile")
|
|
|
|
sigfile="${pkgfile}.sig"
|
|
if [[ ! -f $sigfile ]]; then
|
|
msg "Signing package ${pkgfile}..."
|
|
if [[ -n $GPGKEY ]]; then
|
|
SIGNWITHKEY="-u ${GPGKEY}"
|
|
fi
|
|
gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
|
|
fi
|
|
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
|
|
die "Signature ${pkgfile}.sig is incorrect!"
|
|
fi
|
|
uploads+=("$sigfile")
|
|
done
|
|
done
|
|
|
|
for _arch in ${arch[@]}; do
|
|
if ! in_array $_arch ${skip_arches[@]}; then
|
|
commit_arches+=($_arch)
|
|
fi
|
|
done
|
|
archrelease "${commit_arches[@]/#/$repo-}" || die
|
|
|
|
new_uploads=()
|
|
|
|
# convert to absolute paths so rsync can work with colons (epoch)
|
|
while read -r -d '' upload; do
|
|
new_uploads+=("$upload")
|
|
done < <(realpath -z "${uploads[@]}")
|
|
|
|
uploads=("${new_uploads[@]}")
|
|
unset new_uploads
|
|
|
|
if [[ ${#uploads[*]} -gt 0 ]]; then
|
|
msg 'Uploading all package and signature files'
|
|
rsync "${rsyncopts[@]}" "${uploads[@]}" "$server:staging/$repo/" || die
|
|
fi
|
|
|
|
if [[ "${arch[*]}" == 'any' ]]; then
|
|
if [[ -d ../repos/$repo-i686 && -d ../repos/$repo-x86_64 ]]; then
|
|
pushd ../repos/ >/dev/null
|
|
stat_busy "Removing $repo-i686 and $repo-x86_64"
|
|
svn rm -q $repo-i686
|
|
svn rm -q $repo-x86_64
|
|
svn commit -q -m "Removed $repo-i686 and $repo-x86_64 for $pkgname"
|
|
stat_done
|
|
popd >/dev/null
|
|
fi
|
|
else
|
|
if [[ -d ../repos/$repo-any ]]; then
|
|
pushd ../repos/ >/dev/null
|
|
stat_busy "Removing $repo-any"
|
|
svn rm -q $repo-any
|
|
svn commit -q -m "Removed $repo-any for $pkgname"
|
|
stat_done
|
|
popd >/dev/null
|
|
fi
|
|
fi
|