Permalink
Browse files

modify build to sign RPM packages

  • Loading branch information...
1 parent 513be5a commit 9004ad1f27a3622ddb6a071917ce0aa44232322f @danielsdeleo danielsdeleo committed Sep 21, 2012
Showing with 72 additions and 0 deletions.
  1. +19 −0 RPM_SIGNING.md
  2. +17 −0 jenkins/build.sh
  3. +36 −0 jenkins/sign-rpm
View
19 RPM_SIGNING.md
@@ -0,0 +1,19 @@
+# Overview
+RPMs are now automatically signed for every build.
+* RPMs are signed using GPG.
+* The GPG key is the same as for apt.opscode.com
+* The cannonical store of the GPG key is teampass
+* The gpg key is installed by jenkins-support::gpg_key recipe
+* rpm tries to force you to use a password, the `sign-rpm` script works
+ around this.
+
+
+# How RPMs Get Signed:
+## Extracting GPG Key from gpg Keyring:
+
+ gpg --export -a 'Opscode Omnibus Esq' > OmnibusGPG
+
+## Importing GPG Key into RPM:
+
+ sudo rpm --import OmnibusGPG
+
View
17 jenkins/build.sh
@@ -6,6 +6,18 @@
set -e
set -x
+# Check whether a command exists - returns 0 if it does, 1 if it does not
+exists()
+{
+ if command -v $1 &>/dev/null
+ then
+ return 0
+ else
+ return 1
+ fi
+}
+
+
mkdir -p chef-solo/cache
if [ "$CLEAN" = "true" ]; then
@@ -35,3 +47,8 @@ fi
rake projects:$1
+# Sign the package on some platforms:
+if exists rpm;
+then
+ sudo ./jenkins/sign-rpm "" "pkg/*rpm"
+fi
View
36 jenkins/sign-rpm
@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+
+unless password = ARGV[0] and package = ARGV[1]
+ STDERR.puts "Usage: sign-rpm PASSWORD PACKAGE"
+ exit 1
+end
+
+require 'pty'
+
+rpm_cmd = "rpm --addsign #{package}"
+
+puts rpm_cmd
+PTY.spawn(rpm_cmd) do |r,w,pid|
+ prompt = r.read(19)
+
+ # match the expected prompt exactly, since that's the only way we know if
+ # something went wrong.
+ unless prompt == "Enter pass phrase: "
+ STDERR.puts "unexpected output from `#{rpm_cmd}`: '#{prompt}'"
+ Process.kill(:KILL, pid)
+ exit 1
+ end
+
+ STDOUT.puts prompt
+ w.write("#{password}\n")
+
+ # Keep printing output unti the command exits
+ loop do
+ begin
+ puts r.gets
+ rescue Errno::EIO
+ break
+ end
+ end
+end
+

0 comments on commit 9004ad1

Please sign in to comment.