create InRelease file

closes GH-76 closes GH-77
freight-team · Apr 5, 2018 · 0a8c99a · 0a8c99a
1 parent 12060a3
commit 0a8c99a
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/lib/freight/apt.sh b/lib/freight/apt.sh
@@ -214,11 +214,16 @@ EOF
     done
 
     # Sign the top-level `Release` file with `gpg`
-    # shellcheck disable=SC2046 disable=SC2086
+    # shellcheck disable=SC2046 disable=SC2086 disable=SC2015
     gpg -abs$([ "$TTY" ] || echo " --no-tty") --use-agent ${USERKEYS} \
         $([ "$GPG_PASSPHRASE_FILE" ] && echo " --batch --passphrase-fd 1 --passphrase-file $GPG_PASSPHRASE_FILE") \
         $([ "$GPG_DIGEST_ALGO" ] && echo " --personal-digest-preferences $GPG_DIGEST_ALGO") \
-        -o"$DISTCACHE/Release.gpg" "$DISTCACHE/Release" || {
+        -o"$DISTCACHE/Release.gpg" "$DISTCACHE/Release" &&
+    # Create/Sign the top-level `InRelease` file with `gpg`
+    gpg --clearsign$([ "$TTY" ] || echo " --no-tty") --use-agent ${USERKEYS} \
+        $([ "$GPG_PASSPHRASE_FILE" ] && echo " --batch --passphrase-fd 1 --passphrase-file $GPG_PASSPHRASE_FILE") \
+        $([ "$GPG_DIGEST_ALGO" ] && echo " --personal-digest-preferences $GPG_DIGEST_ALGO") \
+        -o"$DISTCACHE/InRelease" "$DISTCACHE/Release" || {
         cat <<EOF
 # [freight] couldn't sign the repository, perhaps you need to run
 # [freight] gpg --gen-key and update the GPG setting in $CONF

diff --git a/test/apt_cache.bats b/test/apt_cache.bats
@@ -10,10 +10,12 @@ setup() {
     configure_local_apt
 }
 
-@test "freight-cache builds distro Release file" {
+@test "freight-cache builds distro Release/InRelease file" {
     freight_cache -v
     test -e ${FREIGHT_CACHE}/dists/example/Release
     egrep "^Components: comp main" ${FREIGHT_CACHE}/dists/example/Release
+    test -e ${FREIGHT_CACHE}/dists/example/InRelease
+    egrep "^Components: comp main" ${FREIGHT_CACHE}/dists/example/InRelease
 }
 
 @test "freight-cache builds per-component Release file" {
@@ -28,18 +30,23 @@ setup() {
     test -e ${FREIGHT_CACHE}/pool/example/main/t/test/test_1.0_all.deb
 }
 
-@test "freight-cache generates valid Release.gpg signature" {
+@test "freight-cache generates valid Release/InRelease signatures" {
     freight_cache -v
     gpg --verify ${FREIGHT_CACHE}/dists/example/Release.gpg ${FREIGHT_CACHE}/dists/example/Release
+    gpg --verify ${FREIGHT_CACHE}/dists/example/InRelease
 }
 
-@test "freight-cache signs Release.gpg with two keys" {
+@test "freight-cache signs Release/InRelease with two keys" {
     sed -i 's/^GPG=.*/GPG="freight@example.com freight2@example.com"/' $FREIGHT_CONFIG
     freight_cache -v
 
     gpg --status-fd 1 --verify ${FREIGHT_CACHE}/dists/example/Release.gpg ${FREIGHT_CACHE}/dists/example/Release >/tmp/verify.out
     run grep -c GOODSIG /tmp/verify.out
     assert_output "2"
+
+    gpg --status-fd 1 --verify ${FREIGHT_CACHE}/dists/example/InRelease >/tmp/verify.out
+    run grep -c GOODSIG /tmp/verify.out
+    assert_output "2"
 }
 
 @test "freight-cache works without tty" {