clean-chroot-manager
clean-chroot-manager copied to clipboard
a new option to pass --sign to makepkg
Rather than sign after the build, it would be nice to have an option to pass --sign
to makepkg. Perhaps something along the lines:
$ tail -2 ~/.config/clean-chroot-manager.conf
# Options passed to makepkg
MAKEPKGFLAGS="--sign"
$ diff -u clean-chroot-manager64
@@ -167,9 +167,9 @@
echo -e "${YELLOW}---->${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}"
if [[ -z "$RUNNAMCAP" ]]; then
- makechrootpkg -c -u -r $CHROOTPATH64
+ makechrootpkg -c -u -r $CHROOTPATH64 -- $MAKEPKGFLAGS
else
- makechrootpkg -c -u -n -r $CHROOTPATH64
+ makechrootpkg -c -u -n -r $CHROOTPATH64 -- $MAKEPKGFLAGS
fi
# stop here if build fails
@@ -182,9 +182,9 @@
echo -e "${YELLOW}---->${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}"
if [[ -z "$RUNNAMCAP" ]]; then
- makechrootpkg -u -r $CHROOTPATH64
+ makechrootpkg -u -r $CHROOTPATH64 -- $MAKEPKGFLAGS
else
- makechrootpkg -u -n -r $CHROOTPATH64
+ makechrootpkg -u -n -r $CHROOTPATH64 -- $MAKEPKGFLAGS
fi
I desperately need this. I'm a bit surprised that it has been almost 4 years...
Is there any intention of supporting this functionality?
I don't think passing -- --sign
is going to work since the keys would need to be in the buildroot. I think signing would need to be handled as a post-process step by ccm
not by any of the devtool scripts.
How it's about using https://git.archlinux.org/pacman.git/tree/scripts/libmakepkg/integrity/generate_signature.sh.in as base. Then adding a new configuration variable like "DOSIGN" and a function like this
sign() {
local mesg="Signing package..."
# Assuming that GPGKEY key is set in /etc/makepkg.conf
. /etc/makepkg.conf
# Following code taken from https://git.archlinux.org/pacman.git/tree/scripts/libmakepkg/integrity/generate_signature.sh.in
local ret=0
local filename="$1"
local SIGNWITHKEY=()
if [[ -n $GPGKEY ]]; then
SIGNWITHKEY=(-u "${GPGKEY}")
fi
gpg --detach-sign --use-agent "${SIGNWITHKEY[@]}" --no-armor "$filename" &>/dev/null || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Created signature file %s.")" "${filename##*/}.sig"
else
warning "$(gettext "Failed to sign package file %s.")" "${filename##*/}"
fi
return $ret
}
which is called after build().
regards Kai