[buildbot] Allow overriding GnuPG home directory

LEDE Commits lede-commits at lists.infradead.org
Tue Nov 15 12:03:37 PST 2016 

jow pushed a commit to buildbot.git, branch master:
https://git.lede-project.org/e49a30b0b1ab797fb4857067345a4d4c74fd063b

commit e49a30b0b1ab797fb4857067345a4d4c74fd063b
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Tue Nov 15 21:02:28 2016 +0100

    Allow overriding GnuPG home directory
    
    Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
 phase1/config.ini.example |  1 +
 phase1/master.cfg         | 10 ++++++++--
 phase1/signall.sh         | 15 +++++++++++----
 phase2/config.ini.example |  1 +
 phase2/master.cfg         | 10 ++++++++--
 5 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/phase1/config.ini.example b/phase1/config.ini.example
index c502d13..dcacc5f 100644
--- a/phase1/config.ini.example
+++ b/phase1/config.ini.example
@@ -29,6 +29,7 @@ source_url = user at example.org::upload-sources
 source_password = example2
 
 [gpg]
+home = ~/.gnupg
 keyid = 626471F1
 passfile = ./gpg-passphrase.txt
 comment = Unattended build signature
diff --git a/phase1/master.cfg b/phase1/master.cfg
index 939649d..7740840 100644
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -74,10 +74,14 @@ if ini.has_option("rsync", "source_url"):
 	rsync_src_url = ini.get("rsync", "source_url")
 	rsync_src_key = ini.get("rsync", "source_password")
 
+gpg_home = "~/.gnupg"
 gpg_keyid = None
 gpg_comment = "Unattended build signature"
 gpg_passfile = "/dev/null"
 
+if ini.has_option("gpg", "home"):
+	gpg_home = ini.get("gpg", "home")
+
 if ini.has_option("gpg", "keyid"):
 	gpg_keyid = ini.get("gpg", "keyid")
 
@@ -469,8 +473,10 @@ for target in targets:
 		factory.addStep(MasterShellCommand(
 			name = "signfiles",
 			description = "Signing files",
-			command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_passfile, gpg_comment],
-			haltOnFailure = True
+			command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.%s.tar.gz" %(home_dir, ts[0], ts[1]), gpg_keyid, gpg_comment],
+			env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile},
+			haltOnFailure = True,
+			logEnviron = False
 		))
 
 		factory.addStep(FileDownload(
diff --git a/phase1/signall.sh b/phase1/signall.sh
index 015470d..d256131 100755
--- a/phase1/signall.sh
+++ b/phase1/signall.sh
@@ -2,8 +2,7 @@
 
 tarball="$1"
 keyid="$2"
-passfile="$3"
-comment="$4"
+comment="$3"
 
 tmpdir="signall.$$"
 tarball="$(readlink -f "$tarball")"
@@ -13,7 +12,7 @@ finish() { rm -rf "$tmpdir"; exit $1; }
 trap "finish 255" HUP INT TERM
 
 if [ ! -f "$tarball" ]; then
-	echo "Usage: $0 <tarball> [<keyid> [<passfile> [<comment>]]]"
+	echo "Usage: [GNUPGHOME=... [PASSFILE=...]] $0 <tarball> [<keyid> [<comment>]]"
 	finish 1
 fi
 
@@ -21,7 +20,15 @@ umask 022
 
 mkdir "$tmpdir" || finish 2
 tar -C "$tmpdir/" -xzf "$tarball" || finish 3
-find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg --no-version --batch --yes -a -b ${keyid:+-u "$keyid"} ${comment:+--comment="$comment"} ${passfile:+--passphrase-file "$passfile"} -o "{}.gpg" "{}" \; || finish 4
+
+find "$tmpdir/" -type f -not -name "*.gpg" -exec gpg \
+	--no-version --batch --yes -a -b \
+	${keyid:+-u "$keyid"} \
+	${comment:+--comment="$comment"} \
+	${GNUPGHOME:+--homedir "$GNUPGHOME"} \
+	${PASSFILE:+--passphrase-file "$PASSFILE"} \
+	-o "{}.gpg" "{}" \; || finish 4
+
 tar -C "$tmpdir/" -czf "$tarball" . || finish 5
 
 finish 0
diff --git a/phase2/config.ini.example b/phase2/config.ini.example
index 0ad799b..dae0673 100644
--- a/phase2/config.ini.example
+++ b/phase2/config.ini.example
@@ -20,6 +20,7 @@ sdk_password = example3
 sdk_pattern = lede-sdk-*.tar.xz
 
 [gpg]
+home = ~/.gnupg
 keyid = 626471F1
 passfile = ./gpg-passphrase.txt
 comment = Unattended build signature
diff --git a/phase2/master.cfg b/phase2/master.cfg
index c3e2600..3845854 100644
--- a/phase2/master.cfg
+++ b/phase2/master.cfg
@@ -79,10 +79,14 @@ if ini.has_option("rsync", "sdk_password"):
 if ini.has_option("rsync", "sdk_pattern"):
 	rsync_sdk_pat = ini.get("rsync", "sdk_pattern")
 
+gpg_home = "~/.gnupg"
 gpg_keyid = None
 gpg_comment = "Unattended build signature"
 gpg_passfile = "/dev/null"
 
+if ini.has_option("gpg", "home"):
+	gpg_home = ini.get("gpg", "home")
+
 if ini.has_option("gpg", "keyid"):
 	gpg_keyid = ini.get("gpg", "keyid")
 
@@ -274,8 +278,10 @@ for arch in arches:
 		factory.addStep(MasterShellCommand(
 			name = "signfiles",
 			description = "Signing files",
-			command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_passfile, gpg_comment],
-			haltOnFailure = True
+			command = ["%s/signall.sh" %(home_dir), "%s/signing/%s.tar.gz" %(home_dir, arch[0]), gpg_keyid, gpg_comment],
+			env = {'GNUPGHOME': gpg_home, 'PASSFILE': gpg_passfile},
+			haltOnFailure = True,
+			logEnviron = False
 		))
 
 		factory.addStep(FileDownload(

More information about the lede-commits mailing list