bluto

Release package and announcement generator
Info | Log | Files | Refs | README | LICENSE
commit 1d2884b11a26734384c7eefe22bfa363d7f0fd02
parent 09718d272fbf64aa59e92c0513e4414782190506
Author: lash <dev@holbrook.no>
Date:   Sun,  9 Mar 2025 13:54:20 +0000

Add archive to release yaml, hash and sign

Diffstat:

MBluto.pm | 1+


MBluto/Archive.pm | 8+++++---


MBluto/Yaml.pm | 30++++++++++++++++++++++++++++++


3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/Bluto.pm b/Bluto.pm
@@ -34,6 +34,7 @@ our %m_main = (
 	copyright => undef,
 	tag_prefix => VCS_TAG_PREFIX,
 	changelog => undef,
+	archive => undef,
 	time => undef,
 	timeobj => undef,
 	#tech_main => undef,
diff --git a/Bluto/Archive.pm b/Bluto/Archive.pm
@@ -11,6 +11,7 @@ use File::Path qw / make_path /;
 
 
 sub seal {
+	my $release = shift;
 	my $targz = shift;
 	my $keygrip = shift;
 	# TODO: intended to be numeric flags but now we just use the first bit to force sign or not
@@ -27,6 +28,7 @@ sub seal {
 	$h->addfile($targz);
 	my $z = $h->hexdigest;
 	debug('calculated sha256 ' . $z . ' for archive ' . $targz);
+	$release->{archive} = $z;
 	my $hp = $targz . '.sha256';
 	my $f;
 	open($f, ">$hp") or (error('could not open digest file: ' . $!) && return undef);
@@ -34,7 +36,7 @@ sub seal {
 	close($f);
 
 	if (!defined $keygrip) {
-		warn('skipping signature due to missing key');
+		warn('skipping archive signature due to missing key');
 		return $z;
 	}
 
@@ -55,7 +57,7 @@ sub create {
 	my $flags = shift;
 
 	my $keygrip = $release->{_author_maintainer}->[2];
-	debug('using keygrip: ' . $keygrip);
+	debug('using keygrip for archive: ' . $keygrip);
 
 	my $old_dir = cwd;
 
@@ -101,7 +103,7 @@ sub create {
 			return undef;
 		}
 
-		my $seal = seal($targz_local, $keygrip, $flags & 1);
+		my $seal = seal($release, $targz_local, $keygrip, $flags & 1);
 		if (!defined $seal) {
 			error("failed sealing archive");
 			unlink($targz_local);
diff --git a/Bluto/Yaml.pm b/Bluto/Yaml.pm
@@ -1,5 +1,6 @@
 package Bluto::Yaml;
 
+use File::Basename qw/basename/;
 use Bluto::Log qw/error info debug warn trace/;
 use Bluto::Tree;
 
@@ -54,6 +55,7 @@ sub add_release_yaml {
 	}
 
 	$yr->{timestamp} = $release->{timeobj}->epoch;
+	$yr->{archive} = 'sha256:' . $release->{archive};
 	$yb->{releases}->{$env->{version}} = $yr;
 
 	$yb = add_existing_releases($release, $yb);
@@ -64,11 +66,39 @@ sub add_release_yaml {
 sub to_file {
 	my $release = shift;
 	my $y = shift;
+	my $keygrip = shift;
 
 	my $fp = yaml_path($release);
 
 	$y->write($fp);
 
+	# DRY with Bluto/Archive.pm
+	my $keygrip = $release->{_author_maintainer}->[2];
+	debug('using keygrip for yaml: ' . $keygrip);
+
+	my $h = Digest::SHA->new('sha256');
+	$h->addfile($fp);
+	my $z = $h->hexdigest;
+	debug('calculated sha256 ' . $z . ' for yaml ' . $fp);
+
+	my $hp = $fp . '.sha256';
+	my $f;
+	open($f, ">$hp") or (error('could not open yaml digest file: ' . $!) && return undef);
+	print $f $z . "\t" . basename($fp) . "\n";
+	close($f);
+
+	if (!defined $keygrip) {
+		warn('skipping yaml signature due to missing key');
+		return $fp;
+	}
+
+	my @cmd = ('gpg', '-a', '-b', '-u', $keygrip, $hp);
+	system(@cmd);
+	if ($?) {
+		error('failed sign with key '. $keygrip);
+		unlink($hp);
+		return undef;
+	}
 	return $fp;
 }