commit 58278bd5567ea7ae3efa53ba49dc84f5b94a8520
parent d76ccc4ff57a98b0900c6f1c44ad988ca0dc9e07
Author: lash <dev@holbrook.no>
Date: Wed, 19 Jun 2024 17:00:21 +0100
Add digest and sign to archive file
Diffstat:
3 files changed, 53 insertions(+), 8 deletions(-)
diff --git a/Bluto.pm b/Bluto.pm
@@ -13,8 +13,8 @@ my @m_tech;
my @m_url;
my @m_vcs;
my @m_src;
-my @m_author_maintainer = [undef, undef];
-my @m_author_origin = [undef, undef];
+my @m_author_maintainer = [undef, undef, undef];
+my @m_author_origin = [undef, undef, undef];
my %m_main = (
name => undef,
slug => undef,
@@ -51,20 +51,21 @@ sub from_config {
info('using version ' . $version);
$m_main{name} = $cfg->param('main.name');
- #$m_main{version} = $cfg->param('main.version');
$m_main{version} = $version;
$m_main{slug} = $cfg->param('main.slug');
$m_main{summary} = $cfg->param('main.summary');
$m_main{license} = $cfg->param('main.license');
$m_main{url} = $cfg->param('main.url');
- $m_main{author_maintainer}[0] = $cfg->param('author:maintainer.name') . " <" . $cfg->param('author:maintainer.email') . ">";
- $m_main{author_maintainer}[1] = $cfg->param('author:maintainer.pgp');
+ $m_main{author_maintainer}[0] = $cfg->param('author:maintainer.name');
+ $m_main{author_maintainer}[1] = $m_main{author_maintainer}[0] . " <" . $cfg->param('author:maintainer.email') . ">";
+ $m_main{author_maintainer}[2] = $cfg->param('author:maintainer.pgp');
my $feed_file = File::Spec->catfile( $feed_dir, $m_main{slug} ) . ".rss";
if (!defined $cfg->param('author:origin')) {
$m_main{author_origin}[0] = $m_main{author_maintainer}[0];
$m_main{author_origin}[1] = $m_main{author_maintainer}[1];
+ $m_main{author_origin}[2] = $m_main{author_maintainer}[2];
}
if (defined $cfg->param('vcs.tag_prefix')) {
@@ -100,7 +101,7 @@ sub from_config {
return undef;
}
- my $targz = Bluto::Archive::create($m_main{slug}, $m_main{version}, $m_main{tag_prefix}, $env->{src_dir});
+ my $targz = Bluto::Archive::create($m_main{slug}, $m_main{version}, $m_main{author_maintainer}[2], $m_main{tag_prefix}, $env->{src_dir});
if (!defined $targz) {
return undef;
}
@@ -119,7 +120,7 @@ sub from_config {
if ($version_src =~ '^sha256:(.*)$' ) {
push(@changelog_candidates, $1);
- debug('found sha256 changelog entry ' . $1 . ' for ' . $have_version_match . ' from ' . $fp);
+ debug('found sha256 changelog entry ' . $1 . ' for ' . $have_version_match);
} else {
push(@changelog_candidates, $version_src);
}
diff --git a/Bluto/Archive.pm b/Bluto/Archive.pm
@@ -1,11 +1,41 @@
package Bluto::Archive;
use Cwd;
+use File::Basename qw/ basename /;
+use Digest::SHA;
+
use Log::Term::Ansi qw/error info debug warn trace/;
+
+sub seal {
+ my $targz = shift;
+ my $keygrip = shift;
+
+ my $h = Digest::SHA->new('sha256');
+ $h->addfile($targz);
+ my $z = $h->hexdigest;
+ debug('calculated sha256 ' . $z . ' for archive ' . $targz);
+ my $hp = $targz . '.sha256';
+ my $f;
+ open($f, ">$hp") or (error('could not open digest file: ' . $!) && return undef);
+ print $f $z . "\t" . basename($targz) . "\n";
+ close($f);
+
+ my @cmd = ('gpg', '-a', '-b', '-u', $keygrip, $hp);
+ system(@cmd);
+ if ($?) {
+ error('failed sign with key '. $keygrip);
+ unlink($hp);
+ return undef;
+ }
+
+ return $z;
+}
+
sub create {
my $slug = shift;
my $version = shift;
+ my $keygrip = shift;
my $git_prefix = shift;
my $src_dir = shift;
@@ -38,8 +68,22 @@ sub create {
error("package generation reported ok but still no file");
return undef;
}
+
+ my $seal = seal($targz_local, $keygrip);
+ if (!defined $seal) {
+ error("failed sealing archive");
+ unlink($targz);
+ return undef;
+ }
+ info('sealed archive as sha256 ' . $seal . ' signed by ' . $keygrip);
+
+ } else {
+ info("using existing package file: " . $targz);
+ warn("existing package file is not being checked in any way 8|");
}
+
+
chdir($old_dir);
return $targz_local;
diff --git a/Bluto/RSS.pm b/Bluto/RSS.pm
@@ -47,7 +47,7 @@ sub process {
description => $release->{summary},
dc => {
date => DateTime->now()->stringify(),
- creator => $release->{author_maintainer},
+ creator => $release->{author_maintainer}[0],
publisher => "$0 " . SemVer->new(Bluto::Version::VERSION). " (perl $^V)",
},
# subject => "Linux Software",
