[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[edgebsd-developers] [PATCH] Added support for creating signed binary packages directly

To: undisclosed-recipients:;
Subject: [edgebsd-developers] [PATCH] Added support for creating signed binary packages directly
From: Pierre Pronchery <khorben@xxxxxxxxxxx>
Date: Fri, 30 Aug 2013 01:26:23 +0200
Delivered-to: edgebsd-developers@xxxxxxxxxxxxxxxxx
List-archive: http://lists.edgebsd.org/edgebsd-developers/
List-help: <mailto:minimalist@lists.edgebsd.org?subject=help>
List-id: <edgebsd-developers.lists.edgebsd.org>
List-owner: <mailto:edgebsd-developers-owner@lists.edgebsd.org>
List-post: <mailto:edgebsd-developers@lists.edgebsd.org>
List-subscribe: <mailto:minimalist@lists.edgebsd.org?subject=subscribe%20edgebsd-developers>
List-unsubscribe: <mailto:minimalist@lists.edgebsd.org?subject=unsubscribe%20edgebsd-developers>

---
 mk/defaults/mk.conf         |   15 +++++++++++++++
 mk/pkgformat/pkg/package.mk |   12 ++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
index 46b89a2..86e4f06 100644
--- a/mk/defaults/mk.conf
+++ b/mk/defaults/mk.conf
@@ -60,6 +60,21 @@ GZIP?=	-9
 # Possible: not defined, no
 # Default: yes
 
+#SIGN_PACKAGES=
+# sign the packages generated (when supported) with the method specified.
+# Possible: gpg, x509, not defined
+# Default: not defined
+
+#X509_KEY=
+# key to use when signing packages with an X509 certificate.
+# Possible: pathname to the key file, not defined
+# Default: not defined
+
+#X509_CERTIFICATE=
+# certificate to use when signing packages with an X509 certificate.
+# Possible: pathname to the X509 certificate, not defined
+# Default: not defined
+
 #OBJHOSTNAME=
 # use hostname-specific object directories, e.g.  work.amnesiac, work.localhost
 # OBJHOSTNAME takes precedence over OBJMACHINE (see below).
diff --git a/mk/pkgformat/pkg/package.mk b/mk/pkgformat/pkg/package.mk
index bfbfe57..3a0175b 100644
--- a/mk/pkgformat/pkg/package.mk
+++ b/mk/pkgformat/pkg/package.mk
@@ -77,12 +77,24 @@ ${STAGE_PKGFILE}: ${_CONTENTS_TARGETS}
 	fi
 
 .if ${_USE_DESTDIR} != "no"
+.if !empty(SIGN_PACKAGES:Mgpg)
+${PKGFILE}: ${STAGE_PKGFILE}
+	${RUN} ${MKDIR} ${.TARGET:H}
+	@${STEP_MSG} "Creating signed binary package ${.TARGET}"
+	${PKG_ADMIN} gpg-sign-package ${STAGE_PKGFILE} ${PKGFILE}
+.elif !empty(SIGN_PACKAGES:Mx509)
+${PKGFILE}: ${STAGE_PKGFILE}
+	${RUN} ${MKDIR} ${.TARGET:H}
+	@${STEP_MSG} "Creating signed binary package ${.TARGET}"
+	${PKG_ADMIN} x509-sign-package ${STAGE_PKGFILE} ${PKGFILE} ${X509_KEY} ${X509_CERTIFICATE}
+.else
 ${PKGFILE}: ${STAGE_PKGFILE}
 	${RUN} ${MKDIR} ${.TARGET:H}
 	@${STEP_MSG} "Creating binary package ${.TARGET}"
 	${LN} -f ${STAGE_PKGFILE} ${PKGFILE} 2>/dev/null || \
 		${CP} -pf ${STAGE_PKGFILE} ${PKGFILE}
 .endif
+.endif
 
 ######################################################################
 ### package-remove (PRIVATE)
-- 
1.7.2.5

EdgeBSD developers <edgebsd-developers@xxxxxxxxxxxxxxxxx>

Prev by Date: [edgebsd-developers] [PATCH] Added support for creating signed binary packages directly
Next by Date: Re: [edgebsd-developers] [PATCH] Added support for creating signed binary packages directly
Previous by thread: Re: [edgebsd-developers] [PATCH] Added support for creating signed binary packages directly
Index(es):
- Date
- Thread