remove gpg and signing from ceph-deploy

Signed-off-by: Alfredo Deza <adeza@redhat.com>

diff --git a/ceph-deploy/build/build b/ceph-deploy/build/build
index f6da30869abae163b17584b8a2f0ad76e93484d2..1f822df4f57a1b92ef575db903888551408c83c0 100644 (file)
--- a/ceph-deploy/build/build
+++ b/ceph-deploy/build/build
@@ -6,22 +6,10 @@
 set -x
 set -e
 
-# Jenkins will set $RELEASE as a parameter in the job configuration.
-if $RELEASE ; then
-        # This is a formal release. Sign it with the release key.
-        export GNUPGHOME=/home/jenkins-build/build/gnupg.ceph-release/
-        export KEYID=460F3994
-else
-        # This is an automatic build. Sign it with the autobuild key.
-        export GNUPGHOME=/home/jenkins-build/build/gnupg.autobuild/
-        export KEYID=03C3951A
-fi
-
 HOST=$(hostname --short)
 echo "Building on ${HOST}"
 echo "  DIST=${DIST}"
 echo "  BPTAG=${BPTAG}"
-echo "  KEYID=${KEYID}"
 echo "  WS=$WORKSPACE"
 echo "  PWD=$(pwd)"
 echo "  BRANCH=$BRANCH"
@@ -47,7 +35,6 @@ then
         # in setup.py before building.
 
         REPO=rpm-repo
-        KEYID=${KEYID:-03C3951A}  # Default is autobuild-key
         BUILDAREA=./rpmbuild
         DIST=el6
         RPM_BUILD=$(lsb_release -s -c)
@@ -57,14 +44,6 @@ then
             exit 1
         fi
 
-        if gpg --list-keys 2>/dev/null | grep -q ${KEYID} ; then
-            echo "Signing packages and repo with ${KEYID}"
-        else
-            echo "Package signing key (${KEYID}) not found"
-            echo "Have you set \$GNUPGHOME ? "
-            exit 3
-        fi
-
         if ! CREATEREPO=`which createrepo` ; then
             echo "Please install the createrepo package"
             exit 4
@@ -86,16 +65,11 @@ then
         mkdir -p ${REPO}/${DIST}
         cp -r ${BUILDAREA}/*RPMS ${DEST}
 
-        # Sign all the RPMs for this release
-        rpm_list=`find ${REPO} -name "*.rpm" -print`
-        rpm --addsign --define "_gpg_name ${KEYID}" $rpm_list
-
         # Construct repodata
         for dir in ${DEST}/SRPMS ${DEST}/RPMS/*
         do
             if [ -d $dir ] ; then
                 createrepo $dir
-                gpg --detach-sign --armor -u ${KEYID} $dir/repodata/repomd.xml
             fi
         done
 
@@ -114,7 +88,6 @@ then
 
     REPO=debian-repo
     COMPONENT=main
-    KEYID=${KEYID:-03C3951A}  # default is autobuild keyid
     DEB_DIST="sid wheezy squeeze jessie precise raring trusty"
     DEB_BUILD=$(lsb_release -s -c)
     #XXX only releases until we fix this
@@ -125,14 +98,6 @@ then
         exit 1
     fi
 
-    if gpg --list-keys 2>/dev/null | grep -q ${KEYID} ; then
-        echo "Signing packages and repo with ${KEYID}"
-    else
-        echo "Package signing key (${KEYID}) not found"
-        echo "Have you set \$GNUPGHOME ? "
-        exit 3
-    fi
-
     # Clean up any leftover builds
     rm -f ../ceph-deploy*.dsc ../ceph-deploy*.changes ../ceph-deploy*.deb ../ceph-deploy.tgz
     rm -rf ./debian-repo
@@ -147,7 +112,9 @@ then
 
     # Build Package
     echo "Building for dist: $DEB_BUILD"
-    dpkg-buildpackage -k$KEYID
+    # we no longer sign the .dsc or .changes files (done by default with
+    # the `-k$KEYID` flag), so explicitly tell the tool not to sign them
+    dpkg-buildpackage -uc -us
     if [ $? -ne 0 ] ; then
         echo "Build failed"
         exit 2
@@ -160,6 +127,10 @@ then
         rm -f $REPO/conf/distributions
     fi
 
+    # FIXME: This file is explicitly saying what it was signed with but we no longer
+    # sign anything here. This could become a problem if this repo is getting built
+    # and not signed and published somehwere. When the Binary API service is running
+    # and serving repos, this step should no longer create repositories
     for DIST in  $DEB_DIST ; do
         cat <<EOF >> $REPO/conf/distributions
 Codename: $DIST
@@ -171,7 +142,7 @@ Description: Ceph distributed file system
 DebIndices: Packages Release . .gz .bz2
 DscIndices: Sources Release .gz .bz2
 Contents: .gz .bz2
-SignWith: $KEYID
+SignWith: 460F3994
 
 EOF
     done