]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-build.git/commitdiff
projects / ceph-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b20e323)
scripts/sign-rpms: signing repomd.xml has to come after all updates 2125/head
authorDan Mick <dmick@redhat.com>
Fri, 7 Apr 2023 10:20:50 +0000 (03:20 -0700)
committerDan Mick <dmick@redhat.com>
Fri, 7 Apr 2023 10:20:50 +0000 (03:20 -0700)
We had been signing, and then running createrepo, which changed repomd
and thus invalidated the signature.

Signed-off-by: Dan Mick <dmick@redhat.com>
scripts/sign-rpms patch | blob | history

diff --git a/scripts/sign-rpms b/scripts/sign-rpms
index 3296a82c101061d751d6097731bd01f6aa6b0273..d8a782b5388c9041b8da5d0f57e7b13024697b18 100644 (file)
--- a/scripts/sign-rpms
+++ b/scripts/sign-rpms
@@ -70,15 +70,7 @@ for release in "${releases[@]}"; do
             fi
           done
 
-          # now sign the repomd.xml files
-          if [[ $update_repo -eq 1 ]]; then
-            for repomd in `find -name repomd.xml`; do
-              echo "signing repomd: $repomd"
-              gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --detach-sign --armor -u $keyid $repomd
-            done
-          fi
-
-          # finally, update the repo metadata
+          # now, update the repo metadata
           if [[ $update_repo -eq 1 ]]; then
             for directory in $(ls $path/$distro/$distro_version); do
               cd $directory
@@ -96,6 +88,14 @@ for release in "${releases[@]}"; do
             done
           fi
 
+          # finally, sign the repomd.xml files
+          if [[ $update_repo -eq 1 ]]; then
+            for repomd in `find -name repomd.xml`; do
+              echo "signing repomd: $repomd"
+              gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --detach-sign --armor -u $keyid $repomd
+            done
+          fi
+
         fi
       done
     done
Unnamed repository; edit this file 'description' to name the repository.