From c70f68e2acf7ccd138c05ccde9c57b05634d5e12 Mon Sep 17 00:00:00 2001 From: Alfredo Deza Date: Wed, 23 Sep 2015 14:00:04 -0400 Subject: [PATCH] remove gpg and signing from ceph-deploy Signed-off-by: Alfredo Deza --- ceph-deploy/build/build | 45 ++++++++--------------------------------- 1 file changed, 8 insertions(+), 37 deletions(-) diff --git a/ceph-deploy/build/build b/ceph-deploy/build/build index f6da3086..1f822df4 100644 --- a/ceph-deploy/build/build +++ b/ceph-deploy/build/build @@ -6,22 +6,10 @@ set -x set -e -# Jenkins will set $RELEASE as a parameter in the job configuration. -if $RELEASE ; then - # This is a formal release. Sign it with the release key. - export GNUPGHOME=/home/jenkins-build/build/gnupg.ceph-release/ - export KEYID=460F3994 -else - # This is an automatic build. Sign it with the autobuild key. - export GNUPGHOME=/home/jenkins-build/build/gnupg.autobuild/ - export KEYID=03C3951A -fi - HOST=$(hostname --short) echo "Building on ${HOST}" echo " DIST=${DIST}" echo " BPTAG=${BPTAG}" -echo " KEYID=${KEYID}" echo " WS=$WORKSPACE" echo " PWD=$(pwd)" echo " BRANCH=$BRANCH" @@ -47,7 +35,6 @@ then # in setup.py before building. REPO=rpm-repo - KEYID=${KEYID:-03C3951A} # Default is autobuild-key BUILDAREA=./rpmbuild DIST=el6 RPM_BUILD=$(lsb_release -s -c) @@ -57,14 +44,6 @@ then exit 1 fi - if gpg --list-keys 2>/dev/null | grep -q ${KEYID} ; then - echo "Signing packages and repo with ${KEYID}" - else - echo "Package signing key (${KEYID}) not found" - echo "Have you set \$GNUPGHOME ? " - exit 3 - fi - if ! CREATEREPO=`which createrepo` ; then echo "Please install the createrepo package" exit 4 @@ -86,16 +65,11 @@ then mkdir -p ${REPO}/${DIST} cp -r ${BUILDAREA}/*RPMS ${DEST} - # Sign all the RPMs for this release - rpm_list=`find ${REPO} -name "*.rpm" -print` - rpm --addsign --define "_gpg_name ${KEYID}" $rpm_list - # Construct repodata for dir in ${DEST}/SRPMS ${DEST}/RPMS/* do if [ -d $dir ] ; then createrepo $dir - gpg --detach-sign --armor -u ${KEYID} $dir/repodata/repomd.xml fi done @@ -114,7 +88,6 @@ then REPO=debian-repo COMPONENT=main - KEYID=${KEYID:-03C3951A} # default is autobuild keyid DEB_DIST="sid wheezy squeeze jessie precise raring trusty" DEB_BUILD=$(lsb_release -s -c) #XXX only releases until we fix this @@ -125,14 +98,6 @@ then exit 1 fi - if gpg --list-keys 2>/dev/null | grep -q ${KEYID} ; then - echo "Signing packages and repo with ${KEYID}" - else - echo "Package signing key (${KEYID}) not found" - echo "Have you set \$GNUPGHOME ? " - exit 3 - fi - # Clean up any leftover builds rm -f ../ceph-deploy*.dsc ../ceph-deploy*.changes ../ceph-deploy*.deb ../ceph-deploy.tgz rm -rf ./debian-repo @@ -147,7 +112,9 @@ then # Build Package echo "Building for dist: $DEB_BUILD" - dpkg-buildpackage -k$KEYID + # we no longer sign the .dsc or .changes files (done by default with + # the `-k$KEYID` flag), so explicitly tell the tool not to sign them + dpkg-buildpackage -uc -us if [ $? -ne 0 ] ; then echo "Build failed" exit 2 @@ -160,6 +127,10 @@ then rm -f $REPO/conf/distributions fi + # FIXME: This file is explicitly saying what it was signed with but we no longer + # sign anything here. This could become a problem if this repo is getting built + # and not signed and published somehwere. When the Binary API service is running + # and serving repos, this step should no longer create repositories for DIST in $DEB_DIST ; do cat <> $REPO/conf/distributions Codename: $DIST @@ -171,7 +142,7 @@ Description: Ceph distributed file system DebIndices: Packages Release . .gz .bz2 DscIndices: Sources Release .gz .bz2 Contents: .gz .bz2 -SignWith: $KEYID +SignWith: 460F3994 EOF done -- 2.39.5