diff options
| author | khorben <khorben@pkgsrc.org> | 2014-04-06 15:04:16 +0000 |
|---|---|---|
| committer | khorben <khorben@pkgsrc.org> | 2014-04-06 15:04:16 +0000 |
| commit | f9422043781b71feb65dfdd11518adb748d6c473 (patch) | |
| tree | b000748a3a6b407930f92db61f5ec9a38f6fe254 /mk/pkgformat | |
| parent | 939d754d724ea58252b6fff41eef6c69667f9644 (diff) | |
| download | pkgsrc-f9422043781b71feb65dfdd11518adb748d6c473.tar.gz | |
Create signed packages automatically if desired. It is disabled by default,
and documented in mk/defaults/mk.conf. Both the "gpg" and "x509" methods
supported by pkg_admin(1) are supported. With package signing enabled, a
staging, unsigned copy of the package is always created, and its final copy
to the package repository is done with pkg_admin(1) instead of "ln || cp".
Proper operation should otherwise not be affected.
Tested both with and without user-destdir support in packages.
"can live with it" joerg@
From EdgeBSD.
Diffstat (limited to 'mk/pkgformat')
| -rw-r--r-- | mk/pkgformat/pkg/package.mk | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/mk/pkgformat/pkg/package.mk b/mk/pkgformat/pkg/package.mk index bfbfe57ce16..ddc8be16a07 100644 --- a/mk/pkgformat/pkg/package.mk +++ b/mk/pkgformat/pkg/package.mk @@ -1,4 +1,4 @@ -# $NetBSD: package.mk,v 1.3 2013/08/10 06:05:57 obache Exp $ +# $NetBSD: package.mk,v 1.4 2014/04/06 15:04:16 khorben Exp $ .if defined(PKG_SUFX) WARNINGS+= "PKG_SUFX is deprecated, please use PKG_COMPRESSION" @@ -14,7 +14,13 @@ PKG_SUFX?= .tgz FILEBASE?= ${PKGBASE} PKGFILE?= ${PKGREPOSITORY}/${FILEBASE}-${PKGVERSION}${PKG_SUFX} .if ${_USE_DESTDIR} == "no" +. if !empty(SIGN_PACKAGES:Mgpg) +STAGE_PKGFILE?= ${WRKDIR}/.packages/${FILEBASE}-${PKGVERSION}${PKG_SUFX} +. elif !empty(SIGN_PACKAGES:Mx509) +STAGE_PKGFILE?= ${WRKDIR}/.packages/${FILEBASE}-${PKGVERSION}${PKG_SUFX} +. else STAGE_PKGFILE?= ${PKGFILE} +. endif .else STAGE_PKGFILE?= ${WRKDIR}/.packages/${FILEBASE}-${PKGVERSION}${PKG_SUFX} .endif @@ -38,7 +44,7 @@ package-check-installed: ### package-create creates the binary package. ### .PHONY: package-create -package-create: package-remove ${PKGFILE} package-links +package-create: ${PKGFILE} package-links ###################################################################### ### stage-package-create (PRIVATE, pkgsrc/mk/package/package.mk) @@ -76,12 +82,21 @@ ${STAGE_PKGFILE}: ${_CONTENTS_TARGETS} exitcode=$$?; ${RM} -f "$$tmpname"; exit $$exitcode; \ fi -.if ${_USE_DESTDIR} != "no" +.if ${PKGFILE} != ${STAGE_PKGFILE} ${PKGFILE}: ${STAGE_PKGFILE} ${RUN} ${MKDIR} ${.TARGET:H} +. if !empty(SIGN_PACKAGES:Mgpg) + @${STEP_MSG} "Creating signed binary package ${.TARGET} (GPG)" + ${PKG_ADMIN} gpg-sign-package ${STAGE_PKGFILE} ${PKGFILE} +. elif !empty(SIGN_PACKAGES:Mx509) + @${STEP_MSG} "Creating signed binary package ${.TARGET} (X509)" + ${PKG_ADMIN} x509-sign-package ${STAGE_PKGFILE} ${PKGFILE} \ + ${X509_KEY} ${X509_CERTIFICATE} +. else @${STEP_MSG} "Creating binary package ${.TARGET}" ${LN} -f ${STAGE_PKGFILE} ${PKGFILE} 2>/dev/null || \ ${CP} -pf ${STAGE_PKGFILE} ${PKGFILE} +. endif .endif ###################################################################### |