add sign-binpackages.sh

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

1 files changed, 41 insertions, 0 deletions

diff --git a/sign-binpackages.sh b/sign-binpackages.sh
new file mode 100755
index 0000000..4ae9dc0
--- /dev/null
+++ b/sign-binpackages.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright 2010-2023 Gentoo Authors; Distributed under the GPL v2
+# might be earlier copyright, no history available
+
+# Keep this variable in sync in both sign-autobuilds.sh & sync-autobuilds.sh
+_ARCHES="alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86"
+        #alpha amd64 arm64 arm hppa ia64 loong m68k mips ppc riscv s390 sh sparc x86
+ARCHES=${ARCHES:-${_ARCHES}}
+
+
+INTREE=blablabla
+SIGTREE=blablabla
+
+DEBUG=''
+VERBOSE=''
+
+BINPKG_GPG_SIGNING_GPG_HOME=/home/gmirror/.gnupg-releng
+BINPKG_GPG_SIGNING_KEY=blablabla
+
+gpgconf --kill all
+
+# step 1: rsync from the dirs where the arches copy in
+# make sure to *not* overwrite existing newer files (obviously
+# the signature changed them)...
+
+for a in $ARCHES ; do
+  rsync --recursive --delete --delete-after --update ${INTREE}/${a}/* ${SIGTREE}/${a}/
+done
+
+# step 2: iterate over all binary package trees, sign
+# all unsigned files
+# we assume the directory structure to be
+#   /binpackages/amd64/17.1/x86-64
+#   /binpackages/amd64/17.1/x86-64_musl
+#   /binpackages/mips/17.0/mipsel3_n32
+#   /binpackages/x86/17.0/x86_musl_hardened
+
+for t in ${SIGTREE}/*/*/* ; do
+  find ${t} -name '*.gpkg' -exec gpkg-sign --skip-signed \{\} \;
+  PKGDIR=${t} emaint binhost fix
+done