Mailinglist Archive: opensuse-buildservice (351 mails)

< Previous Next >
Re: [opensuse-buildservice] How can i setup package signing on local obs?
  • From: Christian <chris@xxxxxxxxxxxxxxxx>
  • Date: Mon, 07 Jul 2008 00:21:26 +0000
  • Message-id: <48716186.4070108@xxxxxxxxxxxxxxxx>
Hi Michael,

Michael Schroeder schrieb:
It doesn't really belong to obs, so I'd rather pack it as a different
package. Still TODO.
OK, can provide you with a init-script for signd. (attached)
your talking about gpg2 and a patch. Do I have to build a newer gpg for SLES10 SP2 ?

Yes, you need the "files_are_digests" patch. It's already included
in the openSUSE-10.2 gpg, so you can just install the 10.2 package.
Now signd is working.
But how to activate for my repos/packages. scheduler is telling "gpg (disabled)"
Can not find any docu about that.
Any help would be appreciated.
Cheers,
Michael.

Cheers
Chris
### for build service host
#server: <IP of your signd host>
#user: rpm@xxxxxxxxxxxxxx
#allowuser: bsrun
#
### for sign server
#allow: <IP of your obs-host>
#phrases: /root/.phrases
#!/bin/sh
# Copyright (c) 2008 Scorpio IT, Deidesheim, Germany
#
# Author: Christian Wittmer
# please send feedback to <rpm@xxxxxxxxxxxxxx>
#
# /etc/init.d/signd
#
### BEGIN INIT INFO
# Provides: signd
# Required-Start: $network $named $syslog $time
# Should-Start:
# Required-Stop:
# Default-Start: 3 5
# Default-Stop:
# Description: start the gpg sign daemon
### END INIT INFO

# check for sysconfig file
#[ -f /etc/sysconfig/mailgraph ] && . /etc/sysconfig/mailgraph ;

PATH=/bin:/usr/bin
SN_BIN="/usr/sbin/signd"
SN_OPTS=${SIGN_OPTS:="-f"}
PID=${SIGN_PID:="/var/run/signd.pid"}
LOG=${SIGN_LOG:="/var/log/signd.log"}

# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status

# First reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in
start)
echo -n "Starting gpg sign daemon (signd): "
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
nice -19 ${SN_BIN} ${SN_OPTS}

# remember status and be verbose
rc_status -v
;;
stop)
echo -n "Stopping gpg sign daemon (signd): "
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
/sbin/killproc -p ${PID} ${SN_BIN}

# remeber status and be verbose
rc_status -v
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start

# remember status and be quiet
rc_status
;;
status)
echo -n "Checking for gpg sign daemon (signd): "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.

# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running

# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc -p ${PID} ${SN_BIN}

# remember status and be verbose
rc_status -v
;;
info)
echo "Info about VAR's of sign daemon (signd): "
echo "Binary: $SN_BIN"
echo "Options: $SN_OPTS"
echo "PID file: $PID"
echo "LOG: $LOG"
;;
*)
echo "Usage: $0 { start|stop|restart|status|info}"
exit 1
;;
esac

# finally clean exit
rc_exit
< Previous Next >
Follow Ups