summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2018-02-17 09:11:44 +0100
committerFabian Groffen <grobian@gentoo.org>2018-02-17 09:11:44 +0100
commit7555f191b3b49230fa00d9bb85da5c2e56928189 (patch)
treec4984913c15d9f901b79e4ce9ef5b1929d1e3974
parentsys-apps/coreutils: add back libstdbuf fixes, bug #647708 (diff)
downloadprefix-7555f191b3b49230fa00d9bb85da5c2e56928189.zip
prefix-7555f191b3b49230fa00d9bb85da5c2e56928189.tar.gz
prefix-7555f191b3b49230fa00d9bb85da5c2e56928189.tar.bz2
scripts/rsync-generation/update-rsync-master: generate/sign manifest last
Generate manifests as last thing, else we invalidate the signatures due to other work preparing the tree.
-rwxr-xr-xscripts/rsync-generation/update-rsync-master.sh56
1 files changed, 28 insertions, 28 deletions
diff --git a/scripts/rsync-generation/update-rsync-master.sh b/scripts/rsync-generation/update-rsync-master.sh
index 459edeb..e78b89f 100755
--- a/scripts/rsync-generation/update-rsync-master.sh
+++ b/scripts/rsync-generation/update-rsync-master.sh
@@ -185,34 +185,6 @@ echo "($(date +"%F %R")) Prefix tree rsynced"
STOP=$(date +%s)
TIME_SVNPREFIX=$((STOP - START))
-START=$(date +%s)
-
-echo "($(date +"%F %R")) signing Manifest"
-
-# generate Thick Manifests
-${BASE_PATH}/hashgen "${RSYNCDIR}"
-
-# Signing is done with our snapshot signing key, and only on the top
-# level Manifest, for it covers indirectly the entire tree
-
-# remember, HOME is set to misc/ so .gnupg keychain lives there
-gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \
- --pinentry-mode loopback \
- --sign --clearsign --digest-algo SHA512 \
- --yes "${RSYNCDIR}"/Manifest \
- < "${BASE_PATH}"/autosigner.pwd >& /dev/null
-if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then
- touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc
- mv "${RSYNCDIR}"/Manifest{.asc,}
-else
- echo "signing failed!" >> /dev/stderr
-fi
-
-echo "($(date +"%F %R")) Manifest signed"
-
-STOP=$(date +%s)
-TIME_MANISIGN=$((STOP - START))
-
# define repo_name, can't use gx86's name as we're different
echo "($(date +"%F %R")) setting repo_name and making the prefix profiles development ones (iso exp)"
@@ -264,6 +236,34 @@ chmod -R u-s,g-s "${RSYNCDIR}"/metadata
STOP=$(date +%s)
TIME_TOTAL=$((STOP - GLOBALSTART))
+START=$(date +%s)
+
+echo "($(date +"%F %R")) signing Manifest"
+
+# generate Thick Manifests
+${BASE_PATH}/hashgen "${RSYNCDIR}"
+
+# Signing is done with our snapshot signing key, and only on the top
+# level Manifest, for it covers indirectly the entire tree
+
+# remember, HOME is set to misc/ so .gnupg keychain lives there
+gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \
+ --pinentry-mode loopback \
+ --sign --clearsign --digest-algo SHA512 \
+ --yes "${RSYNCDIR}"/Manifest \
+ < "${BASE_PATH}"/autosigner.pwd 2>&1
+if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then
+ touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc
+ mv "${RSYNCDIR}"/Manifest{.asc,}
+else
+ echo "signing failed!" >> /dev/stderr
+fi
+
+echo "($(date +"%F %R")) Manifest signed"
+
+STOP=$(date +%s)
+TIME_MANISIGN=$((STOP - START))
+
# feed timings to graphite
prefix="gentoo.rsync-generation.$(hostname -s)"
{