gitlab-ci: fix public RSA key creation and APKINDEX signing
This commit is contained in:
parent
5f6191c7ff
commit
ccdce02954
GPG key ID:
D62A472A4AA7D541
3 changed files with 15 additions and 10 deletions
|
|
@ -129,11 +129,11 @@ setup_system() {
|
|||
done
|
||||
doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
|
||||
doas apk -U upgrade -a || doas apk fix || die "Failed to up/downgrade system"
|
||||
gitlab_key_to_rsa $ABUILD_KEY PRIVATE $HOME/.abuild/key.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB PUBLIC $HOME/.abuild/key.rsa.pub
|
||||
chmod 700 $HOME/.abuild/key.rsa
|
||||
echo "PACKAGER_PRIVKEY=$HOME/.abuild/key.rsa" >> $HOME/.abuild/abuild.conf
|
||||
doas cp $HOME/.abuild/key.rsa.pub /etc/apk/keys/key.rsa.pub
|
||||
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
|
||||
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
|
||||
doas cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
|
||||
|
||||
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
|
||||
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
|
||||
|
|
|
|||
|
|
@ -63,8 +63,12 @@ gitlab_key_to_rsa() {
|
|||
if [ ! -d "$TGT_DIR" ]; then
|
||||
mkdir -p "$TGT_DIR"
|
||||
fi
|
||||
echo "-----BEGIN RSA $TYPE KEY-----" > "$TGT"
|
||||
case $TYPE in
|
||||
rsa-public) local type="PUBLIC";;
|
||||
rsa-private) local type="RSA PRIVATE";;
|
||||
esac
|
||||
echo "-----BEGIN $type KEY-----" > "$TGT"
|
||||
echo $1 | sed 's/.\{64\}/&\
|
||||
/g' >> "$TGT"
|
||||
echo "-----END RSA $TYPE KEY-----" >> "$TGT"
|
||||
echo "-----END $type KEY-----" >> "$TGT"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
|
|||
|
||||
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
||||
|
||||
gitlab_key_to_rsa $ABUILD_KEY PRIVATE $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB PUBLIC $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
|
||||
gitlab_key_to_rsa $SSH_KEY PRIVATE $HOME/.ssh/id_rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
|
||||
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
|
||||
chmod 700 "$HOME"/.ssh/id_rsa
|
||||
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
|
||||
|
|
@ -33,6 +33,7 @@ git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
|
|||
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
|
||||
|
||||
for repo in $(changed_repos); do
|
||||
rm $CI_PROJECT_DIR/repo-apk/$repo/x86_64/APKINDEX.tar.gz
|
||||
mkdir -p $repo/DUMMY
|
||||
echo "pkgname=DUMMY" > $repo/DUMMY/APKBUILD
|
||||
cd $repo/DUMMY
|
||||
|
|
|
|||
Loading…
Reference in a new issue