From 51c39d58fa8b0a18cddf7be0eb6262818e8f45da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 28 Sep 2024 12:22:35 +0000 Subject: [PATCH] scripts: signall: fix wrong GPG signature on apk packages.adb index MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently the GPG signature verification of apk's packages.adb index fails as the file is modified with `apk adbsign` after its GPG signed. So lets fix by moving the `apk adbsign` before the GPG signing step. Fixes: a94d4e15fdc1 ("add APK signing logic") Signed-off-by: Petr Štetiar --- scripts/signall.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/scripts/signall.sh b/scripts/signall.sh index c15c9f2..2159349 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -71,6 +71,15 @@ USIGNCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "usign_comme APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "apk_key")" fi +if [ -n "$APKSIGNKEY" ]; then + umask 077 + echo "$APKSIGNKEY" > "$tmpdir/apk.pem" + + umask 022 + find "$tmpdir/tar/" -type f -name "packages.adb" -exec \ + "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6 +fi + if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then umask 077 echo "$GPGPASS" > "$tmpdir/gpg.pass" @@ -105,15 +114,6 @@ if [ -n "$USIGNKEY" ]; then signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5 fi -if [ -n "$APKSIGNKEY" ]; then - umask 077 - echo "$APKSIGNKEY" > "$tmpdir/apk.pem" - - umask 022 - find "$tmpdir/tar/" -type f -name "packages.adb" -exec \ - "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6 -fi - tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6 finish 0