... |
... |
@@ -387,19 +387,32 @@ log "Release file generated, waiting for RMs checking and (hopefully) signing" |
387
|
387
|
merge-release-signatures() {
|
388
|
388
|
local archiveroot="${1}"
|
389
|
389
|
local s="${2}"
|
390
|
|
- local releasefile="${3}"
|
391
|
|
- rm -f ${archiveroot}/dists/${s}/InRelease ${archiveroot}/zzz-dists/${s}/InRelease
|
|
390
|
+ local oursignature="${3}"
|
|
391
|
+ local ourmessage="${4}"
|
|
392
|
+ local releasefile="${5}"
|
|
393
|
+
|
|
394
|
+ echo "==== Processing ${s}/${oursignature}..."
|
|
395
|
+
|
|
396
|
+ # backup ${oursignature} before we modify it...
|
|
397
|
+ cp --no-clobber ${archiveroot}/zzz-dists/${s}/${oursignature} ~/${suitename}_${newrev}/${oursignature}
|
|
398
|
+
|
392
|
399
|
cd ~/${suitename}_${newrev}
|
393
|
400
|
while ! ${wget} -O "${releasefile}" "${release_base}/${releasefile}"; do
|
394
|
401
|
sleep 10
|
395
|
402
|
done
|
396
|
|
- cd ${archiveroot}/dists/${s}
|
397
|
|
- cat ~/${suitename}_${newrev}/${releasefile} >> Release.gpg
|
398
|
|
- gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --trust-model=always --verify Release.gpg Release
|
|
403
|
+ ${scriptsdir}/gpg-merge-signatures "${oursignature}" "${releasefile}" > ${archiveroot}/dists/${s}/${oursignature}
|
|
404
|
+
|
|
405
|
+ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --trust-model=always --verify ${oursignature} ${ourmessage}
|
399
|
406
|
}
|
400
|
407
|
|
401
|
|
-merge-release-signatures $(get_archiveroot ftp-master) ${suite} Release-${newrev}.gpg
|
402
|
|
-merge-release-signatures $(get_archiveroot debian-debug) ${suite}-debug Release-${newrev}-debug.gpg
|
|
408
|
+merge-release-signatures $(get_archiveroot ftp-master) ${suite} Release.gpg Release Release-${newrev}.gpg
|
|
409
|
+merge-release-signatures $(get_archiveroot debian-debug) ${suite}-debug Release.gpg Release Release-${newrev}-debug.gpg
|
|
410
|
+if [ "${suitename}" = stretch ]; then
|
|
411
|
+ rm -f ${archiveroot}/dists/${suite}/InRelease ${archiveroot}/zzz-dists/${suite}/InRelease
|
|
412
|
+else
|
|
413
|
+ merge-release-signatures $(get_archiveroot ftp-master) ${suite} InRelease "" InRelease-${newrev}.gpg
|
|
414
|
+ merge-release-signatures $(get_archiveroot debian-debug) ${suite}-debug InRelease "" InRelease-${newrev}-debug.gpg
|
|
415
|
+fi
|
403
|
416
|
|
404
|
417
|
echo "Done. Is a mirrorpush needed? Or just one to the cd-builder?"
|
405
|
418
|
read -e -p "Mirrorpush? no/cd/yes " -i "cd" mirrorpush
|