[gentoo-commits] repo/proj/prefix:master commit in: scripts/rsync-generation/

Sat, 17 Feb 2018 00:13:38 -0800 

commit:     7555f191b3b49230fa00d9bb85da5c2e56928189
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 17 08:11:44 2018 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat Feb 17 08:11:44 2018 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=7555f191

scripts/rsync-generation/update-rsync-master: generate/sign manifest last

Generate manifests as last thing, else we invalidate the signatures due
to other work preparing the tree.

 scripts/rsync-generation/update-rsync-master.sh | 56 ++++++++++++-------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/scripts/rsync-generation/update-rsync-master.sh 
b/scripts/rsync-generation/update-rsync-master.sh
index 459edebce0..e78b89f896 100755
--- a/scripts/rsync-generation/update-rsync-master.sh
+++ b/scripts/rsync-generation/update-rsync-master.sh
@@ -185,34 +185,6 @@ echo "($(date +"%F %R")) Prefix tree rsynced"
 STOP=$(date +%s)
 TIME_SVNPREFIX=$((STOP - START))
 
-START=$(date +%s)
-
-echo "($(date +"%F %R")) signing Manifest"
-
-# generate Thick Manifests
-${BASE_PATH}/hashgen "${RSYNCDIR}"
-
-# Signing is done with our snapshot signing key, and only on the top
-# level Manifest, for it covers indirectly the entire tree
-
-# remember, HOME is set to misc/ so .gnupg keychain lives there
-gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \
-       --pinentry-mode loopback \
-       --sign --clearsign --digest-algo SHA512 \
-       --yes "${RSYNCDIR}"/Manifest \
-       < "${BASE_PATH}"/autosigner.pwd >& /dev/null
-if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then
-       touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc
-       mv "${RSYNCDIR}"/Manifest{.asc,}
-else
-       echo "signing failed!" >> /dev/stderr
-fi
-
-echo "($(date +"%F %R")) Manifest signed"
-
-STOP=$(date +%s)
-TIME_MANISIGN=$((STOP - START))
-
 
 # define repo_name, can't use gx86's name as we're different
 echo "($(date +"%F %R")) setting repo_name and making the prefix profiles 
development ones (iso exp)"
@@ -264,6 +236,34 @@ chmod -R u-s,g-s "${RSYNCDIR}"/metadata
 STOP=$(date +%s)
 TIME_TOTAL=$((STOP - GLOBALSTART))
 
+START=$(date +%s)
+
+echo "($(date +"%F %R")) signing Manifest"
+
+# generate Thick Manifests
+${BASE_PATH}/hashgen "${RSYNCDIR}"
+
+# Signing is done with our snapshot signing key, and only on the top
+# level Manifest, for it covers indirectly the entire tree
+
+# remember, HOME is set to misc/ so .gnupg keychain lives there
+gpg --batch --no-tty --passphrase-fd 0 --default-key C6317B3C \
+       --pinentry-mode loopback \
+       --sign --clearsign --digest-algo SHA512 \
+       --yes "${RSYNCDIR}"/Manifest \
+       < "${BASE_PATH}"/autosigner.pwd 2>&1
+if [[ -f ${RSYNCDIR}/Manifest.asc ]] ; then
+       touch -r "${RSYNCDIR}"/Manifest "${RSYNCDIR}"/Manifest.asc
+       mv "${RSYNCDIR}"/Manifest{.asc,}
+else
+       echo "signing failed!" >> /dev/stderr
+fi
+
+echo "($(date +"%F %R")) Manifest signed"
+
+STOP=$(date +%s)
+TIME_MANISIGN=$((STOP - START))
+
 # feed timings to graphite
 prefix="gentoo.rsync-generation.$(hostname -s)"
 {

Reply via email to