From ba44c53113c2831a58b10ee1e60ff292a534c8b3 Mon Sep 17 00:00:00 2001
From: neingeist <neingeist@bl0rg.net>
Date: Sat, 21 Nov 2015 18:04:54 +0100
Subject: [PATCH] gen-yum: Check for unsigned RPMs

---
 gen-yum | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gen-yum b/gen-yum
index b188c2c..bdf27f6 100755
--- a/gen-yum
+++ b/gen-yum
@@ -11,12 +11,23 @@ for base_dir in $BASE_DIRS; do
     if [ -d $YUM ]; then
       echo "== $YUM"
       cd $YUM
+
+      # Check for unsigned RPMs
+      unsigned=`rpm --checksig *.rpm | egrep -v ': .*pgp'` || true
+      if [ ${#unsigned} != 0 ]; then
+        echo "Unsigned packages:"
+        echo "$unsigned"
+        exit 1
+      fi
+
+      # Create and sign repodata
       createrepo --update --checkts .
       if [     ! -e repodata/repomd.xml.asc \
            -o repodata/repomd.xml.asc -ot repodata/repomd.xml ]; then
         rm -f repodata/repomd.xml.asc
         gpg -u $GPG_KEY --detach-sign --armor repodata/repomd.xml
       fi
+
     fi
   done
 done