gen-yum: Check for unsigned RPMs

2015-11-21 18:04:54 +01:00 · 2015-11-21 18:04:54 +01:00 · ba44c53113
commit ba44c53113
parent 10034a2b34
1 changed files with 11 additions and 0 deletions
--- a/11
+++ b/11
@ -11,12 +11,23 @@ for base_dir in $BASE_DIRS; do
    if [ -d $YUM ]; then
      echo "== $YUM"
      cd $YUM
+
+      # Check for unsigned RPMs
+      unsigned=`rpm --checksig *.rpm | egrep -v ': .*pgp'` || true
+      if [ ${#unsigned} != 0 ]; then
+        echo "Unsigned packages:"
+        echo "$unsigned"
+        exit 1
+      fi
+
+      # Create and sign repodata
      createrepo --update --checkts .
      if [     ! -e repodata/repomd.xml.asc \
           -o repodata/repomd.xml.asc -ot repodata/repomd.xml ]; then
        rm -f repodata/repomd.xml.asc
        gpg -u $GPG_KEY --detach-sign --armor repodata/repomd.xml
      fi
+
    fi
  done
 done