Ship signature file to object storage when repo was signed.

Explicitly name the signature file and ship it along with the checksum and info files.
haikuports · Aug 29, 2024 · 39095f1 · 39095f1
1 parent ad55f5f
commit 39095f1
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/HaikuPorter/PackageRepository.py b/HaikuPorter/PackageRepository.py
@@ -234,12 +234,19 @@ def createPackageRepository(self, outputPath):
 
  repoChecksumFile = repoFile + '.sha256'
  self._checksumPackageRepository(repoFile, repoChecksumFile)
- self._signPackageRepository(repoFile)
+
+ repoSignatureFile = repoFile + '.minisig'
+ wasSigned = self._signPackageRepository(repoFile, repoSignatureFile)
 
  if self.storageBackend is not None:
+ extraFiles = [repoInfoFile, repoFile, repoChecksumFile]
+ if wasSigned:
+ extraFiles.append(repoSignatureFile)
+
+ extraFiles.append(packageListFile)
+
  self._stubLocalPackages(localPackages)
- self._populateStorageBackendFiles(
- [repoInfoFile, repoFile, repoChecksumFile, packageListFile])
+ self._populateStorageBackendFiles(extraFiles)
  self._pruneStorageBackend(packageNameList)
 
  def _checksumPackageRepository(self, repoFile, repoChecksumFile):
@@ -255,13 +262,14 @@ def _checksumPackageRepository(self, repoFile, repoChecksumFile):
  with open(repoChecksumFile, 'w') as outputFile:
  outputFile.write(checksum.hexdigest())
 
- def _signPackageRepository(self, repoFile):
+ def _signPackageRepository(self, repoFile, repoSignatureFile):
  """Sign the package repository if a private key was provided"""
  privateKeyFile = getOption('packageRepositorySignPrivateKeyFile')
  privateKeyPass = getOption('packageRepositorySignPrivateKeyPass')
  if not privateKeyFile and not privateKeyPass:
  info("Warning: unsigned package repository")
- return
+ return False
+
  if not os.path.exists(privateKeyFile):
  sysExit('specified package repo private key file missing!')
 
@@ -274,10 +282,12 @@ def _signPackageRepository(self, repoFile):
 
  # minisign -s /tmp/minisign.key -Sm ${ARTIFACT}
  info("signing repository")
- output = subprocess.check_output([minisignCommand, '-s',
- privateKeyFile, "-Sm", repoFile], input=privateKeyPass.encode('utf-8'),
+ output = subprocess.check_output([minisignCommand,
+ '-x', repoSignatureFile, '-s', privateKeyFile, "-Sm", repoFile],
+ input=privateKeyPass.encode('utf-8'),
  stderr=subprocess.STDOUT).decode('utf-8')
  info(output)
+ return True
 
  def checkPackageRepositoryConsistency(self):
  """Check consistency of package repository by dependency solving all