ENH: nd_build_testrdepends -- sign the temporary repository with the package (use...

diff --git a/debian/control b/debian/control
index a60791af8287fc368c9391744a6fb636bfd45e4b..08ab348d07d416d9eea328c09f3ce1c6ec2a1b63 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,7 @@ XS-DM-Upload-Allowed: yes
 Package: neurodebian-dev
 Architecture: all
 Depends: ${misc:Depends}, devscripts, cowbuilder, neurodebian-keyring
-Recommends: python, zerofree, moreutils, time, ubuntu-keyring, debian-archive-keyring
+Recommends: python, zerofree, moreutils, time, ubuntu-keyring, debian-archive-keyring, apt-utils
 Suggests: virtualbox-ose, virtualbox-ose-fuse
 Description: NeuroDebian development tools
  neuro.debian.net sphinx website sources and development tools used by

diff --git a/tools/nd_build_testrdepends b/tools/nd_build_testrdepends
index cef0ab1008543382b475ffb74198a89afa3d3847..f24c793556850bc01bb63002dec708854f732be2 100755 (executable)
--- a/tools/nd_build_testrdepends
+++ b/tools/nd_build_testrdepends
@@ -21,6 +21,7 @@ pkg=${dscfile%_*}
 #? TODO -- should be a parameter as well?
 
 testdir=${dscfilef_base}_$arch.testrdepends.$family-$dist
+secdir=${dscfilef_base}_$arch.testrdepends.$family-$dist.secure
 bindir=$testdir/bin
 debdir=$testdir/debs
 srcdir=$testdir/srcs
@@ -29,11 +30,46 @@ newbuildsdir=$srcdir/new
 
 echo "I: Building the new package for $pkg"
 
-mkdir -p $debdir $srcdir $bindir
+mkdir -p $debdir $srcdir $bindir $secdir
 $CMD nd_build $family $dist $arch $dscfile --buildresult=$debdir
 
+echo "I: Initiating the repository"
 cd $debdir
 dpkg-scanpackages . >| Packages
+apt-ftparchive release . >| Release
+
+gpgargs="--no-default-keyring --secret-keyring $secdir/keyring.sec --keyring $secdir/keyring.pub"
+if [ ! -e $secdir/keyring.sec ]; then
+       # Generate a key to sign the Release file
+       cat >| $secdir/keyring.gen <<EOF
+            %echo Generating a standard key
+            Key-Type: DSA
+            Key-Length: 1024
+            Subkey-Type: ELG-E
+            Subkey-Length: 1024
+            Name-Real: NeuroDebian Tester
+            Name-Comment: Temporary key
+            Name-Email: team@neuro.debian.net
+            Expire-Date: 0
+            Passphrase: salty salt
+            %pubring $secdir/keyring.pub
+            %secring $secdir/keyring.sec
+            # Do a commit here, so that we can later print "done" :-)
+            %commit
+            %echo done
+EOF
+
+       gpg --batch --gen-key $secdir/keyring.gen
+       gpg $gpgargs --list-secret-keys
+fi
+
+echo "I: signing Release file"
+gpg $gpgargs --list-secret-keys
+gpg --yes -abs -u "NeuroDebian Tester" \
+    $gpgargs --passphrase "salty salt" \
+    -o Release.gpg Release
+pubkey=$(gpg $gpgargs -a --export -u "NeuroDebian Tester")
+
 # All binary packages produced
 pkgs=$(awk '/^Package:/{print $2;}' Packages)
 cd - > /dev/null
@@ -46,7 +82,8 @@ $CMD nd_execute $family $dist $arch --bindmounts $testdir $bindir/nd_fetch_bdepe
 echo "I: preparing the hook"
 cat << EOF >| $bindir/D00add_custom_repo
 echo 'deb file://$debdir ./' >| /etc/apt/sources.list.d/custom.list
-apt-get update
+echo "$pubkey" | apt-key add -
+apt-get update || /bin/bash < /dev/tty > /dev/tty 2> /dev/tty
 EOF
 chmod a+x $bindir/D00add_custom_repo