fix signing issues
This commit is contained in:
Igor Pecovnik
parent
997a4e9ea5
commit
95baded3b2
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# Global variables
|
# Global variables
|
||||||
DRY_RUN=false # Full dry-run: don't make any repository changes
|
DRY_RUN=false # Full dry-run: don't make any repository changes
|
||||||
KEEP_SOURCES=true # Keep source packages when adding to repo (don't delete)
|
KEEP_SOURCES=true # Keep source packages when adding to repo (don't delete)
|
||||||
FORCE_ADD=false # Force re-adding packages even if they already exist in repo
|
FORCE_ADD=false # Force re-adding packages even if they already exist in repo
|
||||||
FORCE_PUBLISH=true # Force publishing even when no packages to add
|
FORCE_PUBLISH=true # Force publishing even when no packages to add
|
||||||
GPG_PARAMS=() # Global GPG parameters array (set by get_gpg_signing_params)
|
GPG_PARAMS=() # Global GPG parameters array (set by get_gpg_signing_params)
|
||||||
@ -149,6 +149,23 @@ adding_packages() {
|
|||||||
|
|
||||||
log "Checking package: $deb_display"
|
log "Checking package: $deb_display"
|
||||||
|
|
||||||
|
# If package with same name+arch but different version exists in repo, remove it first
|
||||||
|
# This prevents "file already exists and is different" errors during publish
|
||||||
|
if [[ "$FORCE_ADD" != true ]]; then
|
||||||
|
for existing_key in "${!repo_packages_map[@]}"; do
|
||||||
|
# existing_key format: name|version|arch
|
||||||
|
local existing_name existing_version existing_arch
|
||||||
|
IFS='|' read -r existing_name existing_version existing_arch <<< "$existing_key"
|
||||||
|
# Check if same name and arch but different version
|
||||||
|
if [[ "$existing_name" == "$deb_name" && "$existing_arch" == "$deb_arch" && "$existing_version" != "$deb_version" ]]; then
|
||||||
|
log "Removing old version ${existing_name}_${existing_version}_${existing_arch} before adding new version"
|
||||||
|
run_aptly repo remove -config="${CONFIG}" "${component}" "${existing_name}_${existing_version}_${existing_arch}"
|
||||||
|
# Remove from map so we don't try to remove it again
|
||||||
|
unset "repo_packages_map[$existing_key]"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
# Skip if exact package (name+version+arch) already exists in repo (unless FORCE_ADD is true)
|
# Skip if exact package (name+version+arch) already exists in repo (unless FORCE_ADD is true)
|
||||||
if [[ "$FORCE_ADD" != true && -n "${repo_packages_map[$deb_key]}" ]]; then
|
if [[ "$FORCE_ADD" != true && -n "${repo_packages_map[$deb_key]}" ]]; then
|
||||||
echo "[-] SKIP: $deb_display"
|
echo "[-] SKIP: $deb_display"
|
||||||
@ -212,13 +229,19 @@ process_release() {
|
|||||||
run_aptly repo create -config="${CONFIG}" -component="${release}-desktop" -distribution="${release}" -comment="Armbian ${release}-desktop repository" "${release}-desktop" | logger -t repo-management >/dev/null
|
run_aptly repo create -config="${CONFIG}" -component="${release}-desktop" -distribution="${release}" -comment="Armbian ${release}-desktop repository" "${release}-desktop" | logger -t repo-management >/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Run db cleanup before adding packages to avoid "file already exists and is different" errors
|
||||||
|
# This removes unreferenced packages from previous runs that may have the same filename
|
||||||
|
log "Running database cleanup before adding release packages"
|
||||||
|
run_aptly db cleanup -config="${CONFIG}"
|
||||||
|
|
||||||
# Add packages ONLY from release-specific extra folders
|
# Add packages ONLY from release-specific extra folders
|
||||||
adding_packages "${release}-utils" "/extra/${release}-utils" "release utils" "$input_folder"
|
adding_packages "${release}-utils" "/extra/${release}-utils" "release utils" "$input_folder"
|
||||||
adding_packages "${release}-desktop" "/extra/${release}-desktop" "release desktop" "$input_folder"
|
adding_packages "${release}-desktop" "/extra/${release}-desktop" "release desktop" "$input_folder"
|
||||||
|
|
||||||
# Run db cleanup before publishing to remove unreferenced packages
|
# Run db cleanup again after adding packages to remove any old package files
|
||||||
# This helps avoid "file already exists and is different" errors
|
# This is critical after removing old versions of packages to prevent
|
||||||
log "Running database cleanup before publishing"
|
# "file already exists and is different" errors during publish
|
||||||
|
log "Running database cleanup after adding packages"
|
||||||
run_aptly db cleanup -config="${CONFIG}"
|
run_aptly db cleanup -config="${CONFIG}"
|
||||||
|
|
||||||
# Check if we have any packages to publish
|
# Check if we have any packages to publish
|
||||||
@ -345,11 +368,17 @@ process_release() {
|
|||||||
log "Signing: ${release_file}"
|
log "Signing: ${release_file}"
|
||||||
local sign_dir="$(dirname "$release_file")"
|
local sign_dir="$(dirname "$release_file")"
|
||||||
|
|
||||||
if gpg "${GPG_PARAMS[@]}" --clear-sign -o "${sign_dir}/InRelease" "$release_file" 2>&1 | logger -t repo-management >/dev/null; then
|
# Sign with InRelease (clear-sign) - capture output for logging
|
||||||
gpg "${GPG_PARAMS[@]}" --detach-sign -o "${sign_dir}/Release.gpg" "$release_file" 2>&1 | logger -t repo-management >/dev/null
|
if gpg "${GPG_PARAMS[@]}" --clear-sign -o "${sign_dir}/InRelease" "$release_file" 2>&1; then
|
||||||
log "Successfully signed: ${release_file}"
|
log "Created InRelease for: ${release_file}"
|
||||||
|
# Sign with Release.gpg (detach-sign)
|
||||||
|
if gpg "${GPG_PARAMS[@]}" --detach-sign -o "${sign_dir}/Release.gpg" "$release_file" 2>&1; then
|
||||||
|
log "Successfully signed: ${release_file}"
|
||||||
|
else
|
||||||
|
log "ERROR: Failed to create Release.gpg for: ${release_file}"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
log "ERROR: Failed to sign: ${release_file}"
|
log "ERROR: Failed to create InRelease for: ${release_file}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -369,9 +398,20 @@ publishing() {
|
|||||||
run_aptly repo create -config="${CONFIG}" -distribution="common" -component="main" -comment="Armbian common packages" "common" | logger -t repo-management >/dev/null
|
run_aptly repo create -config="${CONFIG}" -distribution="common" -component="main" -comment="Armbian common packages" "common" | logger -t repo-management >/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Run db cleanup before adding packages to avoid "file already exists and is different" errors
|
||||||
|
# This removes unreferenced packages from previous runs that may have the same filename
|
||||||
|
log "Running database cleanup before adding common packages"
|
||||||
|
run_aptly db cleanup -config="${CONFIG}"
|
||||||
|
|
||||||
# Add packages from main folder
|
# Add packages from main folder
|
||||||
adding_packages "common" "" "main" "$1"
|
adding_packages "common" "" "main" "$1"
|
||||||
|
|
||||||
|
# Run db cleanup after adding packages to remove any old package files
|
||||||
|
# This is critical after removing old versions of packages to prevent
|
||||||
|
# "file already exists and is different" errors during publish
|
||||||
|
log "Running database cleanup after adding common packages"
|
||||||
|
run_aptly db cleanup -config="${CONFIG}"
|
||||||
|
|
||||||
# Create or update the common snapshot
|
# Create or update the common snapshot
|
||||||
# Drop existing snapshot if it exists
|
# Drop existing snapshot if it exists
|
||||||
if [[ -n $(aptly snapshot list -config="${CONFIG}" -raw | awk '{print $(NF)}' | grep "^common$") ]]; then
|
if [[ -n $(aptly snapshot list -config="${CONFIG}" -raw | awk '{print $(NF)}' | grep "^common$") ]]; then
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user