From 8cbea788b968233dfa86dae147777d4c1c2fac4d Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Thu, 11 Mar 2021 21:41:16 -0800 Subject: make/release: Sign a package only if it isn't signed yet. We can generate more than one apt repo for the same package. If we will sign a package again, its file will be changed and all hashes that have been generated before will be invalid. --- tools/make_apt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/make_apt.sh b/tools/make_apt.sh index 68f6973ec..935c4db2d 100755 --- a/tools/make_apt.sh +++ b/tools/make_apt.sh @@ -107,7 +107,9 @@ for pkg in "$@"; do cp -a -L "$(dirname "${pkg}")/${name}.deb" "${destdir}" cp -a -L "$(dirname "${pkg}")/${name}.changes" "${destdir}" chmod 0644 "${destdir}"/"${name}".* + # Sign a package only if it isn't signed yet. # We use [*] here to expand the gpg_opts array into a single shell-word. + dpkg-sig -g "${gpg_opts[*]}" --verify "${destdir}/${name}.deb" || dpkg-sig -g "${gpg_opts[*]}" --sign builder "${destdir}/${name}.deb" done -- cgit v1.2.3