vhaudiquet/pkh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: only sign if a gpg key able to sign is present
Some checks failed
CI / build (push) Failing after 1m50s
Details

Browse Source
This commit is contained in:
Valentin Haudiquet
2026-01-06 18:07:34 +01:00
parent b3365afe5b
commit 1c9f6cccd2
6 changed files with 107 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/build.rs
View File

@@ -2,19 +2,59 @@ use std::error::Error;
use std::path::Path;
use std::process::Command;
use crate::changelog::parse_changelog_footer;
use crate::utils::gpg;
/// Build a Debian source package (to a .dsc)
pub fn build_source_package(cwd: Option<&Path>) -> Result<(), Box<dyn Error>> {
let cwd = cwd.unwrap_or_else(|| Path::new("."));
// Parse changelog to get maintainer information from the last modification entry
let changelog_path = cwd.join("debian/changelog");
let (maintainer_name, maintainer_email) = parse_changelog_footer(&changelog_path)?;
// Check if a GPG key matching the maintainer's email exists
let signing_key = match gpg::find_signing_key_for_email(&maintainer_email) {
Ok(key) => key,
Err(e) => {
// If GPG is not available or there's an error, continue without signing
log::warn!("Failed to check for GPG key: {}", e);
None
}
};
// Build arguments
let mut args = vec!["-S", "-I", "-i", "-nc", "-d"];
// If a signing key is found, use it for signing
if let Some(key_id) = &signing_key {
args.push("-sa"); // Sign the source package
args.push("-k");
args.push(key_id);
log::info!("Using GPG key {} for signing", key_id);
} else {
log::info!(
"No GPG key found for {} ({}), building without signing",
maintainer_name,
maintainer_email
);
}
let status = Command::new("dpkg-buildpackage")
.current_dir(cwd)
.args(["-S", "-I", "-i", "-nc", "-d"])
.args(&args)
.status()?;
if !status.success() {
return Err(format!("dpkg-buildpackage failed with status: {}", status).into());
}
if signing_key.is_some() {
println!("Package built and signed successfully!");
} else {
println!("Package built successfully (unsigned).");
}
Ok(())
}