From 0f12fa7602e1e20758a65091893f19d08628affa Mon Sep 17 00:00:00 2001
From: eV <ev@7pr.xyz>
Date: Fri, 28 Jul 2017 21:19:02 +0000
Subject: [PATCH] Add option to presign rpm before upload_to_rpm_repo script

---
 tools/upload_to_rpm_repo | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/tools/upload_to_rpm_repo b/tools/upload_to_rpm_repo
index 8ab97fe500e..c20275070fd 100755
--- a/tools/upload_to_rpm_repo
+++ b/tools/upload_to_rpm_repo
@@ -1,8 +1,9 @@
-#!/bin/sh
+#!/bin/bash
 set -exu
 
 BUCKET=${1:-brave-rpm-nightly}
-GPG_KEY=${2:-4A1B4360}
+GPG_KEY_ID=${2:-4A1B4360}
+GPG_KEY_SHORT_ID=${GPG_KEY_ID:(-8)}
 KEY_NAME=keys.asc
 KEY_FILE=/tmp/${KEY_NAME}
 TMP_REPO=/tmp/rpm_repo
@@ -14,7 +15,14 @@ echo "%_signature gpg
 
 rm -rf $TMP_REPO
 mkdir -pv $TMP_REPO/x86_64
-env GPG_PASS=$PASSPHRASE ./tools/auto_rpm_sign
+if !rpm --checksig dist/*.rpm | grep pgp; then
+  env GPG_PASS=$PASSPHRASE ./tools/auto_rpm_sign
+  rpm --checksig dist/*.rpm | grep pgp
+fi
+# Ensure the rpm has the correct signature before continuing
+# NOTE: rpm displays the short key id, all lower case
+rpm -v -K dist/*.rpm | grep "key ID ${GPG_KEY_SHORT_ID,,}: OK"
+
 cp dist/*.rpm $TMP_REPO/x86_64/
 
 for arch in $TMP_REPO/x86_64 ; do
@@ -24,8 +32,7 @@ for arch in $TMP_REPO/x86_64 ; do
 	createrepo -v --update --deltas $arch/
 done
 
-gpg --export --armor ${GPG_KEY} > ${KEY_FILE}
+gpg --export --armor ${GPG_KEY_ID} > ${KEY_FILE}
 aws s3 cp ${KEY_FILE} s3://${BUCKET}/keys.asc
 aws s3api put-object-acl --acl public-read --bucket ${BUCKET} --key ${KEY_NAME}
 aws s3 sync --acl public-read $TMP_REPO/ s3://$BUCKET/
-rpm --checksig ./dist/*.rpm