Only sign packages that are newer than signage

Which is currently set to 2hrs. Signing of a package should
actually happen when we upload it.

diff --git a/update-archive/update-yum-archive.sh b/update-archive/update-yum-archive.sh
index 4010b7b..482fc09 100755 (executable)
--- a/update-archive/update-yum-archive.sh
+++ b/update-archive/update-yum-archive.sh
@@ -24,6 +24,9 @@ if test ! -x /usr/bin/expect; then
   exit 1
 fi
 
+now=`date +%s`
+# sign if newer than signage (86400=24 hrs)
+signage=8000
 #check if root has rpm macros
 confdir=`pwd`
 architectures="i386 x86_64"
@@ -84,18 +87,21 @@ for vdist in centos/5.5 rhel/5.5; do
             mkdir -p $d/${arch}/Packages
             for f in $distdir/RPMS/${arch}/*.rpm $distdir/RPMS/noarch/*.rpm; do
               if test -f $f; then
-                ln -sf $f $d/${arch}/Packages/
-               if rpm -K $f|grep -q ' gpg' >/dev/null; then
-                 echo "Already signed $f"
-                else
-                 expect << __EOF
-                  spawn rpm --addsign $f
+               age=`stat --printf='%Y' $f`
+               if expr $now - $age \< $signage >/dev/null; then
+                  ln -sf $f $d/${arch}/Packages/
+                 if rpm -K $f|grep -q ' gpg' >/dev/null; then
+                   echo "Already signed $f"
+                  else
+                   expect << __EOF
+                    spawn rpm --addsign $f
 expect -exact "Enter pass phrase: "
 send -- "\r"
 expect eof
 __EOF
-                  chgrp staff $f
-                  chmod g+w $f
+                    chgrp staff $f
+                    chmod g+w $f
+                  fi
                 fi
               fi
             done