Services/shop-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

chore: 可以正常生成补丁包及回滚包及签名生效

Browse Source
This commit is contained in:
ZF Sun
2025-11-17 09:55:05 +08:00
parent 27f10afd78
commit a5a9bc091a
3 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/patch_tools/install_patch_system.sh
View File

@@ -73,9 +73,11 @@ install_dependencies() {
local dependencies=( local dependencies=(
"tar" "tar"
"gzip" "gzip"
"bzip2"
"jq" "jq"
"gpg" "gpg"
"bc" "bc"
"gnupg"
) )
for dep in "${dependencies[@]}"; do for dep in "${dependencies[@]}"; do
@@ -93,17 +95,21 @@ install_dependencies() {
fi fi
# 关键依赖 # 关键依赖
local keys_deps = " coreutils findutils util-linux " local keys_deps=(
"coreutils"
"findutils"
"util-linux"
)
if command -v apt-get >/dev/null 2>&1; then if command -v apt-get >/dev/null 2>&1; then
# Debian/Ubuntu # Debian/Ubuntu
$sudo_prefix apt-get update $sudo_prefix apt-get update
$sudo_prefix apt-get install -y $keys_deps $(printf "%s " "${dependencies[@]}") $sudo_prefix apt-get install -y $(printf "%s " "${keys_deps[@]}") $(printf "%s " "${dependencies[@]}")
elif command -v yum >/dev/null 2>&1; then elif command -v yum >/dev/null 2>&1; then
# CentOS/RHEL # CentOS/RHEL
$sudo_prefix yum install -y $keys_deps $(printf "%s " "${dependencies[@]}") $sudo_prefix yum install -y $(printf "%s " "${keys_deps[@]}") $(printf "%s " "${dependencies[@]}")
else else
warn "无法自动安装依赖,请手动安装: $keys_deps $(printf "%s " "${dependencies[@]}")" warn "无法自动安装依赖,请手动安装: $(printf "%s " "${keys_deps[@]}") $(printf "%s " "${dependencies[@]}")"
fi fi
# 安装GPG用于签名验证 # 安装GPG用于签名验证

8
scripts/patch_tools/patch_config.sh
View File

@@ -6,10 +6,10 @@
# ============================================================================== # ==============================================================================
# 基础配置 # 基础配置
PATCH_NAME="security-hotfix-2025" PATCH_NAME="upgrade-hotfix"
PATCH_VERSION="1.0.0" PATCH_VERSION="1.0.0"
PATCH_DESCRIPTION="紧急安全漏洞修复" PATCH_DESCRIPTION="紧急升级修复"
PATCH_AUTHOR="企业DevOps团队" PATCH_AUTHOR="devops"
PATCH_EMAIL="devops@aigc-quickapp.com" PATCH_EMAIL="devops@aigc-quickapp.com"
# ============================================================================== # ==============================================================================
@@ -103,7 +103,7 @@ PER_FILE_OPTIMIZATION=true # 是否对每个文件单独压缩
# ============================================================================== # ==============================================================================
# 安全配置 # 安全配置
SIGNING_ENABLED=true # 是否启用签名 SIGNING_ENABLED=false # 是否启用签名
SIGNING_ALGORITHM="rsa" # 签名算法rsa, ecdsa SIGNING_ALGORITHM="rsa" # 签名算法rsa, ecdsa
PRIVATE_KEY="/etc/patch/keys/private.pem" # 私钥文件路径 PRIVATE_KEY="/etc/patch/keys/private.pem" # 私钥文件路径
PUBLIC_KEY="/etc/patch/keys/public.pem" # 公钥文件路径 PUBLIC_KEY="/etc/patch/keys/public.pem" # 公钥文件路径

3
scripts/patch_tools/patch_generator.sh
View File

@@ -687,7 +687,8 @@ sign_package() {
info "开始签名补丁包" info "开始签名补丁包"
if command -v gpg >/dev/null 2>&1; then if command -v gpg >/dev/null 2>&1; then
if gpg --batch --yes --detach-sign \ if gpg --homedir "/etc/patch/keys" \
--batch --yes --detach-sign \
--local-user "$PATCH_AUTHOR" \ --local-user "$PATCH_AUTHOR" \
--output "${package_path}.sig" \ --output "${package_path}.sig" \
"$package_path"; then "$package_path"; then