#!/bin/sh set -e if [ $# -eq 0 ]; then echo "No arguments provided. Aborting..." exit 1 fi if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo "usage: ./repo-sign.sh [-h] [REPO_PATH GPG_SUBKEY_ID] Deploys packages for you. Possible values for the arguments: REPO_PATH path of the repositpry GPG_SUBKEY_ID fingerprint of the (sub)key to use to sign Dependencies: - " exit 0 fi REPO_PATH="${1}" [ -n "${2+x}" ] && GPG_SUBKEY_ID="${2}" if [ ! -f "${GNUPGHOME}/pubring.kbx" ]; then echo "The file 'pubring.kbx' file has not been found. Generating automatically a new one with a new set of keys..." KEY_NAME="Joe Tester" KEY_PASSPHRASE="over-the-lazy-dog" cat >foo_keys < "${GNUPGHOME}/passphrase" fi if [ -z "${GPG_SUBKEY_ID+x}" ]; then echo "A GPG key id has not been defined. Automatically selecting a fingerprint..." # List key and its subkey with their respective fingerprints | filter fingerprints of both keys | pick fingerprint of the second row # (the subkey seems to be listed always after its respective subkey) GPG_SUBKEY_ID="$(gpg --list-secret-key --with-subkey-fingerprint --with-colons | awk -F: '$1 == "fpr" {print $10;}' | sed -n '2 p')" fi if [ ! -f "${REPO_PATH}"/key.pub.asc ];then echo "Public key not published. Generating and publishing it..." gpg --armor --export "${GPG_SUBKEY_ID}" > "${REPO_PATH}"/key.pub.asc fi echo "Signing the repo..." gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" -abs -o - "${REPO_PATH}/Release" > "${REPO_PATH}/Release.gpg" gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" --clearsign -o - "${REPO_PATH}/Release" > "${REPO_PATH}/InRelease" echo "Done."