You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.3 KiB
67 lines
2.3 KiB
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
if [ $# -eq 0 ]; then
|
|
echo "No arguments provided. Aborting..."
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
|
echo "usage: ./repo-sign.sh [-h] [REPO_PATH GPG_SUBKEY_ID]
|
|
|
|
Deploys packages for you.
|
|
|
|
Possible values for the arguments:
|
|
|
|
REPO_PATH path of the repositpry
|
|
GPG_SUBKEY_ID fingerprint of the (sub)key to use to sign
|
|
|
|
Dependencies: -
|
|
"
|
|
exit 0
|
|
fi
|
|
|
|
REPO_PATH="${1}"
|
|
[ -n "${2+x}" ] && GPG_SUBKEY_ID="${2}"
|
|
|
|
if [ ! -f "${GNUPGHOME}/pubring.kbx" ]; then
|
|
echo "The file 'pubring.kbx' file has not been found. Generating automatically a new one with a new set of keys..."
|
|
KEY_NAME="Joe Tester"
|
|
KEY_PASSPHRASE="over-the-lazy-dog"
|
|
cat >foo_keys <<EOF
|
|
%echo Generating a basic OpenPGP key
|
|
Key-Type: RSA
|
|
Key-Usage: sign
|
|
Key-Length: 4096
|
|
Subkey-Type: RSA
|
|
Subkey-Usage: sign
|
|
Subkey-Length: 4096
|
|
Name-Real: ${KEY_NAME}
|
|
Name-Comment: with stupid passphrase
|
|
Name-Email: joe@foo.bar
|
|
Expire-Date: 0
|
|
Passphrase: ${KEY_PASSPHRASE}
|
|
# Do a commit here, so that we can later print "done" :-)
|
|
%commit
|
|
%echo done
|
|
EOF
|
|
gpg --batch --generate-key foo_keys
|
|
echo "${KEY_PASSPHRASE}" > "${GNUPGHOME}/passphrase"
|
|
fi
|
|
|
|
if [ -z "${GPG_SUBKEY_ID+x}" ]; then
|
|
echo "A GPG key id has not been defined. Automatically selecting a fingerprint..."
|
|
# List key and its subkey with their respective fingerprints | filter fingerprints of both keys | pick fingerprint of the second row
|
|
# (the subkey seems to be listed always after its respective subkey)
|
|
GPG_SUBKEY_ID="$(gpg --list-secret-key --with-subkey-fingerprint --with-colons | awk -F: '$1 == "fpr" {print $10;}' | sed -n '2 p')"
|
|
fi
|
|
|
|
if [ ! -f "${REPO_PATH}"/key.pub.asc ];then
|
|
echo "Public key not published. Generating and publishing it..."
|
|
gpg --armor --export "${GPG_SUBKEY_ID}" > "${REPO_PATH}"/key.pub.asc
|
|
fi
|
|
|
|
echo "Signing the repo..."
|
|
gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" -abs -o - "${REPO_PATH}/Release" > "${REPO_PATH}/Release.gpg"
|
|
gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" --clearsign -o - "${REPO_PATH}/Release" > "${REPO_PATH}/InRelease"
|
|
|