deb-builds
/
deltachat-desktop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
0 Tags
114 KiB
 
 
Tag: Branch: Tree: ac7c774c66
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ac7c774c66'
${ noResults }
deltachat-desktop/repo-sign.sh

73 lines
2.4 KiB
Raw Blame History

#!/bin/sh
set -e
if [ $# -eq 0 ]; then
echo "No arguments provided. Aborting..."
exit 1
fi
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "usage: ./repo-sign.sh [-h] [REPO_PATH GPG_SUBKEY_ID]
Deploys packages for you.
Possible values for the arguments:
REPO_PATH path of the repositpry
GPG_SUBKEY_ID fingerprint of the (sub)key to use to sign
Dependencies: -
"
exit 0
fi
if [ $# -lt 1 ]; then
echo "Mandatory arguments: 'REPO_PATH'. Aborting..."
exit 1
fi
REPO_PATH="${1}"
[ -n "${2+x}" ] && GPG_SUBKEY_ID="${2}"
if [ ! -f "${GNUPGHOME}/pubring.kbx" ]; then
echo "The file 'pubring.kbx' file has not been found. Generating automatically a new one with a new set of keys..."
KEY_NAME="Joe Tester"
KEY_PASSPHRASE="over-the-lazy-dog"
cat >foo_keys <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Usage: sign
Key-Length: 4096
Subkey-Type: RSA
Subkey-Usage: sign
Subkey-Length: 4096
Name-Real: ${KEY_NAME}
Name-Comment: with stupid passphrase
Name-Email: joe@foo.bar
Expire-Date: 0
Passphrase: ${KEY_PASSPHRASE}
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
gpg --batch --generate-key foo_keys
echo "${KEY_PASSPHRASE}" > "${GNUPGHOME}/passphrase"
fi
if [ -z "${GPG_SUBKEY_ID+x}" ]; then
echo "A GPG key id has not been defined. Automatically selecting a fingerprint..."
# List key and its subkey with their respective fingerprints | filter fingerprints of both keys | pick fingerprint of the second row
# (the subkey seems to be listed always after its respective subkey)
GPG_SUBKEY_ID="$(gpg --list-secret-key --with-subkey-fingerprint --with-colons | awk -F: '$1 == "fpr" {print $10;}' | sed -n '2 p')"
fi
if [ ! -f "${REPO_PATH}"/key.pub.asc ];then
echo "Public key not published. Generating and publishing it..."
gpg --armor --export "${GPG_SUBKEY_ID}" > "${REPO_PATH}"/key.pub.asc
fi
echo "Signing the repo..."
gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" -abs -o - "${REPO_PATH}/Release" > "${REPO_PATH}/Release.gpg"
gpg --passphrase-file "${GNUPGHOME}/passphrase" --pinentry-mode loopback --default-key "${GPG_SUBKEY_ID}" --clearsign -o - "${REPO_PATH}/Release" > "${REPO_PATH}/InRelease"
echo "Done."