aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatarUnit 193 <unit193@ubuntu.com>2018-03-12 18:24:27 -0400
committerLibravatarUnit 193 <unit193@ubuntu.com>2018-03-12 18:24:27 -0400
commit8ba508e724e9e02675c3673b5bed725ef9bf3b85 (patch)
tree4d2c983bfb039bec078d6b2ea0aa98d76fb6aa09
parent2dda3546bbe71837652cea197b4c9e3585e25066 (diff)
downloadmini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.bz2
mini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.xz
mini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.zst
sign-release.sh: Add support for gpg2.
-rwxr-xr-xexamples/sign-release.sh42
1 files changed, 25 insertions, 17 deletions
diff --git a/examples/sign-release.sh b/examples/sign-release.sh
index 6b68e80..6f1405c 100755
--- a/examples/sign-release.sh
+++ b/examples/sign-release.sh
@@ -22,34 +22,42 @@
# You need to create a secret keyring (secring.gpg). You can use your
# existing one, or create a new one by doing something like the
# following:
-
# $ GNUPGHOME=/src/debian/mini-dinstall/s3kr1t gnupg --gen-key
+#
+# You should then put your passphrase in $GNUPGHOME/passphrase.
set -e
+if [ -z "$USER" ]; then
+ USER=$(id -n -u)
+fi
+
# User variables
# MAKE SURE TO MAKE THIS DIRECTORY 0700!
export GNUPGHOME=/src/debian/mini-dinstall/s3kr1t
+# You can get the key ID from current user, set a user, or ID.
+#KEYID=$(getent passwd $USER | cut -f 5 -d : | cut -f 1 -d ,)
+#KEYID=43FE9005 or "Archive signing key"
+# You can set the digest here, keeping in mind apt will reject anything less than 256.
+DIGEST=SHA384
+
+
if [ ! -d "$GNUPGHOME" ]; then
- mkdir -p "$GNUPGHOME"
+ mkdir -p "$GNUPGHOME"
+ chown "$USER" "$GNUPGHOME"
+ chmod 0700 "$GNUPGHOME"
fi
-if [ -z "$USER" ]; then
- USER=$(id -n -u)
-fi
-# This is just a default value
-KEYID=$(getent passwd $USER | cut -f 5 -d : | cut -f 1 -d ,)
-PASSPHRASE=$(cat "$GNUPGHOME/passphrase")
-
-# These should fail if for some reason the directory isn't owned by us
-chown "$USER" "$GNUPGHOME"
-chmod 0700 "$GNUPGHOME"
-# Initialize GPG
-gpg --help 1>/dev/null 2>&1 || true
+GPGOPTS=("--no-tty" "--batch" "--digest-algo" "$DIGEST" "--passphrase-file" "$GNUPGHOME/passphrase")
+if [ "$(gpg --version | sed -n 's/gpg (GnuPG) //p' | cut -f1 -d.)" -ge "2" ];then
+ GPGOPTS+=("--pinentry-mode" "loopback")
+fi
+if [ -n "$KEYID" ];then
+ GPGOPTS+=("--default-key" "$KEYID")
+fi
rm -f Release.gpg.tmp InRelease.tmp
-echo "$PASSPHRASE" | gpg --no-tty --batch --passphrase-fd=0 --default-key "$KEYID" --detach-sign -o Release.gpg.tmp "$1"
+gpg "${GPGOPTS[@]}" --detach-sign -o Release.gpg.tmp "$1"
mv Release.gpg.tmp Release.gpg
-echo "$PASSPHRASE" | gpg --no-tty --batch --passphrase-fd=0 --default-key "$KEYID" --clearsign -o InRelease.tmp "$1"
+gpg "${GPGOPTS[@]}" --clearsign -o InRelease.tmp "$1"
mv InRelease.tmp InRelease
-