diff options
author | Unit 193 <unit193@ubuntu.com> | 2018-03-12 18:24:27 -0400 |
---|---|---|
committer | Unit 193 <unit193@ubuntu.com> | 2018-03-12 18:24:27 -0400 |
commit | 8ba508e724e9e02675c3673b5bed725ef9bf3b85 (patch) | |
tree | 4d2c983bfb039bec078d6b2ea0aa98d76fb6aa09 | |
parent | 2dda3546bbe71837652cea197b4c9e3585e25066 (diff) | |
download | mini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.bz2 mini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.xz mini-dinstall-8ba508e724e9e02675c3673b5bed725ef9bf3b85.tar.zst |
sign-release.sh: Add support for gpg2.
-rwxr-xr-x | examples/sign-release.sh | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/examples/sign-release.sh b/examples/sign-release.sh index 6b68e80..6f1405c 100755 --- a/examples/sign-release.sh +++ b/examples/sign-release.sh @@ -22,34 +22,42 @@ # You need to create a secret keyring (secring.gpg). You can use your # existing one, or create a new one by doing something like the # following: - # $ GNUPGHOME=/src/debian/mini-dinstall/s3kr1t gnupg --gen-key +# +# You should then put your passphrase in $GNUPGHOME/passphrase. set -e +if [ -z "$USER" ]; then + USER=$(id -n -u) +fi + # User variables # MAKE SURE TO MAKE THIS DIRECTORY 0700! export GNUPGHOME=/src/debian/mini-dinstall/s3kr1t +# You can get the key ID from current user, set a user, or ID. +#KEYID=$(getent passwd $USER | cut -f 5 -d : | cut -f 1 -d ,) +#KEYID=43FE9005 or "Archive signing key" +# You can set the digest here, keeping in mind apt will reject anything less than 256. +DIGEST=SHA384 + + if [ ! -d "$GNUPGHOME" ]; then - mkdir -p "$GNUPGHOME" + mkdir -p "$GNUPGHOME" + chown "$USER" "$GNUPGHOME" + chmod 0700 "$GNUPGHOME" fi -if [ -z "$USER" ]; then - USER=$(id -n -u) -fi -# This is just a default value -KEYID=$(getent passwd $USER | cut -f 5 -d : | cut -f 1 -d ,) -PASSPHRASE=$(cat "$GNUPGHOME/passphrase") - -# These should fail if for some reason the directory isn't owned by us -chown "$USER" "$GNUPGHOME" -chmod 0700 "$GNUPGHOME" -# Initialize GPG -gpg --help 1>/dev/null 2>&1 || true +GPGOPTS=("--no-tty" "--batch" "--digest-algo" "$DIGEST" "--passphrase-file" "$GNUPGHOME/passphrase") +if [ "$(gpg --version | sed -n 's/gpg (GnuPG) //p' | cut -f1 -d.)" -ge "2" ];then + GPGOPTS+=("--pinentry-mode" "loopback") +fi +if [ -n "$KEYID" ];then + GPGOPTS+=("--default-key" "$KEYID") +fi rm -f Release.gpg.tmp InRelease.tmp -echo "$PASSPHRASE" | gpg --no-tty --batch --passphrase-fd=0 --default-key "$KEYID" --detach-sign -o Release.gpg.tmp "$1" +gpg "${GPGOPTS[@]}" --detach-sign -o Release.gpg.tmp "$1" mv Release.gpg.tmp Release.gpg -echo "$PASSPHRASE" | gpg --no-tty --batch --passphrase-fd=0 --default-key "$KEYID" --clearsign -o InRelease.tmp "$1" +gpg "${GPGOPTS[@]}" --clearsign -o InRelease.tmp "$1" mv InRelease.tmp InRelease - |