forked from adamlaska/moby
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsign-repos
More file actions
executable file
·55 lines (46 loc) · 1.33 KB
/
sign-repos
File metadata and controls
executable file
·55 lines (46 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash
# This script signs the deliverables from release-deb and release-rpm
# with a designated GPG key.
: ${DOCKER_RELEASE_DIR:=$DEST}
: ${GPG_KEYID:=releasedocker}
APTDIR=$DOCKER_RELEASE_DIR/apt/repo
YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
if [ -z "$GPG_PASSPHRASE" ]; then
echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts'
exit 1
fi
if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
echo >&2 'release-rpm or release-deb must be run before sign-repos'
exit 1
fi
sign_packages(){
# sign apt repo metadata
if [ -d $APTDIR ]; then
# create file with public key
gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg"
# sign the repo metadata
for F in $(find $APTDIR -name Release); do
if test "$F" -nt "$F.gpg" ; then
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--armor --sign --detach-sign \
--batch --yes \
--output "$F.gpg" "$F"
fi
done
fi
# sign yum repo metadata
if [ -d $YUMDIR ]; then
# create file with public key
gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg"
# sign the repo metadata
for F in $(find $YUMDIR -name repomd.xml); do
if test "$F" -nt "$F.asc" ; then
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--armor --sign --detach-sign \
--batch --yes \
--output "$F.asc" "$F"
fi
done
fi
}
sign_packages