github.com/rsampaio/docker@v0.7.2-0.20150827203920-fdc73cc3fc31/hack/make/sign-repos

github.com/rsampaio/docker@v0.7.2-0.20150827203920-fdc73cc3fc31/hack/make/sign-repos (about)

     1  #!/bin/bash
     2  
     3  # This script signs the deliverables from release-deb and release-rpm
     4  # with a designated GPG key.
     5  
     6  : ${DOCKER_RELEASE_DIR:=$DEST}
     7  APTDIR=$DOCKER_RELEASE_DIR/apt/repo
     8  YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
     9  
    10  if [ -z "$GPG_PASSPHRASE" ]; then
    11  	echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts'
    12  	exit 1
    13  fi
    14  
    15  if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then
    16  	echo >&2 'release-rpm or release-deb must be run before sign-repos'
    17  	exit 1
    18  fi
    19  
    20  sign_packages(){
    21  	# sign apt repo metadata
    22  	if [ -d $APTDIR ]; then
    23  		# create file with public key
    24  		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg"
    25  
    26  		# sign the repo metadata
    27  		for F in $(find $APTDIR -name Release); do
    28  			if test "$F" -nt "$F.gpg" ; then
    29  				gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
    30  					--armor --sign --detach-sign \
    31  					--batch --yes \
    32  					--output "$F.gpg" "$F"
    33  			fi
    34  		done
    35  	fi
    36  
    37  	# sign yum repo metadata
    38  	if [ -d $YUMDIR ]; then
    39  		# create file with public key
    40  		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg"
    41  
    42  		# sign the repo metadata
    43  		for F in $(find $YUMDIR -name repomd.xml); do
    44  			if test "$F" -nt "$F.asc" ; then
    45  				gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
    46  					--armor --sign --detach-sign \
    47  					--batch --yes \
    48  					--output "$F.asc" "$F"
    49  			fi
    50  		done
    51  	fi
    52  }
    53  
    54  sign_packages