github.com/torfuzx/docker@v1.8.1/hack/make/sign-repos (about) 1 #!/bin/bash 2 3 # This script signs the deliverables from release-deb and release-rpm 4 # with a designated GPG key. 5 6 : ${DOCKER_RELEASE_DIR:=$DEST} 7 APTDIR=$DOCKER_RELEASE_DIR/apt/repo 8 YUMDIR=$DOCKER_RELEASE_DIR/yum/repo 9 10 if [ -z "$GPG_PASSPHRASE" ]; then 11 echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts' 12 exit 1 13 fi 14 15 if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then 16 echo >&2 'release-rpm or release-deb must be run before sign-repos' 17 exit 1 18 fi 19 20 sign_packages(){ 21 # sign apt repo metadata 22 if [ -d $APTDIR ]; then 23 # create file with public key 24 gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg" 25 26 # sign the repo metadata 27 for F in $(find $APTDIR -name Release); do 28 gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \ 29 --armor --sign --detach-sign \ 30 --batch --yes \ 31 --output "$F.gpg" "$F" 32 done 33 fi 34 35 # sign yum repo metadata 36 if [ -d $YUMDIR ]; then 37 # create file with public key 38 gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg" 39 40 # sign the repo metadata 41 for F in $(find $YUMDIR -name repomd.xml ); do 42 gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \ 43 --armor --sign --detach-sign \ 44 --batch --yes \ 45 --output "$F.asc" "$F" 46 done 47 fi 48 } 49 50 sign_packages