forked from platypush/platypush
Added Release files signing logic to update-apt-repo.
This commit is contained in:
parent
e3fb0eeb11
commit
af4a586014
GPG key ID:
D90FBA7F76362774
1 changed files with 21 additions and 1 deletions
22
.drone.yml
22
.drone.yml
|
|
@ -429,6 +429,10 @@ steps:
|
|||
from_secret: aws_access_key_id
|
||||
AWS_SECRET_ACCESS_KEY:
|
||||
from_secret: aws_secret_access_key
|
||||
PGP_PUBKEY:
|
||||
from_secret: apt_pgp_pub_key
|
||||
PGP_PRIVKEY:
|
||||
from_secret: apt_pgp_priv_key
|
||||
|
||||
when:
|
||||
branch:
|
||||
|
|
@ -443,7 +447,7 @@ steps:
|
|||
commands:
|
||||
- echo "-- Installing dependencies"
|
||||
- apt update
|
||||
- apt install -y s3fs dpkg-dev
|
||||
- apt install -y s3fs dpkg-dev gpg
|
||||
|
||||
- echo "-- Mounting the S3 bucket"
|
||||
- mkdir -p "$BUCKET_MNT"
|
||||
|
|
@ -515,6 +519,22 @@ steps:
|
|||
add_hashes "$dist_dir" "sha256sum" "SHA256" >> "$release_file"
|
||||
done
|
||||
|
||||
- echo "-- Importing and refreshing PGP key"
|
||||
- echo "$PGP_PUBKEY" > "$APT_ROOT/pubkey.txt"
|
||||
- export PGP_KEYID=$(echo "$PGP_PUBKEY" | gpg --with-colons --import-options show-only --import --fingerprint | grep -e '^fpr:' | head -1 | awk -F ':' '{print $(NF - 1)}')
|
||||
- |
|
||||
cat <<EOF | gpg --import --armor
|
||||
$PGP_PRIVKEY
|
||||
EOF
|
||||
|
||||
- echo "-- Signing Release files"
|
||||
- |
|
||||
find "$APT_ROOT/dists" -type f -name Release | while read file; do
|
||||
dirname="$(dirname "$file")"
|
||||
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs > "$file.gpg"
|
||||
cat "$file" | gpg -q --default-key "$PGP_KEYID" -abs --clearsign > "$dirname/InRelease"
|
||||
done
|
||||
|
||||
###
|
||||
### Updates the pip package upon new releases
|
||||
###
|
||||
|
|
|
|||
Loading…
Reference in a new issue