Sha256: 6ea2cc0565ef34c5601cd8db68b6969aa4d1858064a4006ddb151791f9f90377

Contents?: true

Size: 1.98 KB

Versions: 8

Compression:

Stored size: 1.98 KB

Contents

module Pkg::Util::Gpg
  class << self
    # Please note that this method is not used in determining what key is used
    # to sign the debian repos. That is defined in the freight config that
    # lives on our internal repo staging host. The debian conf/distribution
    # files that are generated with this repo use the default gpg key to
    # reflect that.
    def key
      if Pkg::Config.gpg_key.nil? || Pkg::Config.gpg_key.empty?
        fail '`gpg_key` configuration variable is unset. Cannot continue.'
      end

      Pkg::Config.gpg_key
    end

    def keychain
      if @keychain.nil?
        @keychain = Pkg::Util::Tool.find_tool('keychain')
      else
        @keychain
      end
    end

    def load_keychain
      return if @keychain_loaded
      return if ENV['RPM_GPG_AGENT']

      kill_keychain
      start_keychain
      @keychain_loaded = true
    end

    def kill_keychain
      return unless keychain

      Pkg::Util::Execution.capture3("#{keychain} -k mine")[0]
    end

    def start_keychain
      unless keychain
        fail "Keychain is not installed, it is required to autosign using gpg."
      end

      keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
      keychain_output.chomp!

      ENV['GPG_AGENT_INFO'] = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)[1]
    end

    def sign_file(file)
      gpg ||= Pkg::Util::Tool.find_tool('gpg')

      unless gpg
        fail "No gpg available. Cannot sign #{file}."
      end

      if File.exist? "#{file}.asc"
        warn "Signature on #{file} already exists, skipping."
        return true
      end

      use_tty = if ENV['RPM_GPG_AGENT']
                  '--no-tty --use-agent'
                else
                  ''
                end

      signing_command = "#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}"
      puts "GPG signing with \"#{signing_command}\""
      Pkg::Util::Execution.capture3(signing_command)
      puts 'GPG signing succeeded.'
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
packaging-0.122.3 lib/packaging/util/gpg.rb
packaging-0.122.2 lib/packaging/util/gpg.rb
packaging-0.122.1 lib/packaging/util/gpg.rb
packaging-0.122.0 lib/packaging/util/gpg.rb
packaging-0.121.0 lib/packaging/util/gpg.rb
packaging-0.120.0 lib/packaging/util/gpg.rb
packaging-0.118.0 lib/packaging/util/gpg.rb
packaging-0.117.0 lib/packaging/util/gpg.rb