Sha256: 6ea2cc0565ef34c5601cd8db68b6969aa4d1858064a4006ddb151791f9f90377
Contents?: true
Size: 1.98 KB
Versions: 8
Compression:
Stored size: 1.98 KB
Contents
module Pkg::Util::Gpg
class << self
# Please note that this method is not used in determining what key is used
# to sign the debian repos. That is defined in the freight config that
# lives on our internal repo staging host. The debian conf/distribution
# files that are generated with this repo use the default gpg key to
# reflect that.
def key
if Pkg::Config.gpg_key.nil? || Pkg::Config.gpg_key.empty?
fail '`gpg_key` configuration variable is unset. Cannot continue.'
end
Pkg::Config.gpg_key
end
def keychain
if @keychain.nil?
@keychain = Pkg::Util::Tool.find_tool('keychain')
else
@keychain
end
end
def load_keychain
return if @keychain_loaded
return if ENV['RPM_GPG_AGENT']
kill_keychain
start_keychain
@keychain_loaded = true
end
def kill_keychain
return unless keychain
Pkg::Util::Execution.capture3("#{keychain} -k mine")[0]
end
def start_keychain
unless keychain
fail "Keychain is not installed, it is required to autosign using gpg."
end
keychain_output, = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
keychain_output.chomp!
ENV['GPG_AGENT_INFO'] = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)[1]
end
def sign_file(file)
gpg ||= Pkg::Util::Tool.find_tool('gpg')
unless gpg
fail "No gpg available. Cannot sign #{file}."
end
if File.exist? "#{file}.asc"
warn "Signature on #{file} already exists, skipping."
return true
end
use_tty = if ENV['RPM_GPG_AGENT']
'--no-tty --use-agent'
else
''
end
signing_command = "#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}"
puts "GPG signing with \"#{signing_command}\""
Pkg::Util::Execution.capture3(signing_command)
puts 'GPG signing succeeded.'
end
end
end
Version data entries
8 entries across 8 versions & 1 rubygems