From 8e4d1dff44e227c593683e4473cd603a2060dcd4 Mon Sep 17 00:00:00 2001 From: Andrew Jeddeloh Date: Thu, 25 Oct 2018 12:14:18 -0700 Subject: [PATCH] signing/sign.sh: fix armoring We use gpg --enarmor to convert the torcx manifest binary sigs to ascii armored ones. Unfortunately --enarmor just wraps the binary blob without realizing its a signature, which breaks torcx. Pipe the output through sed to fix the header. --- signing/sign.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/signing/sign.sh b/signing/sign.sh index fdc61dd458..3eabd2dbd9 100755 --- a/signing/sign.sh +++ b/signing/sign.sh @@ -56,7 +56,10 @@ fero-client \ --secret-key coreos-app-signing-key \ ${torcx_signature_arg} gpg2 --enarmor \ - --output "${DATA_DIR}/torcx_manifest.json.asc" \ - "${DATA_DIR}/torcx_manifest.json.sig-fero" + --output - \ + "${DATA_DIR}/torcx_manifest.json.sig-fero" \ + | sed 's/ARMORED FILE/SIGNATURE/' \ + > "${DATA_DIR}/torcx_manifest.json.asc" + echo "=== Torcx manifest signed successfully. ===" rm -f "${DATA_DIR}/torcx_manifest.json.sig-fero"