mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-07 04:56:58 +02:00
6e11ae3394
All invocations of gpg in ci-automation pass --batch as an argument except the import. Be consistent by having it included everywhere. Additionally, since ci-automation runs wrapped in a systemd service, no tty is available so batch is needed for correctness.
32 lines
1.0 KiB
Bash
32 lines
1.0 KiB
Bash
# Common gpg setup code to be sourced by other scripts in this
|
|
# directory. It will set up GnuPG home directory, possibly with a key
|
|
# from SIGNING_KEY environment variable.
|
|
#
|
|
# After this file is sourced, SIGNER is always defined and exported,
|
|
# even if empty. SIGNING_KEY is clobbered.
|
|
|
|
: ${SIGNING_KEY:=''}
|
|
: ${SIGNER:=''}
|
|
|
|
if [[ "${HOME}/.gnupg" -ef "${PWD}/.gnupg" ]]; then
|
|
echo 'Do not source ${BASH_SOURCE} directly in your home directory - it will clobber your GnuPG directory!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
export GNUPGHOME="${PWD}/.gnupg"
|
|
rm -rf "${GNUPGHOME}"
|
|
trap 'rm -rf "${GNUPGHOME}"' EXIT
|
|
mkdir --mode=0700 "${GNUPGHOME}"
|
|
# Sometimes this directory is not automatically created thus making
|
|
# further private key imports to fail. Let's create it here as a
|
|
# workaround.
|
|
mkdir -p --mode=0700 "${GNUPGHOME}/private-keys-v1.d/"
|
|
if [[ -n "${SIGNING_KEY}" ]] && [[ -n "${SIGNER}" ]]; then
|
|
gpg --batch --import "${SIGNING_KEY}"
|
|
else
|
|
SIGNER=''
|
|
fi
|
|
export SIGNER
|
|
# Clobber signing key variable, we don't need it any more.
|
|
export SIGNING_KEY=''
|