repo/netlify: Add/publish public maintainers key (#9)

Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Aug 19, 2024 · 9b6dc05 · 9b6dc05
1 parent fe137da
commit 9b6dc05
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 2 deletions.
diff --git a/BUILD b/BUILD
@@ -3,6 +3,10 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@aspect_bazel_lib//lib:jq.bzl", "jq")
 load("@aspect_bazel_lib//lib:yq.bzl", "yq")
 
+exports_files([
+ "envoy-maintainers-public.key",
+])
+
 # gazelle:prefix github.com/aptly-dev/aptly
 gazelle(name = "gazelle")
 

diff --git a/build-repository.sh b/build-repository.sh
@@ -2,5 +2,26 @@
 
 set -e -o pipefail
 
-bazel --version
-mkdir repository
+BOLD="\e[1m"
+UNDERLINE="\e[4m"
+NORMAL="\e[0m"
+
+
+bold () {
+ echo -n "${BOLD}${*}${NORMAL}"
+}
+
+underline () {
+ echo -n "${UNDERLINE}${*}${NORMAL}"
+}
+
+import_public_key () {
+ touch ~/.gnupg/trustedkeys.gpg
+ echo -e "$(underline $(bold "Import maintainers public key: checksum verification"))"
+ gpg --import envoy-maintainers-public.key
+ echo -e "$(underline $(bold "Import maintainers public key as trusted key: deb verification"))"
+ gpg --no-default-keyring --keyring trustedkeys.gpg --import envoy-maintainers-public.key
+}
+
+import_public_key
+bazel run --config=ci //debs:publish
diff --git a/debs/BUILD b/debs/BUILD
@@ -0,0 +1,16 @@
+load("@aspect_bazel_lib//lib:jq.bzl", "jq")
+
+sh_binary(
+ name = "publish",
+ srcs = ["publish.sh"],
+ env = {
+ "APTLY_BIN": "$(location @aptly)",
+ "MAINTAINER_KEY": "$(location //:envoy-maintainers-public.key)",
+ "APTLY_CONF": "$(location //:aptly-config)",
+ },
+ data = [
+ "@aptly",
+ "//:aptly-config",
+ "//:envoy-maintainers-public.key",
+ ],
+)
diff --git a/debs/publish.sh b/debs/publish.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail
+
+APTLY_BIN="$APTLY_BIN"
+APTLY_CONF="${APTLY_CONF:-${APTLY_CONF}}"
+APTLY=("$APTLY_BIN" -config="${APTLY_CONF}")
+
+publish_root () {
+ "${APTLY[@]}" config show \
+ | jq -r '.FileSystemPublishEndpoints.public.rootDir'
+}
+
+publish_repository () {
+ PUBLIC_DIR="$(publish_root)"
+ mkdir -p "${PUBLIC_DIR}"
+ KEY_URL="${DEPLOY_PRIME_URL}/envoy-maintainer-public.key"
+ cat "$MAINTAINER_KEY" > "${PUBLIC_DIR}/envoy-maintainer-public.key"
+ echo "<h1>COMING SOON: ${DEPLOY_PRIME_URL}</h1>" > "${PUBLIC_DIR}/index.html"
+ echo "<div>Signing key: <a href=\"${KEY_URL}\">${KEY_URL}</div>" >> "${PUBLIC_DIR}/index.html"
+}
+
+publish_repository
diff --git a/envoy-maintainers-public.key b/envoy-maintainers-public.key
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGNidjsBEADJeNLHg1Jj6r+988j6IGpg55Gbw1QlNt0iDrJGHYuDONtti70E
+F3tJZmdreuue89jQZgDc9cBMdAixHpxenuBwfuKCT99txYocQGwZKVCu9U3sbRA6
+eDaD4adj+o05pznCzde+Evz4g0T/BIquj/EWuk6DH5BbOwI80XyOPaumef7hBqyU
+goUPBIMkbh/JsnVAPtFsPDbHZsNO/lHDt5d7bbfWdtv58LIoGP/yNvufV7+vwymr
+rWyuTBHQzanwDZwGGhJdaz6ubaiJ6eupheLS0d3xXJr4r2ZB3nGeCzW0g257Rd1Z
+3FHhFmMNGROtSfja7Mk5Z2R/dp+dLbMHzFlo+GFkOUGNjXI3JbUCYlm+6+4nrwU6
+o45LJv9TusMHi6ncfCziV0WCDUGlL7dzNqjT5Fux/P/InjvnH/Iz7e/awdUnim1P
+nJsOrT4pwfPJWYBtkf2aRmu+NICs5sqy6HIZgs09yOTOVyb5eKy2SV0APrGWq0OH
+MkWd2WIwWuBeowByzGUymsrq7G2aQwqyJe4JYxqq8KFbjRisqhZqZ+xHxGuIvwAI
+cxs/EmQLKsk/b06j5uojucv6SPKWSGGf7cO7PDfDqZxkQTNmcqkYHkGJA5D+hLsW
+kt1RKIRRFineRUANIvwaFP5Ce06CX3urvOi8ZY0OL0jOx6dp2ldVoYOdSwARAQAB
+tDZFbnZveSBtYWludGFpbmVycyA8ZW52b3ktbWFpbnRhaW5lcnNAZ29vZ2xlZ3Jv
+dXBzLmNvbT6JAk4EEwEKADgWIQQK/Og2uk0dNXY8hSPYzcN1AYHzHwUCY2J2OwIb
+AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDYzcN1AYHzHwDsD/kBLu+5BDx9
+2Cr0cHn6dENBVS3wL53RCKSG0Uzlh+SY90BN7WTI5KyACt3SZYZHbbZbAYvvXbr5
+9ooh0U+eGi3HsIqrP7GdrDC+8gtJB+Pud9+ltMCgU92IW/YAUSI/IgCbCOru6czc
+H2Lah8S272YOpds/wuaiRSiMCU8TROcFXMfriGvcmNKwrJsRhJVARDZC3DB6m/ve
+jWHAIX2eY7WhXyS6DJhs2iVrwz6fDxAiji5zrEZo+4CEUIfBojb+KeaC7PpusHu1
+Sleq+Ck6zekAoDX1MmbPOeBT8qCoTNQ1w30jj6CFW8T5ncVottPRIzQGe0S350HR
+o8JLWdEAAds4QIHsvnaBAKfRHPRPo4Uw5n4/xklLJIXzbafhN/goLA/AC9tznQzq
+A95SoMn7fMXMd/sLVOs4V1XHQsCaXt9gR+Qwd1tqBNC/mZBrCPkJiStnRrTufhRb
+R97z1lCynJMJhdqeRX7VnwncNS62U30pfV0mtYpS3URKqc62Jm3+fJalnMPaeXfM
+xgjlerxVNkYXFNb+5NEMQSKuGI4Uq+kLTmajk0aS4cJGM+JvjRx9UtW2rbfz9Svh
+8dSKV89wVQ/Zu9R3dAontooo9eC5WTHYGoiPDjFqBGsaLePQyJzMwWJ/XYG8ClF1
+zQnAJL32VY1ECG7GbXw4tWtYdIErBnIckrkCDQRjYnY7ARAAto3DSLlcFkzKLBZ8
+9hmjgonSZlHyMMAP8Ys+js8jKic2aDp7IPorrQSD8autoahbnPBe/TMlkGf+pD7z
+iqsIImClNAJrqArRifNEwHO96uMAFsa7UiyyUz+P0n7zR3oznasZo7r64oCE5f60
++xbaoruyGiffiBnJ8uVqxEKvijilj2vCdc7ON+KOv6E6/iiBeQTEvTuSTs5Gm8IF
+hRG2Ia4SHOCjdpglPU1mgoTF9PzFBbsAILLJxGhM8LldIeELELrofu760IvRapC+
+4baSW9eu4WuHraiD26ZpEZKAQgtO8YFPQyltBSbLB2CU7i6kBlXTUL34h8BOfzwM
+lFdwz7aTQlY3ZxLtjh4FXdLlM0YqolmJjShIOyd865mlx2BqFnqQigNHXZdqQiEc
+06+YN6CxichTiLCCN9+UwTjO7w/QTYOyb4vBs5ubMB54KE+peUor56i9/UdpYxmT
+eaugXX9M74mNDpWcdfBwJZJHCjTYbX+NZnxNysyf5QWr3roSBPLHFMzL/fbBsbWe
+kZ59p4LcBNLD6wIGtqbrX7fF5mH28B5ZFGV8q8yI3mpt13adIsuuw+S8dLfQrQwP
+ipitYHsBQ0F6JtGFs8DzD7f2KoLlVbXgP40adoG1dPs3NmiGLVZkjmqDaHzL6Fwk
+G41YcBDHyqSOpQMVS6pJiWJIvsMAEQEAAYkCNgQYAQoAIBYhBAr86Da6TR01djyF
+I9jNw3UBgfMfBQJjYnY7AhsMAAoJENjNw3UBgfMffWwQALhSp2fedt/oRIEP8rdN
+yFex6FSXlZQOMuGyeo6PeDob23O+WcTIcS5POM7UckERen+30ZPHsOET3jIPH4h5
+wIFuhUe/ap2JT6+CmsW+2kPz7nHGFQwCdjRScFOmRpEiu8+7X2l5LqUaO0PiC88m
+n4fCWH1mIDqdGLxjd2EoNBt8vlQUt58wQbRPTs7P79209o44zYz04TTNL8iXzr3B
+ngK13Z8QwaR1H56Ba3DdyU2xG016W1pN4B4C7DgTNWZwzRJkd3vg5AMzV6ZnP5+D
+U38oQElfpGBy6YQCtC/ZVPDFNL0JaevraIG1LdFBqpUCu2bz4FURd1KoUITFdxeY
+6sqL018q8wtTb7nRKMqPXiGelAlLvSaML8cq8CefUAlhjihhpJs14B1M+KOuCOt9
+r0VHdH1Zp5FOTutA+QgTwVDngNWacoxjMY/zaZxLPrB9SppPpR4UNUDvcXCBJzgr
+34tnUdDvcb7fuysexVUiUCfs9dMuv8TxCYmaVjY2Hq7oBEN8pM1o05FfLqCXwdrB
+lkCRorH68WyLJv/FKZTyfVyHn32WOjr5DKGI0rT/nwkRRaI0SQbKEejvUxlq1WdK
+cn7oQEM2sZdH3v85GQU0fA/0V4UV12pha1b1p1rbRhdJh4h/iY+rUdRz/YyOMlz5
+xn73SlvaQy7ttkC8vuPiVI6g
+=YtjB
+-----END PGP PUBLIC KEY BLOCK-----