From 262576f68eb51ebd122e53ade0d65ed16a923ffd Mon Sep 17 00:00:00 2001 From: Jiri Tyr Date: Fri, 17 Nov 2017 21:14:38 +0000 Subject: [PATCH] Adding package signing --- .travis.yml | 3 ++- dist/build.sh | 8 +++++++- dist/gpg_key.priv.enc | Bin 0 -> 3536 bytes 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 dist/gpg_key.priv.enc diff --git a/.travis.yml b/.travis.yml index 113b873..2b38576 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,8 @@ matrix: before_install: - go get github.com/golang/lint/golint - - if [ -n "$TRAVIS_TAG" ]; then sudo apt-get install -y rpm build-essential fakeroot; fi + - if [ -n "$TRAVIS_TAG" ]; then sudo apt-get install -y rpm build-essential fakeroot expect; fi + - if [ -n "$TRAVIS_TAG" ]; then openssl aes-256-cbc -K $encrypted_6b7e08428daf_key -iv $encrypted_6b7e08428daf_iv -in dist/gpg_key.priv.enc -out dist/gpg_key.priv -d; fi before_script: - golint ./... diff --git a/dist/build.sh b/dist/build.sh index 4c46a6f..6620092 100755 --- a/dist/build.sh +++ b/dist/build.sh @@ -10,6 +10,9 @@ VER="${TRAVIS_TAG:1}" TMP="/tmp/$NAME" rm -fr "$TMP" +gpg --import "$TRAVIS_BUILD_DIR/dist/gpg_key.priv" +echo -e '%_gpg_name Jiri Tyr (PKG) \n%dist .el7' > ~/.rpmmacros + for P in "${PLATFORMS[@]}"; do echo "Building $P" @@ -33,7 +36,7 @@ for P in "${PLATFORMS[@]}"; do cd "$TRAVIS_BUILD_DIR/contrib" ln -s "$PTMP" "$TRAVIS_BUILD_DIR/contrib/$NAME" m4 -DVER="$VER" -DDATE="$(date '+%a, %d %b %Y %H:%M:%S %z')" debian/changelog.m4 > debian/changelog - dpkg-buildpackage -us -uc -tc -b + dpkg-buildpackage -tc -b -kCA67951CD2BBE8AAE4210B72FB90C91F64BED28C ) mv "$TRAVIS_BUILD_DIR"/*.deb $TMP @@ -45,6 +48,9 @@ for P in "${PLATFORMS[@]}"; do m4 -DVER="$VER" -DDATE="$(date '+%a %b %d %Y')" gbt.spec.m4 > gbt.spec rpmbuild -bb gbt.spec ) + echo -e '#!/usr/bin/expect -f\nspawn rpmsign --key-id CA67951CD2BBE8AAE4210B72FB90C91F64BED28C --addsign {*}$argv\nexpect -exact "Enter pass phrase: "\nsend -- "\\r"\nexpect eof' > ~/rpm-sign.exp + chmod +x ~/rpm-sign.exp + ~/rpm-sign.exp ~/rpmbuild/RPMS/x86_64/*.rpm mv ~/rpmbuild/RPMS/x86_64/*.rpm "$TMP" fi done diff --git a/dist/gpg_key.priv.enc b/dist/gpg_key.priv.enc new file mode 100644 index 0000000000000000000000000000000000000000..350f8a33b589f618ffb2b20a4e6da6e350159a87 GIT binary patch literal 3536 zcmV;>4KMOG`dET(J^BN`r^Qa-nDyM6XZw5GSt(cV>#WI-H?$aj+p=d_D>NeQO-oJ9 zik>SLLR@tH8q_A>8U^YEi@|w)$xwc#`<`C!SGI%I4-C{xTcyxdqM%bXqc98~^fz@T zzG0!b-6I&|n5f{aua}5Pp__m3lt;5{lyOLdt>kNboFg2eEgxfn^iy5JNLvPgm-FdeRXSiyhku)5b?|AXyK6UBPFD(Sealrrfz|K9@F^ zEB%e4Y`6G39c|+UZ#QkC4qr9HQU$p_X0aV6Q5vK|A@kfQ zX#X@SoOaNVbDfBhW_Jk!+`6uInl)CUIkU1vk($$ExzF0|qr7TI*-!1PILli@=4e=2 zleNGrHSCq{{JRi}F&bi5@wx^+4->fzKjP%$RBd6L(?ud|L9JAGfB7q-fNL4s)$hxu z^PRsyPSHMVgx1z#GXt8|D)!6gf`b}dheHBMBRhXq-yztOW-ogRf+~r1WFH^?E-+hH zl418?EK@>ar=}q?x!f$$j%;j$V;vY|4)L(jrwqPjJ-H=}GggHzokFtW{66-KejuOy zjCEhplxxnJrL1VO{pEAH^1?mF*PQrF?c6WSWrFPKy*SHW|qTGvQ}y2VQHq(uTwT$k~<@(e9$` z>1r&)`*_oFkY=AgK0J)PZ#SQ+j&vrt6qRB!^b!!bn46I)nBM{lf_Q!(mgSwiqJepK zS3_g<*kQ~25^M}C&NsV7xx$gxYaqh5xy(7say}3A->qG9I`ZGno$4Y;ps5q8wA?jj zF0+;VzpDcHsC}4Osn+Y0_=^0OX55)>?FH){Pk_8%K7c}orv=%`5KC6buDfe!-duY! zFF^a7Kl8ma6I!wUudeEb+&a?INJf~2Z~#%n@!3KtYXZzpJ(4&0m!6=qR6DNZ_OcgO zOV}1;W}*_2YgWg_hf$?R{LR;qyuo9=?Ug>c!EG&C~y8?81S zp~Zp4yy!~RWRJWBb5oSLMb>lrb9Cpjc`qz{f;T+Vx3;t{4Tyu)`!7CgJJAVPA9W#> z?Bk#RGn)>Th4(ZKEbLEd-%VbIEf?0DEQe@0ha#)H}8zPT#9RPaNJ= zWK|%1T4B2fjg?>R7YpO!fC8X8l9Pl-zx1<9-q-YhIQVwH_r+N3OZm|E=0S2CSJB)~ zTrnKIyhQ9AVGuzR@Jrq82E4<#49A>O+iV)OzL7gY6BGzI41&WH{K;US2T@p7?-dhC z92kB%7T9K@f+=@0vr32=AzAf?!BFA^+_nNRqmPId{1~K)XiT`9|IvSC@w329#>f6Z zVoZ4%Ay1ce*tU8g5S2MgzQ&%#r@$#qiwQV>lM(-2;)txiF4aF6F>ERB-tjA;d(j=8 zPBh4R8oR1>1Mf|LrldRvhQ{#F z+3tj+s?!pbA3nbrnuCxA7y4;`t3(8E5!Y);kHv9nlEkA%bbn6M3N?UCV^RHnSgApju5aO}Szqf{q} zxZ`cY96Z!f4;4C-hNo330E#${6})itnjjqv6dML4)*f5H#@rD6897mOM6y&|LX7cd zI(w6bp%HX9Ve0`v-2vk<%TWPT}Y)QkXOf-WupZ<+#laOE!Lir}|)f8Ak4Klg3u zBIwpu5!#iw&KSeBt?X|%cmZ;y7lN3mzZ)IkN!D;XVm_kwDB z#*pDFy>p-1k%j}tvd`8t{#z~t`4Nceh4)%Z|Jjd%%P-dsd}1qs0m<*+_kr1WHGFo?;TCVtpO8{yzxIC4GcUzkSc0!+r zqaI`wD40L^>O!k8oQsWC@a$-Cl;W850!zC&1{_?^zh`=xMvREmxV~lVg0&~`;y5`P zqLCE1!DLGO7PV~HQk&~~5bhnaA=Tb5> zRyNz53_UA4qBK7pA8lFnk)cxhX3UJRz0Fop^~|*1l%~iA{a!vWw|dbP@iXcR^vRR;U#Bav?F7WiLO`<6X6N}95-uSeNx69@j@Ja{Q`*d8 zBIXFb2}Pdei+LP-*YAM)LkQ;j`S|C zOW!Tk$psZc60faDyBa@3y?@qdvN>?_3k?zj+h^5!gLAvJ%}Kc)Ifa7og;8DppV`9+ z(AyW{Q z7or=_SGd3CKHtMSJ`m1u_nZReL#PQb;il0j!+)pY`D1!QW{wUl0rKh6E3z^cIVM(C z2GMefITqx_T+>8w4rxN50QC0z!%^@UyhO==?U<4p02_rd9mQeVy;{C*)ph zk6p6`;Zw!JGZZF5IQnVlaa_DN>3F@K1B>Wg>s>`B> z+LdE*&ShZA3@6wo?Rq8v!BS8Z-x$yZoal@29vmn4Gr4eE=c|PokX{p)Ay8+mO;Qup zcE(Xo|FX3T&8N<8ZpoSF#5|L`-*FymZt9J0Pvn}$>&V$owy%sxO>z!m4%M5#70qlIT#=4xwO`ItMLkEp=4;LVneBa9IIa3U8GepEfnA6G%`Ui(lh%VmIXE3fp=p zZLd=--a%Uta-WYtfd}$IfKU|E5KJ#HQd>TSIodWi5nXFdf|P;a11lA@ zYZP1k@ybYj==~G}MGd@W{&UzOBC(%fxXo9C4CuI@H0}eIBtd&}mRxEV>>3D<@WBL{7!PQ{OEvsr{{%6Z{WwF5-~TeS