@@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then
fi
umask 077
- printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key"
+ printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
umask 022
find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
- signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5
+ signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5
fi
tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6
The signall.sh script signs all files inside a tar via GPG and signify-openbsd (similar to usign)e and attaches the signatures to the same archive. Using more recent versions of signify-openbsd requires a specific naming schema for keys, private ending with .sec and public with .pub. This was introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0]. This patch renames the stored key as usign.sec instead of usign.key. As of the temporary nature of the key storing, this very unlikely breaks any existing setups. [0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222 Signed-off-by: Paul Spooren <mail@aparcar.org> --- Tested and working on Debian 10 https://buildmaster.aparcar.org/#/builders/79/builds/4/steps/64/logs/stdio scripts/signall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)