[OpenWrt-Devel] buildbot: signall.sh store usign.key as usign.sec
diff mbox series

Message ID 20191114075529.2977-1-mail@aparcar.org
State New
Headers show
  • [OpenWrt-Devel] buildbot: signall.sh store usign.key as usign.sec
Related show

Commit Message

Paul Spooren Nov. 14, 2019, 7:55 a.m. UTC
The signall.sh script signs all files inside a tar via GPG and
signify-openbsd (similar to usign)e and attaches the signatures to the
same archive.

Using more recent versions of signify-openbsd requires a specific naming
schema for keys, private ending with .sec and public with .pub. This was
introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0].

This patch renames the stored key as usign.sec instead of usign.key. As
of the temporary nature of the key storing, this very unlikely breaks
any existing setups.

[0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222

Signed-off-by: Paul Spooren <mail@aparcar.org>
Tested and working on Debian 10

 scripts/signall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff mbox series

diff --git a/scripts/signall.sh b/scripts/signall.sh
index 269375f..8f39500 100755
--- a/scripts/signall.sh
+++ b/scripts/signall.sh
@@ -84,11 +84,11 @@  if [ -n "$USIGNKEY" ]; then
 	umask 077
-	printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key"
+	printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
 	umask 022
 	find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
-		signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5
+		signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5
 tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6