diff options
| author |   Aric Gardner <agardner@linuxfoundation.org> | 2016-07-04 15:20:39 -0400 |
|---|---|---|
| committer | Aric Gardner <agardner@linuxfoundation.org> | 2016-07-05 15:42:22 -0400 |
| commit | d688859a6e5abfacb5069272994bdce2ad0e9f66 (patch) | |
| tree | a7ec7afa277c903e36a14fc85d778458db631348 /utils/gpg_import_key.sh | |
| parent | 6e5fc37495ddbf9dd6ac19efe4e8fbd0aa474dfe (diff) | |
This will enable artifact signing for apex uploads
sources gpg_import_key.sh which:
-installs gpg2
-imports key
-grabs proper key based on $NODE_NAME
only tries to sign if the key is correctly imported
otherwise it will skip signing and just do the upload
Keys have only been created for lf intel and ericsson labs
Keys are only unique per company
Master pubkey has not been sent to the key server
Or brought into the web of trust.
Lets see that this works as I expected rather than
having to go through the pain of revoking these keys.
Change-Id: Ifa4bc4e11407c53f8174f6c64945949bf66d6535
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Diffstat (limited to 'utils/gpg_import_key.sh')
| -rw-r--r-- | utils/gpg_import_key.sh | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/utils/gpg_import_key.sh b/utils/gpg_import_key.sh new file mode 100644 index 000000000..3afeda839 --- /dev/null +++ b/utils/gpg_import_key.sh @@ -0,0 +1,42 @@ +#!/bin/bash -e +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 NEC and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +function isinstalled { +if rpm -q "$@" >/dev/null 2>&1; then + true + else + echo installing "$1" + sudo yum install "$1" + false +fi +} + +if ! isinstalled gnupg2; then + echo "error with install" + exit 1 +fi + +if ! which gsutil; + then echo "error gsutil not installed"; + exit 1 +fi + +if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then + echo "Key Already available" +else + if [ -z "$NODE_NAME" ]; + then echo "Cannot find node name" + exit 1 + else echo "Importing key for '$NODE_NAME'"; + gsutil cp gs://opnfv-signing-keys/"$NODE_NAME"-subkey . + gpg2 --import "$NODE_NAME"-subkey + rm -f "$NODE_NAME"-subkey + fi +fi |