We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Use sha512 when gpg signing builds

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Derek McGowan 8 years ago
parent
98c3e0c929
commit
201f804310
3 changed files with 5 additions and 2 deletions
Unified View Show Diff Stats
  1. 1 1
      hack/make/release-deb
  2. 1 1
      hack/make/release-rpm
  3. 3 0
      hack/make/sign-repos

+ 1 - 1
hack/make/release-deb
View File 

@@ -114,7 +114,7 @@ for dir in bundles/$VERSION/build-deb/*/; do
 
 			# if we have a $GPG_PASSPHRASE we may as well
 
 			# if we have a $GPG_PASSPHRASE we may as well
 
 			# dpkg-sign before copying the deb into the pool
 
 			# dpkg-sign before copying the deb into the pool
 
 			if [ ! -z "$GPG_PASSPHRASE" ]; then
 
 			if [ ! -z "$GPG_PASSPHRASE" ]; then
 
-				dpkg-sig -g "--no-tty --passphrase '$GPG_PASSPHRASE'" \
 
+				dpkg-sig -g "--no-tty  --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE'" \
 
 					-k "$GPG_KEYID" --sign builder "$tempdir/$d"
 
 					-k "$GPG_KEYID" --sign builder "$tempdir/$d"
 
 			fi
 
 			fi
 
 			mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"
 
 			mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"

+ 1 - 1
hack/make/release-rpm
View File 

@@ -59,7 +59,7 @@ for dir in bundles/$VERSION/build-rpm/*/; do
 
 			--define "_gpg_name $GPG_KEYID" \
 
 			--define "_gpg_name $GPG_KEYID" \
 
 			--define "_signature gpg" \
 
 			--define "_signature gpg" \
 
 			--define "__gpg_check_password_cmd /bin/true" \
 
 			--define "__gpg_check_password_cmd /bin/true" \
 
-			--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
 
+			--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
 
 			--resign "${RPMFILE[@]}"
 
 			--resign "${RPMFILE[@]}"
 
 	fi
 
 	fi

+ 3 - 0
hack/make/sign-repos
View File 

@@ -28,6 +28,7 @@ sign_packages(){
 
 		for F in $(find $APTDIR -name Release); do
 
 		for F in $(find $APTDIR -name Release); do
 
 			if test "$F" -nt "$F.gpg" ; then
 
 			if test "$F" -nt "$F.gpg" ; then
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
+					--digest-algo "sha512" \
 
 					--armor --sign --detach-sign \
 
 					--armor --sign --detach-sign \
 
 					--batch --yes \
 
 					--batch --yes \
 
 					--output "$F.gpg" "$F"
 
 					--output "$F.gpg" "$F"
 
@@ -35,6 +36,7 @@ sign_packages(){
 
 			inRelease="$(dirname "$F")/InRelease"
 
 			inRelease="$(dirname "$F")/InRelease"
 
 			if test "$F" -nt "$inRelease" ; then
 
 			if test "$F" -nt "$inRelease" ; then
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
+					--digest-algo "sha512" \
 
 					--clearsign \
 
 					--clearsign \
 
 					--batch --yes \
 
 					--batch --yes \
 
 					--output "$inRelease" "$F"
 
 					--output "$inRelease" "$F"
 
@@ -51,6 +53,7 @@ sign_packages(){
 
 		for F in $(find $YUMDIR -name repomd.xml); do
 
 		for F in $(find $YUMDIR -name repomd.xml); do
 
 			if test "$F" -nt "$F.asc" ; then
 
 			if test "$F" -nt "$F.asc" ; then
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
 				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 
+					--digest-algo "sha512" \
 
 					--armor --sign --detach-sign \
 
 					--armor --sign --detach-sign \
 
 					--batch --yes \
 
 					--batch --yes \
 
 					--output "$F.asc" "$F"
 
 					--output "$F.asc" "$F"

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5