beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use sha512 when gpg signing builds

Browse source 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2016-11-04 09:45:13 -07:00
parent 98c3e0c929
commit 201f804310
No known key found for this signature in database
GPG key ID: F58C5D0A4405ACDB
3 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/make/release-deb
View file

@ -114,7 +114,7 @@ for dir in bundles/$VERSION/build-deb/*/; do
# if we have a $GPG_PASSPHRASE we may as well
# dpkg-sign before copying the deb into the pool
if [ ! -z "$GPG_PASSPHRASE" ]; then
dpkg-sig -g "--no-tty --passphrase '$GPG_PASSPHRASE'" \
dpkg-sig -g "--no-tty --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE'" \
-k "$GPG_KEYID" --sign builder "$tempdir/$d"
fi
mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"

2
hack/make/release-rpm
View file

@ -59,7 +59,7 @@ for dir in bundles/$VERSION/build-rpm/*/; do
--define "_gpg_name $GPG_KEYID" \
--define "_signature gpg" \
--define "__gpg_check_password_cmd /bin/true" \
--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
--resign "${RPMFILE[@]}"
fi

3
hack/make/sign-repos
View file

@ -28,6 +28,7 @@ sign_packages(){
for F in $(find $APTDIR -name Release); do
if test "$F" -nt "$F.gpg" ; then
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--digest-algo "sha512" \
--armor --sign --detach-sign \
--batch --yes \
--output "$F.gpg" "$F"
@ -35,6 +36,7 @@ sign_packages(){
inRelease="$(dirname "$F")/InRelease"
if test "$F" -nt "$inRelease" ; then
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--digest-algo "sha512" \
--clearsign \
--batch --yes \
--output "$inRelease" "$F"
@ -51,6 +53,7 @@ sign_packages(){
for F in $(find $YUMDIR -name repomd.xml); do
if test "$F" -nt "$F.asc" ; then
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
--digest-algo "sha512" \
--armor --sign --detach-sign \
--batch --yes \
--output "$F.asc" "$F"