Skip to content

Commit

Permalink
CI: Use modern GPG keys
Browse files Browse the repository at this point in the history 
Most of the changes are in GitHub's secret values. The only thing that must
change in the code is the name of the key we search for.

Fixes #1668.
  • Loading branch information
@RyanGlScott
RyanGlScott committed May 19, 2022
1 parent 34ced4e commit 7a3c3c1
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .github/ci.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,9 +104,11 @@ bundle_files() {
}

sign() {
# This is surrounded with `set +x; ...; set -x` to disable printing out
# statements that could leak GPG-related secrets.
set +x
gpg --batch --import <(echo "$SIGNING_KEY")
fingerprint="$(gpg --list-keys | grep galois -a1 | head -n1 | awk '{$1=$1};1')"
fingerprint="$(gpg --list-keys | grep Galois -a1 | head -n1 | awk '{$1=$1};1')"
echo "$fingerprint:6" | gpg --import-ownertrust
gpg --yes --no-tty --batch --pinentry-mode loopback --default-key "$fingerprint" --detach-sign -o "$1".sig --passphrase-file <(echo "$SIGNING_PASSPHRASE") "$1"
set -x
Expand Down

0 comments on commit 7a3c3c1

Please sign in to comment.