diff --git a/policy/centos9/scripts/sign b/policy/centos9/scripts/sign index c6a2dc6..7d66a41 100755 --- a/policy/centos9/scripts/sign +++ b/policy/centos9/scripts/sign @@ -1,17 +1,12 @@ #!/bin/bash set -e -x -yum install -y rpm-sign expect pinentry +yum install -y rpm-sign pushd $(dirname $0)/.. . ./scripts/version popd -cat <<\EOF >~/.rpmmacros -%_signature gpg -%_gpg_name ci@rancher.com -EOF - case "$RPM_CHANNEL" in "testing") export PRIVATE_KEY_PASS_PHRASE=$TESTING_PRIVATE_KEY_PASS_PHRASE @@ -19,14 +14,20 @@ case "$RPM_CHANNEL" in echo "TESTING_PRIVATE_KEY not defined, failing rpm sign" exit 1 fi - gpg --batch --import - <<< "$TESTING_PRIVATE_KEY" + set +x + echo "Importing GPG private key TESTING_PRIVATE_KEY" + gpg --yes --pinentry-mode loopback --batch --passphrase $PRIVATE_KEY_PASS_PHRASE --import - <<< "$TESTING_PRIVATE_KEY" + set -x ;; "production") if ! grep "BEGIN PGP PRIVATE KEY BLOCK" <<<"$PRIVATE_KEY"; then echo "PRIVATE_KEY not defined, failing rpm sign" exit 1 fi - gpg --batch --import - <<< "$PRIVATE_KEY" + set +x + echo "Importing GPG private key PRIVATE_KEY" + gpg --yes --batch --pinentry-mode loopback --passphrase $PRIVATE_KEY_PASS_PHRASE --import - <<< "$PRIVATE_KEY" + set -x ;; *) echo "RPM_CHANNEL $RPM_CHANNEL does not match one of: [testing, production]" @@ -34,12 +35,6 @@ case "$RPM_CHANNEL" in ;; esac -expect <