This commit is contained in:
commit
3000374b7a
5 changed files with 109 additions and 0 deletions
47
.drone.yml
Normal file
47
.drone.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: alarm-aarch64
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm64
|
||||
|
||||
steps:
|
||||
- name: build-image
|
||||
image: plugins/docker
|
||||
environment:
|
||||
TZ: Europe/Rome
|
||||
settings:
|
||||
dockerfile: Dockerfile.aarch64
|
||||
purge: true
|
||||
username: depau
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: depau/drone-detach-sign
|
||||
tags:
|
||||
- aarch64
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: archlinux-x86_64
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: build-image
|
||||
image: plugins/docker
|
||||
environment:
|
||||
TZ: Europe/Rome
|
||||
settings:
|
||||
dockerfile: Dockerfile.x86_64
|
||||
purge: true
|
||||
username: depau
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: depau/drone-detach-sign
|
||||
tags:
|
||||
- x86_64
|
7
Dockerfile.aarch64
Normal file
7
Dockerfile.aarch64
Normal file
|
@ -0,0 +1,7 @@
|
|||
FROM depau/archlinux-daily:aarch64
|
||||
|
||||
RUN pacman -Syu --noconfirm expect grep awk
|
||||
COPY ./gpg.expect /usr/bin/gpg.expect
|
||||
COPY ./entrypoint.sh /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
7
Dockerfile.x86_64
Normal file
7
Dockerfile.x86_64
Normal file
|
@ -0,0 +1,7 @@
|
|||
FROM depau/archlinux-daily:x86_64
|
||||
|
||||
RUN pacman -Syu --noconfirm expect grep awk
|
||||
COPY ./gpg.expect /usr/bin/gpg.expect
|
||||
COPY ./entrypoint.sh /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
39
entrypoint.sh
Executable file
39
entrypoint.sh
Executable file
|
@ -0,0 +1,39 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Setup agent to read password from TTY (so we can use Expect)
|
||||
gpg-agent --daemon --pinentry-program /usr/bin/pinentry-tty
|
||||
|
||||
# Import GPG key (passphrase set with $PLUGIN_GPG_PASSPHRASE)
|
||||
echo "Importing GPG secret key"
|
||||
tmpkey="$(mktemp /tmp/privkey-XXXXXXX)"
|
||||
echo "$PLUGIN_GPG_SECRET_KEY" > "$tmpkey"
|
||||
gpg.expect --import "$tmpkey" > /tmp/gpg.out || ret=$?
|
||||
rm "$tmpkey"
|
||||
|
||||
if (( ! ret )); then
|
||||
echo "Failed to import secret key."
|
||||
echo "gpg output:"
|
||||
cat /tmp/gpg.out >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Retrieve key ID
|
||||
keyid="$(cat /tmp/gpg.out | grep 'secret key imported' | awk '{ print $3 }' | tr -d ':')"
|
||||
|
||||
# Detach-sign all files
|
||||
cd "$PLUGIN_SIGN_DIR"
|
||||
find -mindepth 1 -maxdepth 1 -type f | while read -r filename; do
|
||||
gpg.expect --detach-sign --use-agent "${keyid}" --no-armor "$filename" > /tmp/gpg.out || ret=$?
|
||||
|
||||
if (( ! ret )); then
|
||||
printf "Created signature file %s." "${filename##*/}.sig"
|
||||
else
|
||||
printf "Failed to sign file %s." "${filename##*/}"
|
||||
echo "gpg output:"
|
||||
cat /tmp/gpg.out >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
9
gpg.expect
Executable file
9
gpg.expect
Executable file
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/expect -f
|
||||
|
||||
spawn gpg {*}$argv
|
||||
|
||||
expect -timeout 10 "Passphrase:"
|
||||
send_user "*** passphrase sent ***"
|
||||
send $::env(PLUGIN_GPG_PASSPHRASE)
|
||||
send "\r"
|
||||
expec -timeout -1 eof
|
Loading…
Reference in a new issue