commit 3000374b7afc78975c961ac125039e752e0013ac
Author: Davide Depau <davide@depau.eu>
Date:   Sat Apr 25 03:17:21 2020 +0200

    Initial commit

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..9962764
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,47 @@
+---
+kind: pipeline
+type: docker
+name: alarm-aarch64
+
+platform:
+  os: linux
+  arch: arm64
+
+steps:
+  - name: build-image
+    image: plugins/docker
+    environment:
+      TZ: Europe/Rome
+    settings:
+      dockerfile: Dockerfile.aarch64
+      purge: true
+      username: depau
+      password:
+        from_secret: docker_password
+      repo: depau/drone-detach-sign
+      tags:
+        - aarch64
+
+---
+kind: pipeline
+type: docker
+name: archlinux-x86_64
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: build-image
+    image: plugins/docker
+    environment:
+      TZ: Europe/Rome
+    settings:
+      dockerfile: Dockerfile.x86_64
+      purge: true
+      username: depau
+      password:
+        from_secret: docker_password
+      repo: depau/drone-detach-sign
+      tags:
+        - x86_64
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
new file mode 100644
index 0000000..9254030
--- /dev/null
+++ b/Dockerfile.aarch64
@@ -0,0 +1,7 @@
+FROM depau/archlinux-daily:aarch64
+
+RUN pacman -Syu --noconfirm expect grep awk
+COPY ./gpg.expect /usr/bin/gpg.expect
+COPY ./entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/Dockerfile.x86_64 b/Dockerfile.x86_64
new file mode 100644
index 0000000..6914c0c
--- /dev/null
+++ b/Dockerfile.x86_64
@@ -0,0 +1,7 @@
+FROM depau/archlinux-daily:x86_64
+
+RUN pacman -Syu --noconfirm expect grep awk
+COPY ./gpg.expect /usr/bin/gpg.expect
+COPY ./entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..0261bf8
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -e
+
+# Setup agent to read password from TTY (so we can use Expect)
+gpg-agent --daemon --pinentry-program /usr/bin/pinentry-tty
+
+# Import GPG key (passphrase set with $PLUGIN_GPG_PASSPHRASE)
+echo "Importing GPG secret key"
+tmpkey="$(mktemp /tmp/privkey-XXXXXXX)"
+echo "$PLUGIN_GPG_SECRET_KEY" > "$tmpkey"
+gpg.expect --import "$tmpkey" > /tmp/gpg.out || ret=$?
+rm "$tmpkey"
+
+if (( ! ret )); then
+  echo "Failed to import secret key."
+  echo "gpg output:"
+  cat /tmp/gpg.out >&2
+  exit 1
+fi
+
+# Retrieve key ID
+keyid="$(cat /tmp/gpg.out | grep 'secret key imported' | awk '{ print $3 }' | tr -d ':')"
+
+# Detach-sign all files
+cd "$PLUGIN_SIGN_DIR"
+find -mindepth 1 -maxdepth 1 -type f | while read -r filename; do
+  gpg.expect --detach-sign --use-agent "${keyid}" --no-armor "$filename" > /tmp/gpg.out || ret=$?
+
+  if (( ! ret )); then
+    printf "Created signature file %s." "${filename##*/}.sig"
+  else
+    printf "Failed to sign file %s." "${filename##*/}"
+    echo "gpg output:"
+    cat /tmp/gpg.out >&2
+    exit 1
+  fi
+done
+
diff --git a/gpg.expect b/gpg.expect
new file mode 100755
index 0000000..46ae72b
--- /dev/null
+++ b/gpg.expect
@@ -0,0 +1,9 @@
+#!/usr/bin/expect -f
+
+spawn gpg {*}$argv
+
+expect -timeout 10 "Passphrase:"
+send_user "*** passphrase sent ***"
+send $::env(PLUGIN_GPG_PASSPHRASE)
+send "\r"
+expec -timeout -1 eof