module Pkg::Util::Gpg

Public Class Methods

key() click to toggle source

Please note that this method is not used in determining what key is used to sign the debian repos. That is defined in the freight config that lives on our internal repo staging host. The debian conf/distribution files that are generated with this repo use the default gpg key to reflect that.

# File lib/packaging/util/gpg.rb, line 9
def key
  fail "You need to set `gpg_key` in your build defaults." unless Pkg::Config.gpg_key && !Pkg::Config.gpg_key.empty?
  Pkg::Config.gpg_key
end
keychain() click to toggle source
# File lib/packaging/util/gpg.rb, line 14
def keychain
  if @keychain.nil?
    @keychain = Pkg::Util::Tool.find_tool('keychain')
  else
    @keychain
  end
end
kill_keychain() click to toggle source
# File lib/packaging/util/gpg.rb, line 32
def kill_keychain
  if keychain
    stdout, _, _ = Pkg::Util::Execution.capture3("#{keychain} -k mine")
    stdout
  end
end
load_keychain() click to toggle source
# File lib/packaging/util/gpg.rb, line 22
def load_keychain
  unless @keychain_loaded
    unless ENV['RPM_GPG_AGENT']
      kill_keychain
      start_keychain
    end
    @keychain_loaded = true
  end
end
sign_file(file) click to toggle source
# File lib/packaging/util/gpg.rb, line 50
def sign_file(file)
  gpg ||= Pkg::Util::Tool.find_tool('gpg')

  if gpg
    if File.exist? "#{file}.asc"
      warn "Signature on #{file} exists, skipping..."
      return true
    end
    use_tty = "--no-tty --use-agent" if ENV['RPM_GPG_AGENT']
    stdout, _, _ = Pkg::Util::Execution.capture3("#{gpg} #{use_tty} --armor --detach-sign -u #{key} #{file}")
    stdout
  else
    fail "No gpg available. Cannot sign #{file}."
  end
end
start_keychain() click to toggle source
# File lib/packaging/util/gpg.rb, line 39
def start_keychain
  if keychain
    keychain_output, _, _ = Pkg::Util::Execution.capture3("#{keychain} -q --agents gpg --eval #{key}")
    keychain_output.chomp!
    new_env = keychain_output.match(/GPG_AGENT_INFO=([^;]*)/)
    ENV["GPG_AGENT_INFO"] = new_env[1]
  else
    fail "Keychain is not installed, it is required to autosign using gpg."
  end
end