diff options
| author | Carl Dong <contact@carldong.me> | 2021-04-12 12:29:34 -0400 |
|---|---|---|
| committer | Carl Dong <contact@carldong.me> | 2021-05-03 13:18:19 -0400 |
| commit | c83c4fa5b78aef33bba36b3a0d273422297bd630 (patch) | |
| tree | 493e99e58cad1b4f6804316599d6667463ab3de2 /contrib/guix/guix-attest | |
| parent | 0e1c2e448c25568f276e4f022128870c76ca216b (diff) | |
guix-attest: Allow skipping GPG signing with NO_SIGN
Diffstat (limited to 'contrib/guix/guix-attest')
| -rwxr-xr-x | contrib/guix/guix-attest | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest index 78c6a83fe6..6aa6ce4716 100755 --- a/contrib/guix/guix-attest +++ b/contrib/guix/guix-attest @@ -18,7 +18,10 @@ source "$(dirname "${BASH_SOURCE[0]}")/libexec/prelude.bash" # Required non-builtin commands should be invokable ################ -check_tools cat env basename mkdir xargs find gpg +check_tools cat env basename mkdir xargs find +if [ -z "$NO_SIGN" ]; then + check_tools gpg +fi ################ # Required env vars should be non-empty @@ -30,6 +33,7 @@ Synopsis: env GUIX_SIGS_REPO=<path/to/guix.sigs> \\ SIGNER=GPG_KEY_NAME[=SIGNER_NAME] \\ + [ NO_SIGN=1 ] ./contrib/guix/guix-attest Example w/o overriding signing name: @@ -44,6 +48,13 @@ Example overriding signing name: SIGNER=0x96AB007F1A7ED999=dongcarl \\ ./contrib/guix/guix-attest +Example w/o signing, just creating SHA256SUMS: + + env GUIX_SIGS_REPO=/home/achow101/guix.sigs \\ + SIGNER=achow101 \\ + NO_SIGN=1 \\ + ./contrib/guix/guix-attest + EOF } @@ -79,7 +90,7 @@ if [ -z "${signer_name}" ]; then signer_name="$gpg_key_name" fi -if ! gpg --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then +if [ -z "$NO_SIGN" ] && ! gpg --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then echo "ERR: GPG can't seem to find any key named '${gpg_key_name}'" exit 1 fi @@ -153,8 +164,12 @@ for outdir in "${OUTDIRS[@]}"; do exit 1 fi ) - echo "${outname}: Signing SHA256SUMS to produce SHA256SUMS.asc" - gpg --detach-sign --local-user "$gpg_key_name" --armor --output "$outsigdir"/SHA256SUMS.asc "$outsigdir"/SHA256SUMS + if [ -z "$NO_SIGN" ]; then + echo "${outname}: Signing SHA256SUMS to produce SHA256SUMS.asc" + gpg --detach-sign --local-user "$gpg_key_name" --armor --output "$outsigdir"/SHA256SUMS.asc "$outsigdir"/SHA256SUMS + else + echo "${outname}: Not signing SHA256SUMS as \$NO_SIGN is not empty" + fi echo "" fi done |