manuel
/
void-mklive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

release.sh: fix signing 

minisign is the way to go
This commit is contained in:
classabbyamp 2024-02-23 23:52:46 -05:00
parent 7479e6d980
commit da202ebf75
No known key found for this signature in database
GPG Key ID: 6BE0755918A4C7F5
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
release.sh
View File

@ -50,14 +50,22 @@ download_build() {
}
sign_build() {
check_programs pwgen signify
DATE="$1"
check_programs pwgen minisign
DATECODE="$1"
SUMFILE="$2"
mkdir -p release
KEYFILE="release/void-release-$DATE.key"
pwgen -cny 25 1 > "$KEYFILE"
signify -G -p "${KEYFILE//key/pub}" -s "${KEYFILE//key/sec}" -c "This key is only valid for images with date $DATE."
signify -S -e -s "${KEYFILE//key/sec}" -m "$SUMFILE" -x "${SUMFILE//txt/sig}"
echo "Creating key..."
pwgen -cny 25 1 > "release/void-release-$DATECODE.key"
minisign -G -p "release/void-release-$DATECODE.pub" \
-s "release/void-release-$DATECODE.sec" \
-c "This key is only valid for images with date $DATECODE."
echo "Signing $SUMFILE..."
minisign -S -x "${SUMFILE//txt/sig}" -s "release/void-release-$DATECODE.sec" \
-c "This key is only valid for images with date $DATECODE." \
-t "This key is only valid for images with date $DATECODE." \
-m "$SUMFILE"
}
case "$1" in