scripts: signall.sh store usign.key as usign.sec

The signall.sh script signs all files inside a tar via GPG and
signify-openbsd (similar to usign)e and attaches the signatures to the
same archive.

Using more recent versions of signify-openbsd requires a specific naming
schema for keys, private ending with .sec and public with .pub. This was
introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0].

This patch renames the stored key as usign.sec instead of usign.key. As
of the temporary nature of the key storing, this very unlikely breaks
any existing setups.

[0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222

Signed-off-by: Paul Spooren <mail@aparcar.org>
[adjusted commit subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/scripts/signall.sh b/scripts/signall.sh
index 269375f3a84dfb164c1285f95a374a6b362b4fe5..8f395006629504355d88922a8c35a5dc7c174d11 100755 (executable)
--- a/scripts/signall.sh
+++ b/scripts/signall.sh
@@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then
        fi
 
        umask 077
-       printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key"
+       printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
 
        umask 022
        find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
-               signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5
+               signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5
 fi
 
 tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6