From e3c7a98974fe3c29091061acad5758918e832928 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Wed, 13 Nov 2019 21:55:30 -1000 Subject: [PATCH] scripts: signall.sh store usign.key as usign.sec The signall.sh script signs all files inside a tar via GPG and signify-openbsd (similar to usign)e and attaches the signatures to the same archive. Using more recent versions of signify-openbsd requires a specific naming schema for keys, private ending with .sec and public with .pub. This was introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0]. This patch renames the stored key as usign.sec instead of usign.key. As of the temporary nature of the key storing, this very unlikely breaks any existing setups. [0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222 Signed-off-by: Paul Spooren [adjusted commit subject] Signed-off-by: Jo-Philipp Wich --- scripts/signall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/signall.sh b/scripts/signall.sh index 269375f..8f39500 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then fi umask 077 - printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key" + printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec" umask 022 find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \ - signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5 + signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5 fi tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6 -- 2.30.2