Commit fc1d14ac authored by Chaoting Liu's avatar Chaoting Liu

move ssh and gpg configuration into prepare_key.sh

- combined with gpg recv-keys
parent 55c6a87d
#!/usr/bin/env bash
SCRIPT_DIR=$( dirname $( readlink -e $0 ) )
source "$SCRIPT_DIR/lib/ci-library.sh"
_do list_packages
# `gpg --recv-key` requires write access to the current user's home directory!
for server in $(shuf -e ha.pool.sks-keyservers.net \
keys.gnupg.net \
keyserver.ubuntu.com \
keys.openpgp.org \
pgp.mit.edu) ; do
gpg --keyserver "$server" --recv-keys $(get_validpgpkeys) && break || : ;
done
......@@ -2,43 +2,10 @@
SCRIPT_DIR=$( dirname $( readlink -e $0 ) )
source "$SCRIPT_DIR/lib/ci-library.sh"
# SSH setup
_log command "SSH setup"
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
#- mkdir -p ~/.ssh
#- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
_do mkdir -p ~/.ssh
[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
_do chmod 600 ~/.ssh/id_rsa
_do chmod 700 ~/.ssh
# Run ssh-agent (inside the build environment)
_do eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
_do ssh-add ~/.ssh/id_rsa
# GPG setup
_log command "GPG setup"
# Configure gpg.conf
_do echo "keyserver-options auto-key-retrieve
auto-key-locate local,wkd
pinentry-mode loopback
passphrase $GPG_PASSWORD" >> ~/.gnupg/gpg.conf
_do gpg -v --batch --import <(echo "$GPG_PRIVATE_KEY")
# Configure gpg-agent.conf
_do echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
_do gpg-connect-agent reloadagent /bye
# Fetch public key and locally sign via pacman-keyring
_do sudo pacman-key --init
_do sudo pacman-key --populate chakra
_do sudo pacman-key --refresh-keys
_do pacman-key --init
_do pacman-key --populate chakra
_do pacman-key --refresh-keys
# prepare the build environment
_log command "Setting up locale.gen..."
......
#!/usr/bin/env bash
SCRIPT_DIR=$( dirname $( readlink -e $0 ) )
source "$SCRIPT_DIR/lib/ci-library.sh"
# SSH setup
_log command "SSH setup"
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
#- mkdir -p ~/.ssh
#- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
_do mkdir -p ~/.ssh
[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
_do chmod 600 ~/.ssh/id_rsa
_do chmod 700 ~/.ssh
# Run ssh-agent (inside the build environment)
_do eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
_do ssh-add ~/.ssh/id_rsa
# GPG setup
_log command "GPG setup"
# Configure gpg.conf
_do printf "keyserver-options auto-key-retrieve
auto-key-locate local,wkd
pinentry-mode loopback
passphrase $GPG_PASSWORD" >> ~/.gnupg/gpg.conf
_do gpg -v --batch --import <(echo "$GPG_PRIVATE_KEY")
# Configure gpg-agent.conf
_do echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
_do gpg-connect-agent reloadagent /bye
_do list_packages
# `gpg --recv-key` requires write access to the current user's home directory!
for server in $(shuf -e ha.pool.sks-keyservers.net \
keys.gnupg.net \
keyserver.ubuntu.com \
keys.openpgp.org \
pgp.mit.edu) ; do
gpg --keyserver "$server" --recv-keys $(get_validpgpkeys) && break || : ;
done
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment