busbey commented on a change in pull request #1620: URL: https://github.com/apache/hbase/pull/1620#discussion_r426321658
########## File path: dev-support/create-release/do-release-docker.sh ########## @@ -151,21 +200,53 @@ GIT_NAME=$GIT_NAME GIT_EMAIL=$GIT_EMAIL GPG_KEY=$GPG_KEY ASF_PASSWORD=$ASF_PASSWORD -GPG_PASSPHRASE=$GPG_PASSPHRASE RELEASE_STEP=$RELEASE_STEP RELEASE_STEP=$RELEASE_STEP API_DIFF_TAG=$API_DIFF_TAG EOF -JAVA_VOL= +JAVA_MOUNT=() if [ -n "$JAVA" ]; then echo "JAVA_HOME=/opt/hbase-java" >> "$ENVFILE" - JAVA_VOL="--volume $JAVA:/opt/hbase-java" + JAVA_MOUNT=(--mount "type=bind,src=${JAVA},dest=/opt/hbase-java,readonly") +fi + +GPG_PROXY_MOUNT=() +if [ "${HOST_OS}" == "DARWIN" ]; then + GPG_PROXY_MOUNT=(--mount "type=volume,src=gpgagent,dst=/home/${USER}/.gnupg/") + echo "Setting up GPG agent proxy container needed on OS X." + echo " we should clean this up for you. If that fails the container ID is below and in " \ + "gpg-proxy.cid" + #TODO the key pair used should be configurable + docker run --rm -p 62222:22 \ + --detach --cidfile "${WORKDIR}/gpg-proxy.cid" \ + --mount \ + "type=bind,src=${HOME}/.ssh/id_rsa.pub,dst=/home/${USER}/.ssh/authorized_keys,readonly" \ + "${GPG_PROXY_MOUNT[@]}" \ + "org.apache.hbase/gpg-agent-proxy:${IMGTAG}" + echo "Launching ssh reverse tunnel from the container to gpg agent." + echo " we should clean this up for you. If that fails the PID is in gpg-proxy.ssh.pid" + ssh -p 62222 -R "/home/${USER}/.gnupg/S.gpg-agent:$(gpgconf --list-dir agent-extra-socket)" \ + -i "${HOME}/.ssh/id_rsa" -N -n localhost & + echo $! > "${WORKDIR}/gpg-proxy.ssh.pid" +else + # TODO this presumes we are still trying to make a local gpg-agent available to the container. + # add an option so that we can run the buid on a remote machine and get the forwarded + # gpg-agent in the container. Should look like the side-car container mount above. + # it is important not to do that for a local linux agent because we only want the container + # to get access to the restricted extra socket on our local gpg-agent. + GPG_PROXY_MOUNT=(--mount \ + "type=bind,src=$(gpgconf --list-dir agent-extra-socket),dst=/home/${USER}/.gnupg/S.gpg-agent") Review comment: yeah. I think I can make this less complicated by giving docs on how to proxy your gpg-agent to a remote host. gonna work through that next now that I have local execution on my mac working. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org