houshengbo closed pull request #39: Validate the secret key
URL: https://github.com/apache/incubator-openwhisk-release/pull/39

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/tools/sign_artifacts.sh b/tools/sign_artifacts.sh
index 8695d11..a4b0992 100755
--- a/tools/sign_artifacts.sh
+++ b/tools/sign_artifacts.sh
@@ -40,6 +40,7 @@ for artifact in *.tar.gz; do
         # The option --passphrase-fd does not work on Mac.
         `gpg --yes --armor --output ${artifact}.asc --detach-sig ${artifact}`
     elif [ $sysOS == "Linux" ];then
+        echo "started to sign it"
         `echo $passphrase | gpg -c -q --passphrase-fd 0 --yes --armor --output 
${artifact}.asc --detach-sig ${artifact}`
diff --git a/tools/travis/import_pgp_key.sh b/tools/travis/import_pgp_key.sh
index 2998758..01e64e5 100755
--- a/tools/travis/import_pgp_key.sh
+++ b/tools/travis/import_pgp_key.sh
@@ -13,3 +13,5 @@ gpg --import $PARENTDIR/key_pub.gpg
 echo "Load the private key."
 gpg --allow-secret-key-import --import $PARENTDIR/key_sec.gpg
+gpg --list-keys
diff --git a/tools/util.sh b/tools/util.sh
index 36ddc8b..17720c6 100755
--- a/tools/util.sh
+++ b/tools/util.sh
@@ -12,9 +12,6 @@ function json_by_key() {
 function import_key_verify_signature() {
-    dir=$2
-    cd $dir
     echo "Importing PGP keys"
     curl $key_url | gpg --import && \
     echo "[?] GPG keys imported" \
diff --git a/tools/verify_local_artifacts.sh b/tools/verify_local_artifacts.sh
index 3a83484..78a94d7 100755
--- a/tools/verify_local_artifacts.sh
+++ b/tools/verify_local_artifacts.sh
@@ -7,7 +7,6 @@ echo "Verify the local artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
-mkdir -p $OPENWHISK_SVN
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS
diff --git a/tools/verify_remote_artifacts.sh b/tools/verify_remote_artifacts.sh
index ad4f330..0d50d24 100755
--- a/tools/verify_remote_artifacts.sh
+++ b/tools/verify_remote_artifacts.sh
@@ -7,7 +7,8 @@ echo "Verify the remote artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
-mkdir -p $OPENWHISK_SVN
 # Remove the local folder, because we are about to download the artifacts from 
the staging folder.
@@ -15,7 +16,6 @@ rm -rf $REMOTE_PATH
 # Check out the artifacts.
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

Reply via email to