The signall.sh script signs all files inside a tar via GPG and signify-openbsd (similar to usign)e and attaches the signatures to the same archive.
Using more recent versions of signify-openbsd requires a specific naming schema for keys, private ending with .sec and public with .pub. This was introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0]. This patch renames the stored key as usign.sec instead of usign.key. As of the temporary nature of the key storing, this very unlikely breaks any existing setups. [0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222 Signed-off-by: Paul Spooren <[email protected]> --- Tested and working on Debian 10 https://buildmaster.aparcar.org/#/builders/79/builds/4/steps/64/logs/stdio scripts/signall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/signall.sh b/scripts/signall.sh index 269375f..8f39500 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then fi umask 077 - printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key" + printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec" umask 022 find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \ - signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5 + signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5 fi tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6 -- 2.24.0.rc1 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
