1
#!/usr/bin/env bash
2

3
# We are not using fpm's signing functionality because it does not work anymore
4
# https://github.com/jordansissel/fpm/issues/1626
5

6
set -euxo pipefail
7
shopt -s extglob
8

9
# Write GPG key to GPG keyring
10
printf "%s" "${GPG_PUBLIC_KEY}" > /tmp/gpg-public-key
11
gpg --import /tmp/gpg-public-key
12
printf "%s" "${GPG_PRIVATE_KEY}" | gpg --import --no-tty --batch --yes --passphrase "${GPG_PASSPHRASE}"
13

14
rpm --import /tmp/gpg-public-key
15

16
echo "%_gpg_name Grafana <[email protected]>
17
%_signature gpg
18
%_gpg_path /root/.gnupg
19
%_gpgbin /usr/bin/gpg
20
%__gpg /usr/bin/gpg
21
%__gpg_sign_cmd     %{__gpg} \
22
         gpg --no-tty --batch --yes --no-verbose --no-armor \
23
         --passphrase ${GPG_PASSPHRASE} \
24
         --pinentry-mode loopback \
25
         %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \
26
         --no-secmem-warning \
27
         -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}
28
" > ~/.rpmmacros
29

30
for f in dist/*.rpm; do
31
  rpm --addsign "${f}"
32
  rpm --checksig "${f}"
33
done
34

35