forked from flatcar/scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gpg_setup.sh
31 lines (28 loc) · 1.03 KB
/
gpg_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Common gpg setup code to be sourced by other scripts in this
# directory. It will set up GnuPG home directory, possibly with a key
# from SIGNING_KEY environment variable.
#
# After this file is sourced, SIGNER is always defined and exported,
# even if empty. SIGNING_KEY is clobbered.
: ${SIGNING_KEY:=''}
: ${SIGNER:=''}
if [[ "${HOME}/.gnupg" -ef "${PWD}/.gnupg" ]]; then
echo 'Do not source ${BASH_SOURCE} directly in your home directory - it will clobber your GnuPG directory!' >&2
exit 1
fi
export GNUPGHOME="${PWD}/.gnupg"
rm -rf "${GNUPGHOME}"
trap 'rm -rf "${GNUPGHOME}"' EXIT
mkdir --mode=0700 "${GNUPGHOME}"
# Sometimes this directory is not automatically created thus making
# further private key imports to fail. Let's create it here as a
# workaround.
mkdir -p --mode=0700 "${GNUPGHOME}/private-keys-v1.d/"
if [[ -n "${SIGNING_KEY}" ]] && [[ -n "${SIGNER}" ]]; then
gpg --batch --import "${SIGNING_KEY}"
else
SIGNER=''
fi
export SIGNER
# Clobber signing key variable, we don't need it any more.
export SIGNING_KEY=''