github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-15 12:53:42 +00:00
Code Issues Projects Releases Wiki Activity

fix(ci): sign arm64 rpm packages.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2022-06-16 10:21:30 +02:00 committed by poiana
parent bcda81f700
commit a3c8fa85d4
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.circleci/config.yml
View File

@ -216,11 +216,14 @@ jobs:
yum update -y yum update -y
yum install rpm-sign -y yum install rpm-sign -y
- run: - run:
name: Sign rpm name: Prepare
command: | command: |
echo "%_signature gpg" > ~/.rpmmacros echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name Falcosecurity Package Signing" >> ~/.rpmmacros echo "%_gpg_name Falcosecurity Package Signing" >> ~/.rpmmacros
echo "%__gpg_sign_cmd %{__gpg} --force-v3-sigs --batch --no-armor --passphrase-fd 3 --no-secmem-warning -u \"%{_gpg_name}\" -sb --digest-algo sha256 %{__plaintext_filename}'" >> ~/.rpmmacros echo "%__gpg_sign_cmd %{__gpg} --force-v3-sigs --batch --no-armor --passphrase-fd 3 --no-secmem-warning -u \"%{_gpg_name}\" -sb --digest-algo sha256 %{__plaintext_filename}'" >> ~/.rpmmacros
- run:
name: Sign rpm x86_64
command: |
cd /build/release/ cd /build/release/
echo '#!/usr/bin/expect -f' > sign echo '#!/usr/bin/expect -f' > sign
echo 'spawn rpmsign --addsign {*}$argv' >> sign echo 'spawn rpmsign --addsign {*}$argv' >> sign
@ -231,10 +234,24 @@ jobs:
echo $GPG_KEY | base64 -d | gpg --import echo $GPG_KEY | base64 -d | gpg --import
./sign *.rpm ./sign *.rpm
test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0 test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0
- run:
name: Sign rpm arm64
command: |
cd /build-arm64/release/
echo '#!/usr/bin/expect -f' > sign
echo 'spawn rpmsign --addsign {*}$argv' >> sign
echo 'expect -exact "Enter pass phrase: "' >> sign
echo 'send -- "\n"' >> sign
echo 'expect eof' >> sign
chmod +x sign
echo $GPG_KEY | base64 -d | gpg --import
./sign *.rpm
test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0
- persist_to_workspace: - persist_to_workspace:
root: / root: /
paths: paths:
- build/release/*.rpm - build/release/*.rpm
- build-arm64/release/*.rpm
# Publish the dev packages # Publish the dev packages
"publish-packages-dev": "publish-packages-dev":
docker: docker: