From cbdefad44c474bd8a6c987442ccc0d6d11234c68 Mon Sep 17 00:00:00 2001 From: Jia Zhang Date: Sun, 20 Aug 2017 15:06:22 +0800 Subject: [PATCH] create-user-key-store.sh: support gpg 2.x used to generate rpm signing key Signed-off-by: Jia Zhang --- .../scripts/create-user-key-store.sh | 44 +++++++++++-------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index 85d6965..12da2e7 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh @@ -188,21 +188,28 @@ create_ima_user_key() { create_rpm_user_key() { local gpg_ver=`gpg --version | head -1 | awk '{ print $3 }' | awk -F. '{ print $1 }'` - - if [ x"$gpg_ver" != x"1" ]; then - echo "gpg version 2 is not supported" - exit 1 - fi - local key_dir="$RPM_KEYS_DIR" - [ ! -d "$key_dir" ] && mkdir -p "$key_dir" + [ ! -d "$key_dir" ] && mkdir -m 0700 -p "$key_dir" local gpg_key_name="SecureCore" local priv_key="$key_dir/RPM-GPG-PRIVKEY-$gpg_key_name" local pub_key="$key_dir/RPM-GPG-KEY-$gpg_key_name" - cat >"$key_dir/gen_rpm_keyring" < "$pub_key" + + gpg --homedir "$key_dir" --export-secret-keys --armor "$gpg_key_name" > "$priv_key" + + cd "$key_dir" + rm -rf openpgp-revocs.d private-keys-v1.d pubring.kbx* \ + trustdb.gpg + cd - + else + cat >"$key_dir/gen_rpm_keyring" < "$pub_key" - $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key" + $gpg --export --armor "$gpg_key_name" > "$pub_key" + $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key" - rm -f "$key_dir/gen_rpm_keyring" - rm -f "$priv_key.sec" "$pub_key.pub" + rm -f "$key_dir/gen_rpm_keyring" + rm -f "$priv_key.sec" "$pub_key.pub" + fi } create_user_keys() {