diff --git a/cmd_publish.go b/cmd_publish.go index 3ba7aec7..2b95ab24 100644 --- a/cmd_publish.go +++ b/cmd_publish.go @@ -16,11 +16,8 @@ func getSigner(cmd *commander.Command) (utils.Signer, error) { } signer := &utils.GpgSigner{} - - key := cmd.Flag.Lookup("gpg-key").Value.String() - if key != "" { - signer.SetKey(key) - } + signer.SetKey(cmd.Flag.Lookup("gpg-key").Value.String()) + signer.SetKeyRing(cmd.Flag.Lookup("keyring").Value.String(), cmd.Flag.Lookup("secret-keyring").Value.String()) err := signer.Init() if err != nil { @@ -213,6 +210,8 @@ ex. cmd.Flag.String("distribution", "", "distribution name to publish") cmd.Flag.String("component", "", "component name to publish") cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release") + cmd.Flag.String("keyring", "", "GPG keyring to use (instead of default)") + cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)") cmd.Flag.Bool("skip-signing", false, "don't sign Release files with GPG") return cmd diff --git a/debian/publish_test.go b/debian/publish_test.go index f8a97e55..f326c5dd 100644 --- a/debian/publish_test.go +++ b/debian/publish_test.go @@ -28,7 +28,9 @@ func (n *NullSigner) Init() error { } func (n *NullSigner) SetKey(keyRef string) { +} +func (g *NullSigner) SetKeyRing(keyring, secretKeyring string) { } func (n *NullSigner) DetachedSign(source string, destination string) error { diff --git a/utils/gpg.go b/utils/gpg.go index 7ab815c8..ea0b33e5 100644 --- a/utils/gpg.go +++ b/utils/gpg.go @@ -15,6 +15,7 @@ import ( type Signer interface { Init() error SetKey(keyRef string) + SetKeyRing(keyring, secretKeyring string) DetachedSign(source string, destination string) error ClearSign(source string, destination string) error } @@ -35,7 +36,8 @@ var ( // GpgSigner is implementation of Signer interface using gpg type GpgSigner struct { - keyRef string + keyRef string + keyring, secretKeyring string } // SetKey sets key ID to use when signing files @@ -43,6 +45,27 @@ func (g *GpgSigner) SetKey(keyRef string) { g.keyRef = keyRef } +// SetKeyring allows to set custom keyring and secretkeyring +func (g *GpgSigner) SetKeyRing(keyring, secretKeyring string) { + g.keyring, g.secretKeyring = keyring, secretKeyring +} + +func (g *GpgSigner) gpgArgs() []string { + args := []string{} + if g.keyring != "" { + args = append(args, "--no-default-keyring", "--keyring", g.keyring) + } + if g.secretKeyring != "" { + args = append(args, "--secret-keyring", g.secretKeyring) + } + + if g.keyRef != "" { + args = append(args, "-u", g.keyRef) + } + + return args +} + // Init verifies availability of gpg & presence of keys func (g *GpgSigner) Init() error { output, err := exec.Command("gpg", "--list-keys").Output() @@ -62,9 +85,7 @@ func (g *GpgSigner) DetachedSign(source string, destination string) error { fmt.Printf("Signing file '%s' with gpg, please enter your passphrase when prompted:\n", source) args := []string{"-o", destination, "--armor", "--yes"} - if g.keyRef != "" { - args = append(args, "-u", g.keyRef) - } + args = append(args, g.gpgArgs()...) args = append(args, "--detach-sign", source) cmd := exec.Command("gpg", args...) return cmd.Run() @@ -74,9 +95,7 @@ func (g *GpgSigner) DetachedSign(source string, destination string) error { func (g *GpgSigner) ClearSign(source string, destination string) error { fmt.Printf("Clearsigning file '%s' with gpg, please enter your passphrase when prompted:\n", source) args := []string{"-o", destination, "--yes"} - if g.keyRef != "" { - args = append(args, "-u", g.keyRef) - } + args = append(args, g.gpgArgs()...) args = append(args, "--clearsign", source) cmd := exec.Command("gpg", args...) return cmd.Run()