Please, provide --gpg-opt (or implement --sign-args)

AppImage / appimagetool

A low-level tool to generate an AppImage from an existing AppDir

58 stars 11 forks source link

Please, provide --gpg-opt (or implement --sign-args) #39

Closed Korsar13 closed 2 months ago

Korsar13 commented 7 months ago

I can’t run AppImageTool with the --sign option from Jenkins: it requires a password for the certificate. If it were possible to add gpg options for signing with the new --gpg-opt option, you could do this: appimagetool appdir app.AppImage --sign --gpg-opt --batch --gpg-opt --pinentry-mode=loopback --gpg-opt --passphrase-file=secret-file-password

Korsar13 commented 7 months ago

AppImageKit readme file:

--sign-args Extra arguments to use when signing with gpg[2]

but latest binary doesn't recognize option:

jenkins@ubox:~/k13$ ./appimagetool-x86_64.AppImage --version
appimagetool, continuous build (git version bfe6e0c), build 92 built on 2023-07-16 13:25:42 UTC
...
Option parsing failed: Unknown option --sign-args

TheAssassin commented 2 months ago

appimagetool uses gpgme as a library, not the CLI directly. There's even a APPIMAGETOOL_SIGN_PASSPHRASE env var that serves your use case. I don't think there's a reason to add any such feature and I'm not sure it'd be possible with gpgme.