Closed drusellers closed 7 years ago
krobertson
commented
7 years ago Sure, I'll update.
The signing is with GPG. If you don't give a param, GPG will just select a key to use. Otherwise, to specify the key you provide it's fingerprint/key ID.
drusellers
commented
7 years ago Took me a while to figure it out but I got it. Just new to the Debian workflow. :) On Fri, Jun 2, 2017 at 10:25 Ken Robertson notifications@github.com wrote:
Sure, I'll update.
The signing is with GPG. If you don't give a param, GPG will just select a key to use. Otherwise, to specify the key you provide it's fingerprint/key ID.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/krobertson/deb-s3/issues/121#issuecomment-305820442, or mute the thread https://github.com/notifications/unsubscribe-auth/AAD3e0BUin3d4xhoItfSTK2NR_K8oonwks5sACl7gaJpZM4NuMUu .
drnic
commented
7 years ago An example from our CI for https://apt.starkandwayne.com is:
mkdir -p certs
echo "${GPG_ID:?required}" > certs/id
echo "${GPG_PUBLIC_KEY:?required}" > certs/public.key
set +x
echo "${GPG_PRIVATE_KEY:?required}" > certs/private.key
[ -n "$DEBUG" ] && set -xecho ">> Setup GPG public key" gpg --import certs/public.key echo ">> Setup GPG private key" gpg --allow-secret-key-import --import certs/private.key echo ">> List keys" gpg --list-secret-keys
* Run `deb-s3 upload --sign id`deb-s3 upload "${DEBIAN_FILE}" --bucket "${RELEASE_BUCKET}" --sign $(cat certs/id)
Updated the help text and readme to clarify its a GPG key, and how to specify.
Its not clear to me if I use an EC2 Key or a key on my box. A key on my box makes the most sense. But I just have the one ssh key at the moment. sounds like I may need a new one.