Skip to content

Commit c83c4fa

Browse files
dongcarldongcarl
committed
guix-attest: Allow skipping GPG signing with NO_SIGN
1 parent 0e1c2e4 commit c83c4fa

File tree

1 file changed

+19
-4
lines changed

1 file changed

+19
-4
lines changed

contrib/guix/guix-attest

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,10 @@ source "$(dirname "${BASH_SOURCE[0]}")/libexec/prelude.bash"
1818
# Required non-builtin commands should be invokable
1919
################
2020

21-
check_tools cat env basename mkdir xargs find gpg
21+
check_tools cat env basename mkdir xargs find
22+
if [ -z "$NO_SIGN" ]; then
23+
check_tools gpg
24+
fi
2225

2326
################
2427
# Required env vars should be non-empty
@@ -30,6 +33,7 @@ Synopsis:
3033
3134
env GUIX_SIGS_REPO=<path/to/guix.sigs> \\
3235
SIGNER=GPG_KEY_NAME[=SIGNER_NAME] \\
36+
[ NO_SIGN=1 ]
3337
./contrib/guix/guix-attest
3438
3539
Example w/o overriding signing name:
@@ -44,6 +48,13 @@ Example overriding signing name:
4448
SIGNER=0x96AB007F1A7ED999=dongcarl \\
4549
./contrib/guix/guix-attest
4650
51+
Example w/o signing, just creating SHA256SUMS:
52+
53+
env GUIX_SIGS_REPO=/home/achow101/guix.sigs \\
54+
SIGNER=achow101 \\
55+
NO_SIGN=1 \\
56+
./contrib/guix/guix-attest
57+
4758
EOF
4859
}
4960

@@ -79,7 +90,7 @@ if [ -z "${signer_name}" ]; then
7990
signer_name="$gpg_key_name"
8091
fi
8192

82-
if ! gpg --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then
93+
if [ -z "$NO_SIGN" ] && ! gpg --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then
8394
echo "ERR: GPG can't seem to find any key named '${gpg_key_name}'"
8495
exit 1
8596
fi
@@ -153,8 +164,12 @@ for outdir in "${OUTDIRS[@]}"; do
153164
exit 1
154165
fi
155166
)
156-
echo "${outname}: Signing SHA256SUMS to produce SHA256SUMS.asc"
157-
gpg --detach-sign --local-user "$gpg_key_name" --armor --output "$outsigdir"/SHA256SUMS.asc "$outsigdir"/SHA256SUMS
167+
if [ -z "$NO_SIGN" ]; then
168+
echo "${outname}: Signing SHA256SUMS to produce SHA256SUMS.asc"
169+
gpg --detach-sign --local-user "$gpg_key_name" --armor --output "$outsigdir"/SHA256SUMS.asc "$outsigdir"/SHA256SUMS
170+
else
171+
echo "${outname}: Not signing SHA256SUMS as \$NO_SIGN is not empty"
172+
fi
158173
echo ""
159174
fi
160175
done

0 commit comments

Comments
 (0)