[OpenWrt-Devel] [PATCH] buildbot: signall.sh store usign.key as usign.sec

Paul Spooren mail at aparcar.org
Thu Nov 14 02:55:30 EST 2019

The signall.sh script signs all files inside a tar via GPG and
signify-openbsd (similar to usign)e and attaches the signatures to the
same archive.

Using more recent versions of signify-openbsd requires a specific naming
schema for keys, private ending with .sec and public with .pub. This was
introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0].

This patch renames the stored key as usign.sec instead of usign.key. As
of the temporary nature of the key storing, this very unlikely breaks
any existing setups.

[0]: https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222

Signed-off-by: Paul Spooren <mail at aparcar.org>
Tested and working on Debian 10

 scripts/signall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/signall.sh b/scripts/signall.sh
index 269375f..8f39500 100755
--- a/scripts/signall.sh
+++ b/scripts/signall.sh
@@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then
 	umask 077
-	printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.key"
+	printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
 	umask 022
 	find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
-		signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m "{}" \; || finish 5
+		signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5
 tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list