[airflow] 01/02: Sign release files with an apache.org key by default (#12241)

[ka...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git

commit 0710c7929a682db926959c3356fb62899fb54b07
Author: Ash Berlin-Taylor <as...@firemirror.com>
AuthorDate: Tue Nov 10 11:26:48 2020 +0000

    Sign release files with an apache.org key by default (#12241)
    
    If you have more than a single private key in your GPG trust store, gpg
    will use the first one, which for me is not right.
    
    This changes the script to by default use any key with `apache.org` in
    the name. This is a patch I've been carrying locally for about 8
    releases now :D
    
    (cherry picked from commit 3ab5828142b8ae786556867552d92e7e61ae2fb1)
---
 dev/sign.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dev/sign.sh b/dev/sign.sh
index cd805b5..a809fc6 100755
--- a/dev/sign.sh
+++ b/dev/sign.sh
@@ -23,8 +23,12 @@ set -euo pipefail
 # you will still be required to type in your signing key password
 # or it needs to be available in your keychain
 
+# Which key to sign releases with? This can be a (partial) email address or a
+# key id. By default use any apache.org key
+SIGN_WITH="${SIGN_WITH:-apache.org}"
+
 for name in "${@}"
 do
-    gpg --armor --output "${name}.asc" --detach-sig "${name}"
+    gpg --armor --local-user "$SIGN_WITH" --output "${name}.asc" --detach-sig "${name}"
     gpg --print-md SHA512 "${name}" > "${name}.sha512"
 done