You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ho...@apache.org on 2018/02/12 23:26:31 UTC

[incubator-openwhisk-release] branch master updated: Validate the secret key (#39)

This is an automated email from the ASF dual-hosted git repository.

houshengbo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-release.git


The following commit(s) were added to refs/heads/master by this push:
     new f4339c2  Validate the secret key (#39)
f4339c2 is described below

commit f4339c2db842590537fd329a0f985d3b67910f05
Author: violagao <33...@users.noreply.github.com>
AuthorDate: Mon Feb 12 18:26:30 2018 -0500

    Validate the secret key (#39)
---
 tools/sign_artifacts.sh          | 1 +
 tools/travis/import_pgp_key.sh   | 2 ++
 tools/util.sh                    | 3 ---
 tools/verify_local_artifacts.sh  | 3 +--
 tools/verify_remote_artifacts.sh | 6 +++---
 5 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/tools/sign_artifacts.sh b/tools/sign_artifacts.sh
index 8695d11..a4b0992 100755
--- a/tools/sign_artifacts.sh
+++ b/tools/sign_artifacts.sh
@@ -40,6 +40,7 @@ for artifact in *.tar.gz; do
         # The option --passphrase-fd does not work on Mac.
         `gpg --yes --armor --output ${artifact}.asc --detach-sig ${artifact}`
     elif [ $sysOS == "Linux" ];then
+        echo "started to sign it"
         `echo $passphrase | gpg -c -q --passphrase-fd 0 --yes --armor --output ${artifact}.asc --detach-sig ${artifact}`
     fi
 done
diff --git a/tools/travis/import_pgp_key.sh b/tools/travis/import_pgp_key.sh
index 2998758..01e64e5 100755
--- a/tools/travis/import_pgp_key.sh
+++ b/tools/travis/import_pgp_key.sh
@@ -13,3 +13,5 @@ gpg --import $PARENTDIR/key_pub.gpg
 
 echo "Load the private key."
 gpg --allow-secret-key-import --import $PARENTDIR/key_sec.gpg
+
+gpg --list-keys
diff --git a/tools/util.sh b/tools/util.sh
index 36ddc8b..17720c6 100755
--- a/tools/util.sh
+++ b/tools/util.sh
@@ -12,9 +12,6 @@ function json_by_key() {
 
 function import_key_verify_signature() {
     key_url=$1
-    dir=$2
-    cd $dir
-
     echo "Importing PGP keys"
     curl $key_url | gpg --import && \
     echo "[✓] GPG keys imported" \
diff --git a/tools/verify_local_artifacts.sh b/tools/verify_local_artifacts.sh
index 3a83484..78a94d7 100755
--- a/tools/verify_local_artifacts.sh
+++ b/tools/verify_local_artifacts.sh
@@ -7,7 +7,6 @@ echo "Verify the local artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
 
-mkdir -p $OPENWHISK_SVN
 cd $OPENWHISK_SVN/$REMOTE_PATH
 
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS
diff --git a/tools/verify_remote_artifacts.sh b/tools/verify_remote_artifacts.sh
index ad4f330..0d50d24 100755
--- a/tools/verify_remote_artifacts.sh
+++ b/tools/verify_remote_artifacts.sh
@@ -7,7 +7,8 @@ echo "Verify the remote artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
 
-mkdir -p $OPENWHISK_SVN
+rm -rf $OPENWHISK_SVN
+mkdir -p $OPENWHISK_SVN/$REMOTE_PATH
 cd $OPENWHISK_SVN
 
 # Remove the local folder, because we are about to download the artifacts from the staging folder.
@@ -15,7 +16,6 @@ rm -rf $REMOTE_PATH
 
 # Check out the artifacts.
 svn co $CURRENT_VERSION_URL $REMOTE_PATH
-
 cd $REMOTE_PATH
 
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS

-- 
To stop receiving notification emails like this one, please contact
houshengbo@apache.org.