You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/02/12 23:26:34 UTC

[GitHub] houshengbo closed pull request #39: Validate the secret key

houshengbo closed pull request #39: Validate the secret key
URL: https://github.com/apache/incubator-openwhisk-release/pull/39
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/tools/sign_artifacts.sh b/tools/sign_artifacts.sh
index 8695d11..a4b0992 100755
--- a/tools/sign_artifacts.sh
+++ b/tools/sign_artifacts.sh
@@ -40,6 +40,7 @@ for artifact in *.tar.gz; do
         # The option --passphrase-fd does not work on Mac.
         `gpg --yes --armor --output ${artifact}.asc --detach-sig ${artifact}`
     elif [ $sysOS == "Linux" ];then
+        echo "started to sign it"
         `echo $passphrase | gpg -c -q --passphrase-fd 0 --yes --armor --output ${artifact}.asc --detach-sig ${artifact}`
     fi
 done
diff --git a/tools/travis/import_pgp_key.sh b/tools/travis/import_pgp_key.sh
index 2998758..01e64e5 100755
--- a/tools/travis/import_pgp_key.sh
+++ b/tools/travis/import_pgp_key.sh
@@ -13,3 +13,5 @@ gpg --import $PARENTDIR/key_pub.gpg
 
 echo "Load the private key."
 gpg --allow-secret-key-import --import $PARENTDIR/key_sec.gpg
+
+gpg --list-keys
diff --git a/tools/util.sh b/tools/util.sh
index 36ddc8b..17720c6 100755
--- a/tools/util.sh
+++ b/tools/util.sh
@@ -12,9 +12,6 @@ function json_by_key() {
 
 function import_key_verify_signature() {
     key_url=$1
-    dir=$2
-    cd $dir
-
     echo "Importing PGP keys"
     curl $key_url | gpg --import && \
     echo "[?] GPG keys imported" \
diff --git a/tools/verify_local_artifacts.sh b/tools/verify_local_artifacts.sh
index 3a83484..78a94d7 100755
--- a/tools/verify_local_artifacts.sh
+++ b/tools/verify_local_artifacts.sh
@@ -7,7 +7,6 @@ echo "Verify the local artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
 
-mkdir -p $OPENWHISK_SVN
 cd $OPENWHISK_SVN/$REMOTE_PATH
 
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS
diff --git a/tools/verify_remote_artifacts.sh b/tools/verify_remote_artifacts.sh
index ad4f330..0d50d24 100755
--- a/tools/verify_remote_artifacts.sh
+++ b/tools/verify_remote_artifacts.sh
@@ -7,7 +7,8 @@ echo "Verify the remote artifacts with the KEYS"
 SCRIPTDIR="$(cd $(dirname "$0")/ && pwd)"
 source "$SCRIPTDIR/load_config.sh" $1 $2 $3
 
-mkdir -p $OPENWHISK_SVN
+rm -rf $OPENWHISK_SVN
+mkdir -p $OPENWHISK_SVN/$REMOTE_PATH
 cd $OPENWHISK_SVN
 
 # Remove the local folder, because we are about to download the artifacts from the staging folder.
@@ -15,7 +16,6 @@ rm -rf $REMOTE_PATH
 
 # Check out the artifacts.
 svn co $CURRENT_VERSION_URL $REMOTE_PATH
-
 cd $REMOTE_PATH
 
-import_key_verify_signature $STAGE_URL/KEYS $OPENWHISK_SVN/$REMOTE_PATH
+import_key_verify_signature $STAGE_URL/KEYS


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services