gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Stop using s3 for packaging signing key 

- Stop pulling the package signing key from s3. This removes the final
  dependency requirement for awscli in the container build images.

Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8393

Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8398

Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/78

Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/77

Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
This commit is contained in:
Robert Marshall 2024-01-25 18:26:45 -05:00
parent c2a94ae857
commit 3985f67dbb
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
support/import_gpg_secrets.sh
View File

@ -1,10 +1,7 @@
#!/bin/bash
# GPG key for package signing
if [ -n "$SECRET_AWS_ACCESS_KEY_ID" ]; then
echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
AWS_ACCESS_KEY_ID="$SECRET_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$SECRET_AWS_SECRET_ACCESS_KEY" aws s3 cp s3://omnibus-sig/package.sig.key .
gpg --batch --no-tty --allow-secret-key-import --import package.sig.key
rm package.sig.key
if [ -n "$PACKAGE_SIGNING_KEY_FILE" ]; then
gpg --batch --no-tty --allow-secret-key-import --import "$PACKAGE_SIGNING_KEY_FILE"
else
echo "No GPG secret key were imported."
fi