Stop using s3 for packaging signing key
- Stop pulling the package signing key from s3. This removes the final dependency requirement for awscli in the container build images. Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8393 Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8398 Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/78 Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/77 Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
This commit is contained in:
parent
c2a94ae857
commit
3985f67dbb
|
@ -1,10 +1,7 @@
|
|||
#!/bin/bash
|
||||
# GPG key for package signing
|
||||
if [ -n "$SECRET_AWS_ACCESS_KEY_ID" ]; then
|
||||
echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
|
||||
AWS_ACCESS_KEY_ID="$SECRET_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$SECRET_AWS_SECRET_ACCESS_KEY" aws s3 cp s3://omnibus-sig/package.sig.key .
|
||||
gpg --batch --no-tty --allow-secret-key-import --import package.sig.key
|
||||
rm package.sig.key
|
||||
if [ -n "$PACKAGE_SIGNING_KEY_FILE" ]; then
|
||||
gpg --batch --no-tty --allow-secret-key-import --import "$PACKAGE_SIGNING_KEY_FILE"
|
||||
else
|
||||
echo "No GPG secret key were imported."
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue