diff options
author | Ayush Ranjan <ayushranjan@google.com> | 2020-09-03 21:42:49 -0700 |
---|---|---|
committer | Andrei Vagin <avagin@gmail.com> | 2020-09-09 17:53:10 -0700 |
commit | dfeb9d8b45f76aa01f09e9c0cd40347c9e58680d (patch) | |
tree | 624b5c9a6439e50756d8fcf5bb1c962816084812 /tools/make_apt.sh | |
parent | 4d5627f76346e8afbab1506b8151c7ccb3f82f16 (diff) |
Fix the release workflow.
PiperOrigin-RevId: 330049242
Diffstat (limited to 'tools/make_apt.sh')
-rwxr-xr-x | tools/make_apt.sh | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/tools/make_apt.sh b/tools/make_apt.sh index b47977ed5..fdc5e9192 100755 --- a/tools/make_apt.sh +++ b/tools/make_apt.sh @@ -54,18 +54,21 @@ declare -r release="${root}/dists/${suite}" mkdir -p "${release}" # Create a temporary keyring, and ensure it is cleaned up. +# Using separate homedir allows us to install apt repositories multiple times +# using the same key. This is a limitation in GnuPG pre-2.1. declare -r keyring=$(mktemp /tmp/keyringXXXXXX.gpg) +declare -r homedir=$(mktemp -d /tmp/homedirXXXXXX) cleanup() { - rm -f "${keyring}" + rm -rf "${keyring}" "${homedir}" } trap cleanup EXIT # We attempt the import twice because the first one will fail if the public key # is not found. This isn't actually a failure for us, because we don't require -# the public (this may be stored separately). The second import will succeed +# the public key (this may be stored separately). The second import will succeed # because, in reality, the first import succeeded and it's a no-op. -gpg --no-default-keyring --keyring "${keyring}" --secret-keyring "${keyring}" --import "${private_key}" || \ - gpg --no-default-keyring --keyring "${keyring}" --secret-keyring "${keyring}" --import "${private_key}" +gpg --no-default-keyring --keyring "${keyring}" --homedir "${homedir}" --import "${private_key}" || \ + gpg --no-default-keyring --keyring "${keyring}" --homedir "${homedir}" --import "${private_key}" # Copy the packages into the root. for pkg in "$@"; do |