From 10cf8bf3a215138509fb91724031a11761d3e5da Mon Sep 17 00:00:00 2001 From: Ash Berlin-Taylor Date: Tue, 10 Nov 2020 10:56:32 +0000 Subject: [PATCH] Sign release files with an apache.org key by default If you have more than a single private key in your GPG trust store, gpg will use the first one, which for me is not right. This changes the script to by default use any key with `apache.org` in the name. This is a patch I've been carrying locally for about 8 releases now :D --- dev/sign.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dev/sign.sh b/dev/sign.sh index cd805b5251aca..a809fc65a855a 100755 --- a/dev/sign.sh +++ b/dev/sign.sh @@ -23,8 +23,12 @@ set -euo pipefail # you will still be required to type in your signing key password # or it needs to be available in your keychain +# Which key to sign releases with? This can be a (partial) email address or a +# key id. By default use any apache.org key +SIGN_WITH="${SIGN_WITH:-apache.org}" + for name in "${@}" do - gpg --armor --output "${name}.asc" --detach-sig "${name}" + gpg --armor --local-user "$SIGN_WITH" --output "${name}.asc" --detach-sig "${name}" gpg --print-md SHA512 "${name}" > "${name}.sha512" done