From 96426ee0d9f9906faa1f314c7304dd5e707cf957 Mon Sep 17 00:00:00 2001 From: Leon Wright Date: Mon, 23 Nov 2020 15:48:34 +0800 Subject: [PATCH 1/3] Use base64 encoded export of private key --- .github/workflows/deploy.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index abeb5551f5..c2ee505afe 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -51,7 +51,7 @@ jobs: env: DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} run: | - echo -e "$DEBIAN_PRIVATE_KEY" | gpg --batch --import + printf "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import gpg --list-secret-keys --keyid-format LONG ./build deb-sign --configuration=Release --exclusive if: ${{ env.DEBIAN_PRIVATE_KEY }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3de59eaf02..aaba883ecb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,7 +52,7 @@ jobs: env: DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} run: | - echo -e "$DEBIAN_PRIVATE_KEY" | gpg --batch --import + printf "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import gpg --list-secret-keys --keyid-format LONG ./build deb-sign --configuration=Release --exclusive if: ${{ env.DEBIAN_PRIVATE_KEY }} From 7e0245397f5518bb7257e1f8f667b4d43a20c740 Mon Sep 17 00:00:00 2001 From: Leon Wright Date: Mon, 23 Nov 2020 15:49:23 +0800 Subject: [PATCH 2/3] Remove short key expiry --- debian/repo.pub | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/debian/repo.pub b/debian/repo.pub index 9331acfe28..fd42e1bc39 100644 --- a/debian/repo.pub +++ b/debian/repo.pub @@ -27,15 +27,15 @@ wkqXbY+XiNHOa3TgOIjrpRTKHPyqrgmKDmu6TTgjfnbl+ZUGD41mcphmZknIHwO/ wAg0PBwd4K4Q6ghF5cVbMvjil1lxn052TtYKzPnrktWONOS6p26MG+Ht887LAw/q 6ltVVcv1A3jiyTvakyzBVw0UaWxa57BOLkSjAQh3ncYDYfXiEaAVRblCFTDgZLzv tp7A3a/WgV8EccuNLfJRRNVr6NbIWmmS2w31yZfk8Migw0Ml9wShWO9j5MLcP/6D -2UHngQARAQABiQG8BBgBCgAmFiEESn2nOhwJH8asf/JBIDOMXcFb9BIFAl+14VIC -GwwFCQPCZwAACgkQIDOMXcFb9BIgfQv/byyl/hlUGRoP8VKyLe58SzbYm96guj2p -MGbiC1rn0hw0RDcUECdfwyj6I50aQ3FXWdLURQ+a0px7eJqzVbNkOpML3prMnBgL -MFWCJA+DcLt/72Owtr/lBSwpcJ7czbONNEBftpyRkNL64o/W/SS8R6KRmZrwsVon -n3/VuVYBOA367QtmJasZW/oJs8sBiA5YE/CxLhDZ4+VecGXvKhZPOzzD/WLElueW -/8jiWG5sE7x9qHKC/xmtCUUzvUsDe5ZEmIve9CTKRx0LOFK5ryN+Kan39zP2Bcj3 -cGfpSS4AtNdawQJks9WUqzupUpOTCSDEHFkjSIffBiGKQ6RK0gOqXboUZusQIsBT -MvZmSib7SyOkmPYZyzUwegM9m+QeBCFQYeSPiLgPw+kAnh8PzmoyiGlQhBI4k9H3 -9c8QEpxTCHbhoEGsVVltGDwqdXBAcOqqZKI4EUGhw+UKRHHNDtjMLDarwV7dnD4W -LOC19gsP0TsTBXCp6h0EUWCi0BJacQkD -=oleY +2UHngQARAQABiQG2BBgBCgAgAhsMFiEESn2nOhwJH8asf/JBIDOMXcFb9BIFAl+7 +ZTMACgkQIDOMXcFb9BIp/Av/bL05gSnoplkY4Caq22FrXcv7x0RNmyoIXACnHJgY +Xf1wJQxuZBomny4p8UEsdplS0eRUOu9SWwzwG1Qus7Oxn2OHPIKCZUZwrEK/LhUf +NNWuvR2u9ZG8jkA3oeOCilupz5NqzA8Ce9MMWn8vJpNXchb5Dxd8obNffDP1J0kj +K5yvZiwwTxNANnEXDsHAlVLr9dbH5GunnVVSUHJ4MDa1w33K+53QtReuSTfo5tLk +X5nUvXD+hqvdUOKrq3X7XcCtKsTsBnZBVtYq1FHCkOWHQl61SRImPVQpbPAfkFY/ +vvGszAA9RYCG4etML586qU/nrDjZZBXyfMGi5sTHJK0f6wH43oUsCYhwbK2PV2g2 +aiWJ2rgGMP3FqtTy5D1Z0ZjZl6KnIl5Hn5K1TKml42w0MgX94hr2ojDxT9PCXGST +poMRA44p0nLgRdz57qQqo1DLVYd+VX+RuRKJN2mlF3Yu8gkgV3J46wr0HeNuEnGd +Y96gDX030jh59kFnt722WPdE +=dqhR -----END PGP PUBLIC KEY BLOCK----- From ec9e08503611e986efc4846a1151dd6d5117d2bd Mon Sep 17 00:00:00 2001 From: Paul Hebble Date: Mon, 23 Nov 2020 07:58:49 -0600 Subject: [PATCH 3/3] Feed key with here-string --- .github/workflows/deploy.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c2ee505afe..4cc39152cf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -51,7 +51,7 @@ jobs: env: DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} run: | - printf "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import + base64 --decode <<<"$DEBIAN_PRIVATE_KEY" | gpg --batch --import gpg --list-secret-keys --keyid-format LONG ./build deb-sign --configuration=Release --exclusive if: ${{ env.DEBIAN_PRIVATE_KEY }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aaba883ecb..8439f147c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,7 +52,7 @@ jobs: env: DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} run: | - printf "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import + base64 --decode <<<"$DEBIAN_PRIVATE_KEY" | gpg --batch --import gpg --list-secret-keys --keyid-format LONG ./build deb-sign --configuration=Release --exclusive if: ${{ env.DEBIAN_PRIVATE_KEY }}