diff --git a/.gitlab/ci/build-inside-vm.sh b/.gitlab/ci/build-inside-vm.sh index ca404bb..a6ce79e 100755 --- a/.gitlab/ci/build-inside-vm.sh +++ b/.gitlab/ci/build-inside-vm.sh @@ -8,6 +8,8 @@ readonly orig_pwd="${PWD}" readonly output="${orig_pwd}/output" tmpdir="" tmpdir="$(mktemp --dry-run --directory --tmpdir="${orig_pwd}/tmp")" +gnupg_homedir="" +pgp_key_id="" cleanup() { # clean up temporary directories @@ -57,11 +59,56 @@ create_metrics() { } > "${output}/${1}/job-metrics" } +create_temp_pgp_key() { + # create an ephemeral PGP key for signing the rootfs image + gnupg_homedir="$tmpdir/.gnupg" + mkdir -p "${gnupg_homedir}" + chmod 700 "${gnupg_homedir}" + + cat << __EOF__ > "${gnupg_homedir}"/gpg.conf +quiet +batch +no-tty +no-permission-warning +export-options no-export-attributes,export-clean +list-options no-show-keyring +armor +no-emit-version +__EOF__ + + gpg --homedir "${gnupg_homedir}" --gen-key <