Implement debian origin signing (#242)

utils/dist_build.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 : ${ORGDIR:="/src/github.com/TykTechnologies"}
-: ${SIGNKEY:="1181A14D7CA3EE36DA45FEEC0C798DFA8CE71CF5"}
+: ${SIGNKEY:="9ADE11DA6DD70355E7C1C270543ABE02AC6AC40A"}
 : ${BUILDPKGS:="1"}
 TYK_PUMP_SRC_DIR=$ORGDIR/tyk-pump
 BUILDTOOLSDIR=$TYK_PUMP_SRC_DIR/build_tools
@@ -9,8 +9,18 @@ echo "Set version number"
 : ${VERSION:=$(perl -n -e'/v(\d+).(\d+).(\d+)/'' && print "$1\.$2\.$3"' version.go)}
 
 if [ $BUILDPKGS == "1" ]; then
+    echo Configuring gpg-agent-config to accept a passphrase
+    mkdir ~/.gnupg && chmod 700 ~/.gnupg
+    cat >> ~/.gnupg/gpg-agent.conf <<EOF
+allow-preset-passphrase
+debug-level expert
+log-file /tmp/gpg-agent.log
+EOF
+    gpg-connect-agent reloadagent /bye
+
     echo "Importing signing key"
-    gpg --list-keys | grep -w $SIGNKEY && echo "Key exists" || gpg --batch --import $BUILDTOOLSDIR/tyk.io.rpm.signing.key
+    gpg --list-keys | grep -w $SIGNKEY && echo "Key exists" || gpg --batch --import $BUILDTOOLSDIR/tyk.io.signing.key
+    bash $BUILDTOOLSDIR/unlock-agent.sh $SIGNKEY
 fi
 
 DESCRIPTION="Tyk Pump to move analytics data from Redis to any supported back end"
@@ -74,9 +84,17 @@ do
         echo "Building $arch packages"
         fpm "${FPMCOMMON[@]}" -a $arch -t deb --deb-user tyk --deb-group tyk ./=/opt/tyk-pump
         fpm "${FPMCOMMON[@]}" "${FPMRPM[@]}" -a $arch -t rpm --rpm-user tyk --rpm-group tyk  ./=/opt/tyk-pump
+    fi
 
-        rpmName="tyk-pump-$VERSION-1.${arch/amd64/x86_64}.rpm"
+    if [ $SIGNPKGS == "1" ]; then
         echo "Signing $arch RPM"
-        $BUILDTOOLSDIR/rpm-sign.sh $rpmName
+        rpm --define "%_gpg_name Team Tyk (package signing) <team@tyk.io>" \
+            --define "%__gpg /usr/bin/gpg" \
+            --addsign *.rpm || (cat /tmp/gpg-agent.log; exit 1)
+        echo "Signing $arch DEB"
+        for i in *.deb
+        do
+            dpkg-sig --sign builder -k $SIGNKEY $i || (cat /tmp/gpg-agent.log; exit 1)
+        done
     fi
 done