update gentoo-releng gpg key

Simplify gpg checking by caching a keyring instead of keys to import. Change-Id: I5ed74ec0e12732aec40ef31377e72d7ddc347f95 Signed-off-by: Matthew Thode <mthode@mthode.org>
2020-07-12 21:11:49 +00:00 · 2020-07-12 21:11:49 +00:00 · e384da1a98
commit e384da1a98
parent 8b08d212c3
2 changed files with 1 additions and 4 deletions
--- a/diskimage_builder/elements/gentoo/extra-data.d/gentoo-releng.gpg
+++ b/diskimage_builder/elements/gentoo/extra-data.d/gentoo-releng.gpg
--- a/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
+++ b/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
@ -86,15 +86,12 @@ else
    # https://wiki.gentoo.org/wiki/Project:RelEng#Keys
    # https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
    # http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
-    GPGDIR=$(mktemp -d -t)
-    gpg --no-default-keyring --keyring "${GPGDIR}"/gentookeys.gpg --import "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg
    # check the sig file
-    gpgv --keyring "${GPGDIR}"/gentookeys.gpg "${CACHED_SIGNATURE_FILE}"
+    gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"
    if [[ "${?}" != 0 ]]; then
        echo 'invalid signature file'
        exit 1
    fi
-    rm -rf "${GPGDIR}"
    echo 'valid key used'
    CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e "${BASE_IMAGE_FILE_SUFFIX}$" | cut -d\  -f 1)
    ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\  -f 1)