diff options
| author |  Yun Peng <pcloudy@google.com> | 2016-11-15 13:33:47 +0000 |
|---|---|---|
| committer |  Damien Martin-Guillerez <dmarting@google.com> | 2016-11-15 15:59:25 +0000 |
| commit | 2d1d492db1f3c354a34850a85a3f51366dba92b7 (patch) | |
| tree | 6ee4ef65cc80a3a608c78ce178ebc19e8d387635 | |
| parent | ca9bfa433a549a0828d0c711786217983c82f455 (diff) | |
Use SHA256 as digest algorithm when signing bazel debian packages
Fixed https://github.com/bazelbuild/bazel/issues/1611
--
MOS_MIGRATED_REVID=139190088
| -rwxr-xr-x | scripts/ci/build.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/ci/build.sh b/scripts/ci/build.sh index 7d252b103f..b19802ee24 100755 --- a/scripts/ci/build.sh +++ b/scripts/ci/build.sh @@ -310,6 +310,12 @@ function release_to_gcs() { function ensure_gpg_secret_key_imported() { (gpg --list-secret-keys | grep "${APT_GPG_KEY_ID}" > /dev/null) || \ gpg --allow-secret-key-import --import "${APT_GPG_KEY_PATH}" + # Make sure we use stronger digest algorithm。 + # We use reprepro to generate the debian repository, + # but there's no way to pass flags to gpg using reprepro, so writting it into + # ~/.gnupg/gpg.conf + (grep "digest-algo sha256" ~/.gnupg/gpg.conf > /dev/null) || \ + echo "digest-algo sha256" >> ~/.gnupg/gpg.conf } function create_apt_repository() { |