feat: sign using multiple keys

Author: calmh

internal/publish/publish.go

@@ -6,12 +6,18 @@ import (
 )
 
 type CLI struct {
-	Dists        string `arg:"" required:"" help:"Path to dists directory" type:"existingdir" env:"EZAPT_DISTS"`
-	Keyring      string `required:"" help:"Path to GPG keyring" type:"existingfile" env:"EZAPT_KEYRING"`
-	KeepVersions int    `help:"Number of versions to keep" default:"2" env:"EZAPT_KEEP_VERSIONS"`
+	Dists        string   `arg:"" required:"" help:"Path to dists directory" type:"existingdir" env:"EZAPT_DISTS"`
+	KeepVersions int      `help:"Number of versions to keep" default:"2" env:"EZAPT_KEEP_VERSIONS"`
+	Keyring      string   `required:"" help:"Path to GPG keyring" type:"existingfile" env:"EZAPT_KEYRING"`
+	SignUser     []string `help:"GPG user to sign with" env:"EZAPT_SIGN_USER" default:"37C84554E7E0A261E4F76E1ED26E6ED000654A3E,FBA2E162F2F44657B38F0309E5665F9BD5970C47"`
 }
 
 func (c *CLI) Run() error {
+	keyring, err := filepath.Abs(c.Keyring)
+	if err != nil {
+		return fmt.Errorf("publish: %w", err)
+	}
+
 	pkgs, err := scanPackages(c.Dists)
 	if err != nil {
 		return fmt.Errorf("publish: %w", err)
@@ -31,7 +37,7 @@ func (c *CLI) Run() error {
 		if err := writeRelease(dist); err != nil {
 			return fmt.Errorf("publish: %w", err)
 		}
-		if err := signRelease(dist); err != nil {
+		if err := signRelease(dist, keyring, c.SignUser); err != nil {
 			return fmt.Errorf("publish: %w", err)
 		}
 	}

internal/publish/release.go

@@ -145,28 +145,37 @@ func writeRelease(dist string) error {
 	return nil
 }
 
-func signRelease(dist string) error {
-	if bs, err := exec.Command("gpg",
+func signRelease(dist, keyring string, users []string) error {
+	opts := []string{
 		"-o", filepath.Join(dist, "InRelease"),
 		"--yes",
 		"--no-default-keyring",
-		"--keyring", "/Users/jb/src/kastelo/ezapt/ring.gpg",
-		"--clear-sign", filepath.Join(dist, "Release"),
-	).CombinedOutput(); err != nil {
+		"--keyring", keyring,
+	}
+	for _, user := range users {
+		opts = append(opts, "-u", user)
+	}
+	opts = append(opts, "--clear-sign", filepath.Join(dist, "Release"))
+	if bs, err := exec.Command("gpg", opts...).CombinedOutput(); err != nil {
 		return fmt.Errorf("Failed to sign release: %s", bs)
 	}
 	if err := compress(filepath.Join(dist, "InRelease")); err != nil {
 		return err
 	}
 
-	if bs, err := exec.Command("gpg",
+	opts = []string{
 		"-o", filepath.Join(dist, "Release.gpg"),
 		"-a",
 		"--yes",
 		"--no-default-keyring",
-		"--keyring", "/Users/jb/src/kastelo/ezapt/ring.gpg",
-		"--detach-sign", filepath.Join(dist, "Release"),
-	).CombinedOutput(); err != nil {
+		"--keyring", keyring,
+	}
+	for _, user := range users {
+		opts = append(opts, "-u", user)
+	}
+	opts = append(opts, "--detach-sign", filepath.Join(dist, "Release"))
+
+	if bs, err := exec.Command("gpg", opts...).CombinedOutput(); err != nil {
 		return fmt.Errorf("Failed to sign release: %s", bs)
 	}
 	if err := compress(filepath.Join(dist, "Release.gpg")); err != nil {