AppImage CI: reenable signing

Adapted to the new (proposed) way of signing: <probonopd/go-appimage#318>. It is possible that it this is not final implementation in the go-appimage.
CESNET · Jan 13, 2025 · 9a6f079 · 9a6f079
1 parent 6ebeec3
commit 9a6f079
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/data/scripts/Linux-AppImage/create-appimage.sh b/data/scripts/Linux-AppImage/create-appimage.sh
@@ -4,6 +4,13 @@
 ##
 ## @param $1          (optional) zsync URL - location used for AppImage updater
 ## @env $appimage_key (optional) signing key
+## (new method, see https://github.com/probonopd/go-appimage/issues/318)
+## \n
+## Contains base64-encoded .tar.gz of pubkey.asc+privkey.asc.enc files
+## containing exported GPG public and private (encrypted) key.
+## \n
+## Private key is encrypted by OpenSSL (see appimagetool.go source):
+## `openssl aes-256-cbc -pass pass:dummy -in privkey.asc -out privkey.asc.enc -a -md sha256`
 ## @returns           name of created AppImage
 
 APPDIR=UltraGrid.AppDir
@@ -158,7 +165,8 @@ fi
 
 GIT_ROOT=$(git rev-parse --show-toplevel || true)
 if [ -n "${appimage_key-}" ] && [ -n "${GIT_ROOT-}" ]; then
-        echo "$appimage_key" >> "$GIT_ROOT/pubkey.asc"
+        echo "$appimage_key" | base64 -d | tar -C "$GIT_ROOT" -xzaf -
+        export super_secret_password=dummy
 fi
 
 mkappimage=$(command -v ./mkappimage || command -v mkappimage-x86_64.AppImage || command -v mkappimage || true)