gasket-driver/ci/sign.sh

#!/bin/sh

if [ $(id -u) -eq 0 ]; then
    exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
        sh -ex ci/sign.sh
fi

install -m u=rwx,go= -d "${GNUPGHOME}"
cat > "${GNUPGHOME}"/gpg-agent.conf <<EOF
allow-loopback-pinentry
EOF

gpg2 --pinentry-mode loopback --passphrase-fd 0 \
    --import "${RPM_GPG_PRIVATE_KEY}" \
    < "${RPM_GPG_KEY_PASSPHRASE}"

rpmsign --addsign \
    -D '_gpg_name jenkins@pyrocufflink.net' \
    -D '_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-fd 3' \
    *.rpm \
    3< "${RPM_GPG_KEY_PASSPHRASE}"