mirror of
https://github.com/goreleaser/nfpm.git
synced 2026-06-19 08:05:04 +00:00
fix: allow using an env var in the signature.key_file field (#282)
This commit is contained in:
Dj Gilcrease
@@ -64,34 +64,47 @@ func Parse(in io.Reader) (config Config, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
config.Info.Release = os.ExpandEnv(config.Info.Release)
|
||||
config.Info.Version = os.ExpandEnv(config.Info.Version)
|
||||
|
||||
generalPassphrase := os.ExpandEnv("$NFPM_PASSPHRASE")
|
||||
config.Deb.Signature.KeyPassphrase = generalPassphrase
|
||||
config.RPM.Signature.KeyPassphrase = generalPassphrase
|
||||
config.APK.Signature.KeyPassphrase = generalPassphrase
|
||||
|
||||
debPassphrase := os.ExpandEnv("$NFPM_DEB_PASSPHRASE")
|
||||
if debPassphrase != "" {
|
||||
config.Deb.Signature.KeyPassphrase = debPassphrase
|
||||
}
|
||||
|
||||
rpmPassphrase := os.ExpandEnv("$NFPM_RPM_PASSPHRASE")
|
||||
if rpmPassphrase != "" {
|
||||
config.RPM.Signature.KeyPassphrase = rpmPassphrase
|
||||
}
|
||||
|
||||
apkPassphrase := os.ExpandEnv("$NFPM_APK_PASSPHRASE")
|
||||
if apkPassphrase != "" {
|
||||
config.APK.Signature.KeyPassphrase = apkPassphrase
|
||||
}
|
||||
config.expandEnvVars()
|
||||
|
||||
WithDefaults(&config.Info)
|
||||
|
||||
return config, config.Validate()
|
||||
}
|
||||
|
||||
func (c *Config) expandEnvVars() {
|
||||
// Version related fields
|
||||
c.Info.Release = os.ExpandEnv(c.Info.Release)
|
||||
c.Info.Version = os.ExpandEnv(c.Info.Version)
|
||||
c.Info.Prerelease = os.ExpandEnv(c.Info.Prerelease)
|
||||
|
||||
// Package signing related fields
|
||||
c.Info.Deb.Signature.KeyFile = os.ExpandEnv(c.Deb.Signature.KeyFile)
|
||||
c.Info.RPM.Signature.KeyFile = os.ExpandEnv(c.RPM.Signature.KeyFile)
|
||||
c.Info.APK.Signature.KeyFile = os.ExpandEnv(c.APK.Signature.KeyFile)
|
||||
|
||||
// Package signing passphrase
|
||||
generalPassphrase := os.ExpandEnv("$NFPM_PASSPHRASE")
|
||||
c.Info.Deb.Signature.KeyPassphrase = generalPassphrase
|
||||
c.Info.RPM.Signature.KeyPassphrase = generalPassphrase
|
||||
c.Info.APK.Signature.KeyPassphrase = generalPassphrase
|
||||
|
||||
|
||||
debPassphrase := os.ExpandEnv("$NFPM_DEB_PASSPHRASE")
|
||||
if debPassphrase != "" {
|
||||
c.Info.Deb.Signature.KeyPassphrase = debPassphrase
|
||||
}
|
||||
|
||||
rpmPassphrase := os.ExpandEnv("$NFPM_RPM_PASSPHRASE")
|
||||
if rpmPassphrase != "" {
|
||||
c.Info.RPM.Signature.KeyPassphrase = rpmPassphrase
|
||||
}
|
||||
|
||||
apkPassphrase := os.ExpandEnv("$NFPM_APK_PASSPHRASE")
|
||||
if apkPassphrase != "" {
|
||||
c.Info.APK.Signature.KeyPassphrase = apkPassphrase
|
||||
}
|
||||
}
|
||||
|
||||
// ParseFile decodes YAML data from a file path into a configuration struct.
|
||||
func ParseFile(path string) (config Config, err error) {
|
||||
var file *os.File
|
||||
@@ -224,20 +237,22 @@ type RPM struct {
|
||||
Signature RPMSignature `yaml:"signature,omitempty"`
|
||||
}
|
||||
|
||||
type RPMSignature struct {
|
||||
type PackageSignature struct {
|
||||
// PGP secret key, can be ASCII-armored
|
||||
KeyFile string `yaml:"key_file,omitempty"`
|
||||
KeyPassphrase string `yaml:"-"` // populated from environment variable
|
||||
}
|
||||
|
||||
type RPMSignature struct {
|
||||
PackageSignature `yaml:",inline"`
|
||||
}
|
||||
|
||||
type APK struct {
|
||||
Signature APKSignature `yaml:"signature,omitempty"`
|
||||
}
|
||||
|
||||
type APKSignature struct {
|
||||
// RSA private key in PEM format
|
||||
KeyFile string `yaml:"key_file,omitempty"`
|
||||
KeyPassphrase string `yaml:"-"` // populated from environment variable
|
||||
PackageSignature `yaml:",inline"`
|
||||
// defaults to <maintainer email>.rsa.pub
|
||||
KeyName string `yaml:"key_name,omitempty"`
|
||||
}
|
||||
@@ -251,9 +266,7 @@ type Deb struct {
|
||||
}
|
||||
|
||||
type DebSignature struct {
|
||||
// PGP secret key, can be ASCII-armored
|
||||
KeyFile string `yaml:"key_file,omitempty"`
|
||||
KeyPassphrase string `yaml:"-"` // populated from environment variable
|
||||
PackageSignature `yaml:",inline"`
|
||||
// origin, maint or archive (defaults to origin)
|
||||
Type string `yaml:"type,omitempty"`
|
||||
}
|
||||
|
||||
+9
-1
@@ -153,9 +153,17 @@ func TestParseFile(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
_, err = nfpm.ParseFile("./testdata/doesnotexist.yaml")
|
||||
require.Error(t, err)
|
||||
config, err := nfpm.ParseFile("./testdata/versionenv.yaml")
|
||||
os.Setenv("RPM_KEY_FILE", "my/rpm/key/file")
|
||||
os.Setenv("TEST_RELEASE_ENV_VAR", "1234")
|
||||
os.Setenv("TEST_PRERELEASE_ENV_VAR", "beta1")
|
||||
config, err := nfpm.ParseFile("./testdata/env-fields.yaml")
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, fmt.Sprintf("v%s", os.Getenv("GOROOT")), config.Version)
|
||||
require.Equal(t, "1234", config.Release)
|
||||
require.Equal(t, "beta1", config.Prerelease)
|
||||
require.Equal(t, "my/rpm/key/file", config.RPM.Signature.KeyFile)
|
||||
require.Equal(t, "hard/coded/file", config.Deb.Signature.KeyFile)
|
||||
require.Equal(t, "", config.APK.Signature.KeyFile)
|
||||
}
|
||||
|
||||
func TestParseEnhancedFile(t *testing.T) {
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
name: "foo"
|
||||
arch: "amd64"
|
||||
version: "v$GOROOT"
|
||||
release: ${TEST_RELEASE_ENV_VAR}
|
||||
prerelease: ${TEST_PRERELEASE_ENV_VAR}
|
||||
contents:
|
||||
- src: ./testdata/whatever.conf
|
||||
dst: /etc/foo/regular.conf
|
||||
@@ -14,6 +16,15 @@ contents:
|
||||
dst: /rpm/path
|
||||
type: config
|
||||
packager: rpm
|
||||
rpm:
|
||||
signature:
|
||||
key_file: ${RPM_KEY_FILE}
|
||||
deb:
|
||||
signature:
|
||||
key_file: hard/coded/file
|
||||
apk:
|
||||
signature:
|
||||
key_file: ${NO_ENV_VAR_SET_SO_SHOULD_BE_EMPTY}
|
||||
overrides:
|
||||
deb:
|
||||
depends:
|
||||
@@ -16,6 +16,7 @@ arch: amd64
|
||||
platform: linux
|
||||
|
||||
# Version. (required)
|
||||
# This will expand any env var you set in the field, eg version: v${SEMVER}
|
||||
version: v1.2.3
|
||||
|
||||
# Version Epoch.
|
||||
@@ -32,6 +33,7 @@ prerelease: beta1
|
||||
version_metadata: git
|
||||
|
||||
# Version Release.
|
||||
# This will expand any env var you set in the field, eg release: ${VERSION_RELEASE}
|
||||
release: 1
|
||||
|
||||
# Section.
|
||||
@@ -197,6 +199,7 @@ rpm:
|
||||
# PGP secret key (can also be ASCII-armored), the passphrase is taken
|
||||
# from the environment variable $NFPM_RPM_PASSPHRASE with a fallback
|
||||
# to #NFPM_PASSPHRASE.
|
||||
# This will expand any env var you set in the field, eg key_file: ${SIGNING_KEY_FILE}
|
||||
key_file: key.gpg
|
||||
|
||||
# Custom configuration applied only to the Deb packager.
|
||||
@@ -230,6 +233,7 @@ deb:
|
||||
# PGP secret key (can also be ASCII-armored). The passphrase is taken
|
||||
# from the environment variable $NFPM_DEB_PASSPHRASE with a fallback
|
||||
# to #NFPM_PASSPHRASE.
|
||||
# This will expand any env var you set in the field, eg key_file: ${SIGNING_KEY_FILE}
|
||||
key_file: key.gpg
|
||||
# The type describes the signers role, possible values are "origin",
|
||||
# "maint" and "archive". If unset, the type defaults to "origin".
|
||||
@@ -241,6 +245,7 @@ apk:
|
||||
# RSA private key in the PEM format. The passphrase is taken from
|
||||
# the environment variable $NFPM_APK_PASSPHRASE with a fallback
|
||||
# to #NFPM_PASSPHRASE.
|
||||
# This will expand any env var you set in the field, eg key_file: ${SIGNING_KEY_FILE}
|
||||
key_file: key.gpg
|
||||
# The name of the signing key. When verifying a package, the signature
|
||||
# is matched to the public key store in /etc/apk/keys/<key_name>.rsa.pub.
|
||||
|
||||
Reference in New Issue
Block a user