From 79f339d852520e476e11260feec493055a8298a7 Mon Sep 17 00:00:00 2001
From: Jennifer Green <jkgreen@sandia.gov>
Date: Wed, 4 Sep 2024 06:46:46 -0600
Subject: [PATCH] Update build_deb_package.yml

gpg sign workarounds for pinentry mode
---
 .github/workflows/build_deb_package.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_deb_package.yml b/.github/workflows/build_deb_package.yml
index f57d43d..78e2ea8 100644
--- a/.github/workflows/build_deb_package.yml
+++ b/.github/workflows/build_deb_package.yml
@@ -106,6 +106,7 @@ jobs:
       run: |
         command -v apt-ftparchive || sudo apt install apt-utils
         sudo apt-get install --reinstall ca-certificates
+        sudo apt-get install --reinstall dpkg-sig
         
     - name: Create APT repo
       if: success()
@@ -149,6 +150,8 @@ jobs:
       run: |
         mkdir -p ~/.gnupg
         chmod 0700 ~/.gnupg
+        echo "${GPG_PASSWORD}" > ~/.gnupg/gpg_pwd.txt
+        chmod 0600 ~/.gnupg/gpg_pwd.txt
         echo "${GPG_PUBLIC_KEY}" > ~/.gnupg/public.key
         echo "${GPG_PRIVATE_KEY}" > ~/.gnupg/private.key
         chmod 0700 ~/.gnupg
@@ -161,8 +164,20 @@ jobs:
         echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${GPG_KEY} trust | tee -a $GITHUB_STEP_SUMMARY
         echo ":white_check_mark: ### GPG key edit adduid and trust complete" >> $GITHUB_STEP_SUMMARY  
         gpg --list-keys ${GPG_USERNAME} | tee -a $GITHUB_STEP_SUMMARY
-        cat ovis-ldms/apt-repo/dists/stable/Release | gpg --default-key ${GPG_USERNAME} -abs > ovis-ldms/apt-repo/dists/stable/Release.gpg
-        cat ovis-ldms/apt-repo/dists/stable/Release | gpg --default-key ${GPG_USERNAME} -abs --clearsign > ovis-ldms/apt-repo/dists/stable/InRelease
+        cd /ovis-ldms-debian-package
+        cat << EOF >~/.gnupg/gpg-passwd.txt
+        ${GPG_PASSWORD}
+        EOF
+        cat << EOF >~/.gnupg/gpg.conf
+        use-agent
+        pinentry-mode loopback
+        EOF
+        cat << EOF >~/.gnupg/gpg-agent.conf
+        allow-loopback-pinentry
+        EOF
+        echo RELOADAGENT | gpg-connect-agent
+        export GPG_TTY=$(tty)
+        dpkg-sig -k ${GPG_KEY} --gpg-options '--passphrase-file ~/.gnupg/gpg-passwd.txt' --sign builder ovis-ldms_4.4.3-1_arm64.deb 
         echo ":white_check_mark: ### Apt-repo signed" >> $GITHUB_STEP_SUMMARY  
     
     - name: Build Test Server