Use SHA256 as digest algorithm when signing bazel debian packages Fixed https://github.com/bazelbuild/bazel/issues/1611 -- MOS_MIGRATED_REVID=139190088

commit: 2d1d492db1f3c354a34850a85a3f51366dba92b7 [log] [tgz]
author: Yun Peng <pcloudy@google.com> Tue Nov 15 13:33:47 2016 +0000
committer: Damien Martin-Guillerez <dmarting@google.com> Tue Nov 15 15:59:25 2016 +0000
tree: 6ee4ef65cc80a3a608c78ce178ebc19e8d387635
parent: ca9bfa433a549a0828d0c711786217983c82f455 [diff] [blame]
diff --git a/scripts/ci/build.sh b/scripts/ci/build.sh
index 7d252b1..b19802e 100755
--- a/scripts/ci/build.sh
+++ b/scripts/ci/build.sh

@@ -310,6 +310,12 @@
 function ensure_gpg_secret_key_imported() {
   (gpg --list-secret-keys | grep "${APT_GPG_KEY_ID}" > /dev/null) || \
   gpg --allow-secret-key-import --import "${APT_GPG_KEY_PATH}"
+  # Make sure we use stronger digest algorithm。
+  # We use reprepro to generate the debian repository,
+  # but there's no way to pass flags to gpg using reprepro, so writting it into
+  # ~/.gnupg/gpg.conf
+  (grep "digest-algo sha256" ~/.gnupg/gpg.conf > /dev/null) || \
+  echo "digest-algo sha256" >> ~/.gnupg/gpg.conf
 }
 
 function create_apt_repository() {
commit	2d1d492db1f3c354a34850a85a3f51366dba92b7	[log] [tgz]
author	Yun Peng <pcloudy@google.com>	Tue Nov 15 13:33:47 2016 +0000
committer	Damien Martin-Guillerez <dmarting@google.com>	Tue Nov 15 15:59:25 2016 +0000
tree	6ee4ef65cc80a3a608c78ce178ebc19e8d387635
parent	ca9bfa433a549a0828d0c711786217983c82f455 [diff] [blame]