commit 0ab987b152cc384cf61e5e38c8c4e7ad76a2ddcf
author June Tate-Gans <jtgans@google.com> Thu May 28 12:23:27 2020 -0400
committer June Tate-Gans <jtgans@google.com> Thu May 28 12:23:27 2020 -0400
tree 3936214528d0a12d25a5c1c953929bed35b5bce4
parent c13dd1b38f87faafb5d0834a054d082f403112c1

Copy keyring to gnupg working dir since gnupg wants to write to this dir

Change-Id: I75105c01fa24fae37f4fe346e49c73fea39a02ce

cicd/pipelines/tasks/task_publish_unstable.jenkins

diff --git a/cicd/pipelines/tasks/task_publish_unstable.jenkins b/cicd/pipelines/tasks/task_publish_unstable.jenkins
index 6caebf3..fbbfbe9 100644
--- a/cicd/pipelines/tasks/task_publish_unstable.jenkins
+++ b/cicd/pipelines/tasks/task_publish_unstable.jenkins
@@ -29,7 +29,7 @@
                                         privileged: true,
                                         alwaysPullImage: true)
 def aptlyVolume = persistentVolumeClaim(claimName: 'aptly-state', mountPath: '/var/lib/aptly')
-def gpgVolume = secretVolume(secretName: 'mendel-release-credentials', mountPath: '/var/lib/aptly/.gnupg')
+def gpgVolume = secretVolume(secretName: 'mendel-release-credentials', mountPath: '/var/lib/aptly/keyring', readOnly: false)
 
 podTemplate(label: buildLabel, containers: [jnlpContainer, debianContainer], volumes: [aptlyVolume, gpgVolume], envVars: []) {
     node(buildLabel) {
@@ -40,17 +40,20 @@
                     def debianMirrorSnapshotName = getLatestSnapshot('debian-buster')
                     def coreSnapshotName = getLatestSnapshot('core-unstable')
                     def bspSnapshotName  = getLatestSnapshot('enterprise-bsp-unstable')
-                    def keygripId = getFileContents('/var/lib/aptly/.gnupg/keygrip.txt')
+                    def keygripId = getFileContents('/var/lib/aptly/keyring/keygrip.txt')
 
                     def date = new Date()
                     String stamp = date.format("yyyyMMdd-HHmmss")
 
                     sh """
-                       cat /etc/aptly.conf
+                       mkdir -p /var/lib/aptly/.gnupg
+                       chmod 700 /var/lib/aptly/.gnupg
+                       cp /var/lib/aptly/keyring/release-keyring.gpg /var/lib/aptly/.gnupg/secring.gpg
+
                        mkdir -p /var/lib/aptly/publishes/unstable
                        aptly snapshot merge core-full-unstable-${stamp} ${debianMirrorSnapshotName} ${coreSnapshotName}
-                       aptly publish snapshot --config=/etc/aptly.conf --passphrase-file=/var/lib/aptly/.gnupg/passphrase.txt --secret-keyring=release-keyring.gpg --distribution=unstable core-full-unstable-${stamp} filesystem:unstable:unstable
-                       aptly publish snapshot --config=/etc/aptly.conf --passphrase-file=/var/lib/aptly/.gnupg/passphrase.txt --secret-keyring=release-keyring.gpg --distribution=unstable ${bspSnapshotName} filesystem:unstable:unstable
+                       aptly publish snapshot --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable core-full-unstable-${stamp} filesystem:unstable:unstable
+                       aptly publish snapshot --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable ${bspSnapshotName} filesystem:unstable:unstable
                        """
                 }
             }