Verified Commit e5fd59df authored by nl6720's avatar nl6720
Browse files

signature.py: enforce sane gpg options

* Add --batch since gpg is not run manually.
* Add --no-armor to ensure that a .sig file is created instead of .asc in case gpg.conf sets the armor option.
* Add --no-include-key-block to skip including the public key in the signature and force the user who verifies the signature to acquire the public key from elsewhere.

Fixes #15.
parent 3f7ae787
......@@ -46,6 +46,9 @@ def sign_file(path: Path, developer: str, gpgkey: str) -> int:
return run(
[
"gpg",
"--batch",
"--no-armor",
"--no-include-key-block",
"--sender",
developer,
"--default-key",
......
......@@ -29,6 +29,9 @@ def test_sign_file(run_mock: Mock) -> None:
call(
[
"gpg",
"--batch",
"--no-armor",
"--no-include-key-block",
"--sender",
developer,
"--default-key",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment