Use Azure Pipelines secure files to import private keys

.ci/scripts/linux-flatpak/azure-ci-flatpak.env

@@ -1,6 +1,4 @@
 # Flatpak specific environment variables
-FLATPAK_ENC_IV
-FLATPAK_ENC_K
 FLATPAK_GPG_PUBLIC_KEY
 FLATPAK_SSH_HOSTNAME
 FLATPAK_SSH_PORT

.ci/scripts/linux-flatpak/azure-ci.env

@@ -9,6 +9,10 @@ AZURE_JOB_ID
 AZURE_REPO_SLUG
 AZURE_TAG
 
+# Path to private keys
+SSH_KEY
+GPG_KEY
+
 # yuzu specific flags
 ENABLE_COMPATIBILITY_REPORTING
 USE_DISCORD_PRESENCE

.ci/scripts/linux-flatpak/docker.sh

@@ -6,7 +6,6 @@ YUZU_SRC_DIR="/yuzu"
 BUILD_DIR="$YUZU_SRC_DIR/build"
 REPO_DIR="$YUZU_SRC_DIR/repo"
 STATE_DIR="$YUZU_SRC_DIR/.flatpak-builder"
-KEYS_ARCHIVE="/tmp/keys.tar"
 SSH_DIR="/upload"
 SSH_KEY="/tmp/ssh.key"
 GPG_KEY="/tmp/gpg.key"
@@ -14,21 +13,14 @@ GPG_KEY="/tmp/gpg.key"
 # Generate flatpak Manifest and AppData files (/tmp/appdata.xml and /tmp/org.yuzu.$REPO_NAME.json)
 /bin/bash -ex $YUZU_SRC_DIR/.ci/scripts/linux-flatpak/generate-data.sh $1
 
-# Extract keys
-#openssl aes-256-cbc -K $FLATPAK_ENC_K -iv $FLATPAK_ENC_IV -in "$YUZU_SRC_DIR/keys.tar.enc" -out "$KEYS_ARCHIVE" -d
-#tar -C /tmp -xvf $KEYS_ARCHIVE
-
 # Configure SSH keys
-#eval "$(ssh-agent -s)"
-#chmod 700 "$HOME/.ssh"
-#chmod -R 600 $HOME/.ssh/*
-#chown -R yuzu "$HOME/.ssh"
-#chmod 600 "$SSH_KEY"
-#ssh-add "$SSH_KEY"
-#echo "[$FLATPAK_SSH_HOSTNAME]:$FLATPAK_SSH_PORT,[$(dig +short $FLATPAK_SSH_HOSTNAME)]:$FLATPAK_SSH_PORT $FLATPAK_SSH_PUBLIC_KEY" > ~/.ssh/known_hosts
+eval "$(ssh-agent -s)"
+chmod 700 "$HOME/.ssh"
+ssh-add "$SSH_KEY"
+echo "[$FLATPAK_SSH_HOSTNAME]:$FLATPAK_SSH_PORT,[$(dig +short $FLATPAK_SSH_HOSTNAME)]:$FLATPAK_SSH_PORT $FLATPAK_SSH_PUBLIC_KEY" > $HOME/.ssh/known_hosts
 
 # Configure GPG keys
-#gpg2 --import "$GPG_KEY"
+gpg2 --import "$GPG_KEY"
 
 # Set permissions
 chown -R yuzu "$YUZU_SRC_DIR"
@@ -52,7 +44,5 @@ ln -sv --force $HOME/ccache "$STATE_DIR/ccache"
 chmod -R 700 "$STATE_DIR/ccache"
 
 # Build the yuzu flatpak
-#flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
-#flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY"
-flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
-flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas
+flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
+flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY"

.ci/scripts/linux-flatpak/exec.sh

@@ -1,14 +1,14 @@
 #!/bin/bash -ex
 mkdir -p "ccache"
-
+mkdir -p "$HOME/.ssh"
 
 chmod a+x ./.ci/scripts/linux-flatpak/docker.sh
 
 # the UID for the container yuzu user is 1027
-#sudo chown -R 1027 "$HOME/.ssh"
 sudo chown -R 1027 "ccache"
 sudo chown -R 1027 $(pwd)
-docker run --env-file .ci/scripts/linux-flatpak/azure-ci.env --env-file .ci/scripts/linux-flatpak/azure-ci-flatpak.env -v $(pwd):/yuzu -v "$(pwd)/ccache":/home/yuzu/ccache -v "$HOME/.ssh":/home/yuzu/.ssh --privileged meirod/build-environments:linux-flatpak /bin/bash -ex /yuzu/.ci/scripts/linux-flatpak/docker.sh $1
-#sudo chown -R $UID "$HOME/.ssh"
+sudo chown -R 1027 "$HOME/.ssh"
+docker run --env-file .ci/scripts/linux-flatpak/azure-ci.env --env-file .ci/scripts/linux-flatpak/azure-ci-flatpak.env -v $(pwd):/yuzu -v "$(pwd)/ccache":/home/yuzu/ccache -v "$HOME/.ssh":/home/yuzu/.ssh -v "$SSH_KEY":/tmp/ssh.key -v "$GPG_KEY":/tmp/gpg.key --privileged meirod/build-environments:linux-flatpak /bin/bash -ex /yuzu/.ci/scripts/linux-flatpak/docker.sh $1
+sudo chown -R $UID "$HOME/.ssh"
 sudo chown -R $UID "ccache"
 sudo chown -R $UID $(pwd)