@@ -15,6 +15,7 @@ set -e

 # ... and so on and so forth for the builds created by hack/make/build-deb

 : ${DOCKER_RELEASE_DIR:=$DEST}

+: ${GPG_KEYID:=releasedocker}

 APTDIR=$DOCKER_RELEASE_DIR/apt/repo

 # setup the apt repo (if it does not exist)

@@ -63,7 +64,7 @@ for dir in contrib/builder/deb/*/; do

 	# dpkg-sign before reprepro

 	if [ ! -z "$GPG_PASSPHRASE" ]; then

 		dpkg-sig -g "--passphrase $GPG_PASSPHRASE" \

-			-k releasedocker --sign builder "${DEBFILE[@]}"

+			-k "$GPG_KEYID" --sign builder "${DEBFILE[@]}"

 	fi

 	reprepro -v $options \

@@ -16,6 +16,7 @@ set -e

 : ${DOCKER_RELEASE_DIR:=$DEST}

 YUMDIR=$DOCKER_RELEASE_DIR/yum/repo

+: ${GPG_KEYID:=releasedocker}

 # manage the repos for each distribution separately

 distros=( fedora centos oraclelinux )

@@ -53,15 +54,15 @@ for distro in "${distros[@]}"; do

 		# sign the rpms before adding to repo

 		if [ ! -z $GPG_PASSPHRASE ]; then

 			# export our key to rpm import

-			gpg --armor --export releasedocker > /tmp/gpg

+			gpg --armor --export "$GPG_KEYID" > /tmp/gpg

 			rpm --import /tmp/gpg

 			# sign the rpms

 			echo "yes" | setsid rpm \

-				--define '_gpg_name releasedocker' \

-				--define '_signature gpg' \

-				--define '__gpg_check_password_cmd /bin/true' \

-				--define '__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}' \

+				--define "_gpg_name $GPG_KEYID" \

+				--define "_signature gpg" \

+				--define "__gpg_check_password_cmd /bin/true" \

+				--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \

 				--resign "${RPMFILE[@]}"

 		fi

@@ -4,6 +4,7 @@

 # with a designated GPG key.

 : ${DOCKER_RELEASE_DIR:=$DEST}

+: ${GPG_KEYID:=releasedocker}

 APTDIR=$DOCKER_RELEASE_DIR/apt/repo

 YUMDIR=$DOCKER_RELEASE_DIR/yum/repo

@@ -21,12 +22,12 @@ sign_packages(){

 	# sign apt repo metadata

 	if [ -d $APTDIR ]; then

 		# create file with public key

-		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg"

+		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg"

 		# sign the repo metadata

 		for F in $(find $APTDIR -name Release); do

 			if test "$F" -nt "$F.gpg" ; then

-				gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

+				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \

 					--armor --sign --detach-sign \

 					--batch --yes \

 					--output "$F.gpg" "$F"

@@ -37,12 +38,12 @@ sign_packages(){

 	# sign yum repo metadata

 	if [ -d $YUMDIR ]; then

 		# create file with public key

-		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg"

+		gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg"

 		# sign the repo metadata

 		for F in $(find $YUMDIR -name repomd.xml); do

 			if test "$F" -nt "$F.asc" ; then

-				gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

+				gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \

 					--armor --sign --detach-sign \

 					--batch --yes \

 					--output "$F.asc" "$F"

@@ -22,8 +22,9 @@ To run, I need:

   environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');

 - to be provided with AWS credentials for this S3 bucket, in environment

   variables AWS_ACCESS_KEY and AWS_SECRET_KEY;

-- the passphrase to unlock the GPG key which will sign the deb packages

-  (passed as environment variable GPG_PASSPHRASE);

+- the passphrase to unlock the GPG key specified by the optional environment

+  variable GPG_KEYID (default: releasedocker) which will sign the deb

+  packages (passed as environment variable GPG_PASSPHRASE);

 - a generous amount of good will and nice manners.

 The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"

@@ -265,7 +266,7 @@ release_ubuntu() {

 	local debfiles=( "bundles/$VERSION/ubuntu/"*.deb )

 	# Sign our packages

-	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker --sign builder "${debfiles[@]}"

+	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k "$GPG_KEYID" --sign builder "${debfiles[@]}"

 	# Setup the APT repo

 	APTDIR=bundles/$VERSION/ubuntu/apt

@@ -282,14 +283,14 @@ EOF

 	# Sign

 	for F in $(find $APTDIR -name Release); do

-		gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

+		gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \

 			--armor --sign --detach-sign \

 			--output "$F.gpg" "$F"

 	done

 	# Upload keys

 	s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"

-	gpg --armor --export releasedocker > "bundles/$VERSION/ubuntu/gpg"

+	gpg --armor --export "$GPG_KEYID" > "bundles/$VERSION/ubuntu/gpg"

 	s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"

 	local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9

@@ -365,14 +366,14 @@ setup_gpg() {

 	# Make sure that we have our keys

 	mkdir -p "$HOME/.gnupg/"

 	s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true

-	gpg --list-keys releasedocker >/dev/null || {

+	gpg --list-keys "$GPG_KEYID" >/dev/null || {

 		gpg --gen-key --batch <<EOF

 Key-Type: RSA

 Key-Length: 4096

 Passphrase: $GPG_PASSPHRASE

 Name-Real: Docker Release Tool

 Name-Email: docker@docker.com

-Name-Comment: releasedocker

+Name-Comment: $GPG_KEYID

 Expire-Date: 0

 %commit

 EOF