Allow build of firmware package without release engineering key

Prior to this change, it was not possible to build the release
packaging without the release engineering PGP key, which is nicely
paranoid but ignores the possibility that people other than the
release engineer might want to reuse our packaging.  Doh.

So we still use the release engineering key to sign the manifest in
the firmware tarball if the key is available, but if it's not we
produce an unsigned manifest.

1 files changed, 13 insertions, 6 deletions

diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 76000e6..55e77a7 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -27,12 +27,19 @@ for fn in args.firmware:
 
 with tempfile.NamedTemporaryFile() as f:
     os.fchmod(f.fileno(), 0644)
-    gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
-                           stdin = subprocess.PIPE, stdout = f)
-    json.dump(dict(head = head, time = time, commits = commits, sha256  = sha256), gpg.stdin, indent = 2)
-    gpg.stdin.close()
-    if gpg.wait():
-        raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
+    if use_gpg:
+        gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
+                               stdin = subprocess.PIPE, stdout = f)
+        jf = gnupg.stdin
+    else:
+        jf = f
+    json.dump(dict(head = head, time = time, commits = commits, sha256  = sha256), jf, indent = 2)
+    if use_gpg:
+        gpg.stdin.close()
+        if gpg.wait():
+            raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    f.seek(0)
     tar.add(f.name, "MANIFEST")
 
 tar.close()