diff options
author | Stephen Kitt <skitt@debian.org> | 2014-06-07 21:57:48 +0200 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2014-06-10 08:04:10 +1000 |
commit | d53e5eca97df46c79e8954f42cf344c7bd84a7b2 (patch) | |
tree | d0cb6ed7ac1b2732f65db81a918261f82aab868b | |
parent | 2dc07d953232d1e05e9d687397ceab2ca92f29fb (diff) |
Add gpg signing to release.sh
gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs. Any existing tarball signatures are removed
beforehand.
Signed-off-by: Stephen Kitt <skitt@debian.org>
Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-rwxr-xr-x | release.sh | 46 |
1 files changed, 44 insertions, 2 deletions
@@ -257,6 +257,27 @@ get_section() { return 0 } +# Function: sign_or_fail +#------------------------------------------------------------------------------ +# +# Sign the given file, if any +# Output the name of the signature generated to stdout (all other output to +# stderr) +# Return 0 on success, 1 on fail +# +sign_or_fail() { + if [ -n "$1" ]; then + sig=$1.sig + rm -f $sig + $GPG -b $1 1>&2 + if [ $? -ne 0 ]; then + echo "Error: failed to sign $1." >&2 + return 1 + fi + echo $sig + fi + return 0 +} #------------------------------------------------------------------------------ # Function: process_module @@ -380,6 +401,19 @@ process_module() { tag_name="$pkg_version" fi + gpgsignerr=0 + siggz="$(sign_or_fail ${targz})" + gpgsignerr=$((${gpgsignerr} + $?)) + sigbz2="$(sign_or_fail ${tarbz2})" + gpgsignerr=$((${gpgsignerr} + $?)) + sigxz="$(sign_or_fail ${tarxz})" + gpgsignerr=$((${gpgsignerr} + $?)) + if [ ${gpgsignerr} -ne 0 ]; then + echo "Error: unable to sign at least one of the tarballs." + cd $top_src + return 1 + fi + # Obtain the top commit SHA which should be the version bump # It should not have been tagged yet (the script will do it later) local_top_commit_sha=`git rev-list --max-count=1 HEAD` @@ -439,7 +473,7 @@ process_module() { else # Tag the top commit with the tar name if [ x"$DRY_RUN" = x ]; then - git tag -m $tag_name $tag_name + git tag -s -m $tag_name $tag_name if [ $? -ne 0 ]; then echo "Error: unable to tag module with \"$tag_name\"." cd $top_src @@ -554,7 +588,7 @@ process_module() { # Upload to host using the 'scp' remote file copy program if [ x"$DRY_RUN" = x ]; then echo "Info: uploading tarballs to web server:" - scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path + scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz $USER_NAME$hostname:$srv_path if [ $? -ne 0 ]; then echo "Error: the tarballs uploading failed." cd $top_src @@ -680,6 +714,14 @@ if [ "x$GREP" = "x" ] ; then fi fi +# Find path for GnuPG v2 +if [ "x$GPG" = "x" ] ; then + if [ -x /usr/bin/gpg2 ] ; then + GPG=/usr/bin/gpg2 + else + GPG=gpg + fi +fi # Set the default make tarball creation command MAKE_DIST_CMD=distcheck |