summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2020-06-04 11:18:42 +0200
committerThomas Haller <thaller@redhat.com>2020-06-04 11:33:00 +0200
commitbbb95c979e4b636c840628346f273931302480ab (patch)
treed5c2aa6be39b3bf0b25c86571ebc5721688f956e /contrib
parent0ac05a3faaea8c719c461f490092629a5121350d (diff)
build: optionally sign source tarball in build.sh script
This defaults to $DO_RELEASE. In that case, the script will also GPG sign the source tarball. The purpose is that when we do a release we want to ensure that the published tarball is really the one that we generated. In that case, the SHA sum would suffice, however that requires you to manually note it down and compare the result. With the gpg signature, that verification can be better automated.
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/fedora/rpm/build.sh14
1 files changed, 14 insertions, 0 deletions
diff --git a/contrib/fedora/rpm/build.sh b/contrib/fedora/rpm/build.sh
index fa3aec7901..b499743c4b 100755
--- a/contrib/fedora/rpm/build.sh
+++ b/contrib/fedora/rpm/build.sh
@@ -21,6 +21,8 @@
# SOURCE_CONFIG_CONNECTIVITY_FEDORA=
# SOURCE_CONFIG_CONNECTIVITY_REDHAT=
# SOURCE_SYSCTL_RP_FILTER_REDHAT=
+# SIGN_SOURCE=
+# DO_RELEASE=
die() {
echo "$*" >&2
@@ -107,6 +109,8 @@ USERNAME="${USERNAME:-"$(git config user.name) <$(git config user.email)>"}"
SPECFILE="$(abs_path "$SPECFILE" "$SCRIPTDIR/NetworkManager.spec")" || die "invalid \$SPECFILE argument"
SOURCE_FROM_GIT="$(coerce_bool "$SOURCE_FROM_GIT" "")"
SOURCE="$(abs_path "$SOURCE")" || die "invalid \$SOURCE argument"
+DO_RELEASE="$(coerce_bool "$DO_RELEASE" "0")"
+SIGN_SOURCE="$(coerce_bool "$SIGN_SOURCE" "$DO_RELEASE")"
if [ -n "$SOURCE" ]; then
[[ "$SOURCE_FROM_GIT" == 1 ]] && die "Cannot set both \$SOURCE and \$SOURCE_FROM_GIT=1"
SOURCE_FROM_GIT=0
@@ -143,6 +147,8 @@ LOG "COMMIT=$COMMIT"
LOG "USERNAME=$USERNAME"
LOG "SPECFILE=$SPECFILE"
LOG "SOURCE=$SOURCE"
+LOG "SIGN_SOURCE=$SIGN_SOURCE"
+LOG "DO_RELEASE=$DO_RELEASE"
LOG "SOURCE_FROM_GIT=$SOURCE_FROM_GIT"
LOG "SOURCE_NETWORKMANAGER_CONF=$SOURCE_NETWORKMANAGER_CONF"
LOG "SOURCE_CONFIG_SERVER=$SOURCE_CONFIG_SERVER"
@@ -198,6 +204,13 @@ esac
rpmbuild --define "_topdir $TEMP" $RPM_BUILD_OPTION "$TEMPSPEC" $NM_RPMBUILD_ARGS || die "ERROR: rpmbuild FAILED"
+LS_EXTRA=()
+
+if [ "$SIGN_SOURCE" = 1 ]; then
+ gpg --output "$SOURCE.sig" --armor --detach-sig "$SOURCE" || die "ERROR: failure to sign $SOURCE"
+ LS_EXTRA+=("$SOURCE.sig")
+fi
+
ln -snf "$TEMPBASE" ./latest
TEMP_LATEST="$(readlink -f .)"/latest
@@ -211,6 +224,7 @@ LOG "Result:"
ls -dla \
"$TEMP_LATEST" \
"$SOURCE" \
+ "${LS_EXTRA[@]}" \
"$(dirname "$TEMP_LATEST")/$TEMPBASE/" \
"$TEMP_LATEST"/RPMS/*/ \
"$TEMP_LATEST"/RPMS/*/*.rpm \
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 22:04:48 +0000