system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-20 17:55:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

build: optionally sign source tarball in build.sh script

Browse source 
This defaults to $DO_RELEASE. In that case, the script will also GPG sign
the source tarball.

The purpose is that when we do a release we want to ensure that the
published tarball is really the one that we generated. In that case,
the SHA sum would suffice, however that requires you to manually note
it down and compare the result. With the gpg signature, that
verification can be better automated.
This commit is contained in:
Thomas Haller 2020-06-04 11:18:42 +02:00
parent 0ac05a3faa
commit bbb95c979e
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
contrib/fedora/rpm/build.sh
View file

@ -21,6 +21,8 @@
# SOURCE_CONFIG_CONNECTIVITY_FEDORA=
# SOURCE_CONFIG_CONNECTIVITY_REDHAT=
# SOURCE_SYSCTL_RP_FILTER_REDHAT=
# SIGN_SOURCE=
# DO_RELEASE=
die() {
echo "$*" >&2
@ -107,6 +109,8 @@ USERNAME="${USERNAME:-"$(git config user.name) <$(git config user.email)>"}"
SPECFILE="$(abs_path "$SPECFILE" "$SCRIPTDIR/NetworkManager.spec")" || die "invalid \$SPECFILE argument"
SOURCE_FROM_GIT="$(coerce_bool "$SOURCE_FROM_GIT" "")"
SOURCE="$(abs_path "$SOURCE")" || die "invalid \$SOURCE argument"
DO_RELEASE="$(coerce_bool "$DO_RELEASE" "0")"
SIGN_SOURCE="$(coerce_bool "$SIGN_SOURCE" "$DO_RELEASE")"
if [ -n "$SOURCE" ]; then
[[ "$SOURCE_FROM_GIT" == 1 ]] && die "Cannot set both \$SOURCE and \$SOURCE_FROM_GIT=1"
SOURCE_FROM_GIT=0
@ -143,6 +147,8 @@ LOG "COMMIT=$COMMIT"
LOG "USERNAME=$USERNAME"
LOG "SPECFILE=$SPECFILE"
LOG "SOURCE=$SOURCE"
LOG "SIGN_SOURCE=$SIGN_SOURCE"
LOG "DO_RELEASE=$DO_RELEASE"
LOG "SOURCE_FROM_GIT=$SOURCE_FROM_GIT"
LOG "SOURCE_NETWORKMANAGER_CONF=$SOURCE_NETWORKMANAGER_CONF"
LOG "SOURCE_CONFIG_SERVER=$SOURCE_CONFIG_SERVER"
@ -198,6 +204,13 @@ esac
rpmbuild --define "_topdir $TEMP" $RPM_BUILD_OPTION "$TEMPSPEC" $NM_RPMBUILD_ARGS || die "ERROR: rpmbuild FAILED"
LS_EXTRA=()
if [ "$SIGN_SOURCE" = 1 ]; then
gpg --output "$SOURCE.sig" --armor --detach-sig "$SOURCE" || die "ERROR: failure to sign $SOURCE"
LS_EXTRA+=("$SOURCE.sig")
fi
ln -snf "$TEMPBASE" ./latest
TEMP_LATEST="$(readlink -f .)"/latest
@ -211,6 +224,7 @@ LOG "Result:"
ls -dla \
"$TEMP_LATEST" \
"$SOURCE" \
"${LS_EXTRA[@]}" \
"$(dirname "$TEMP_LATEST")/$TEMPBASE/" \
"$TEMP_LATEST"/RPMS/*/ \
"$TEMP_LATEST"/RPMS/*/*.rpm \