mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-14 12:05:03 +00:00
build: optionally sign source tarball in build.sh script
This defaults to $DO_RELEASE. In that case, the script will also GPG sign the source tarball. The purpose is that when we do a release we want to ensure that the published tarball is really the one that we generated. In that case, the SHA sum would suffice, however that requires you to manually note it down and compare the result. With the gpg signature, that verification can be better automated.
This commit is contained in:
parent
0ac05a3faa
commit
bbb95c979e
|
@ -21,6 +21,8 @@
|
|||
# SOURCE_CONFIG_CONNECTIVITY_FEDORA=
|
||||
# SOURCE_CONFIG_CONNECTIVITY_REDHAT=
|
||||
# SOURCE_SYSCTL_RP_FILTER_REDHAT=
|
||||
# SIGN_SOURCE=
|
||||
# DO_RELEASE=
|
||||
|
||||
die() {
|
||||
echo "$*" >&2
|
||||
|
@ -107,6 +109,8 @@ USERNAME="${USERNAME:-"$(git config user.name) <$(git config user.email)>"}"
|
|||
SPECFILE="$(abs_path "$SPECFILE" "$SCRIPTDIR/NetworkManager.spec")" || die "invalid \$SPECFILE argument"
|
||||
SOURCE_FROM_GIT="$(coerce_bool "$SOURCE_FROM_GIT" "")"
|
||||
SOURCE="$(abs_path "$SOURCE")" || die "invalid \$SOURCE argument"
|
||||
DO_RELEASE="$(coerce_bool "$DO_RELEASE" "0")"
|
||||
SIGN_SOURCE="$(coerce_bool "$SIGN_SOURCE" "$DO_RELEASE")"
|
||||
if [ -n "$SOURCE" ]; then
|
||||
[[ "$SOURCE_FROM_GIT" == 1 ]] && die "Cannot set both \$SOURCE and \$SOURCE_FROM_GIT=1"
|
||||
SOURCE_FROM_GIT=0
|
||||
|
@ -143,6 +147,8 @@ LOG "COMMIT=$COMMIT"
|
|||
LOG "USERNAME=$USERNAME"
|
||||
LOG "SPECFILE=$SPECFILE"
|
||||
LOG "SOURCE=$SOURCE"
|
||||
LOG "SIGN_SOURCE=$SIGN_SOURCE"
|
||||
LOG "DO_RELEASE=$DO_RELEASE"
|
||||
LOG "SOURCE_FROM_GIT=$SOURCE_FROM_GIT"
|
||||
LOG "SOURCE_NETWORKMANAGER_CONF=$SOURCE_NETWORKMANAGER_CONF"
|
||||
LOG "SOURCE_CONFIG_SERVER=$SOURCE_CONFIG_SERVER"
|
||||
|
@ -198,6 +204,13 @@ esac
|
|||
|
||||
rpmbuild --define "_topdir $TEMP" $RPM_BUILD_OPTION "$TEMPSPEC" $NM_RPMBUILD_ARGS || die "ERROR: rpmbuild FAILED"
|
||||
|
||||
LS_EXTRA=()
|
||||
|
||||
if [ "$SIGN_SOURCE" = 1 ]; then
|
||||
gpg --output "$SOURCE.sig" --armor --detach-sig "$SOURCE" || die "ERROR: failure to sign $SOURCE"
|
||||
LS_EXTRA+=("$SOURCE.sig")
|
||||
fi
|
||||
|
||||
ln -snf "$TEMPBASE" ./latest
|
||||
TEMP_LATEST="$(readlink -f .)"/latest
|
||||
|
||||
|
@ -211,6 +224,7 @@ LOG "Result:"
|
|||
ls -dla \
|
||||
"$TEMP_LATEST" \
|
||||
"$SOURCE" \
|
||||
"${LS_EXTRA[@]}" \
|
||||
"$(dirname "$TEMP_LATEST")/$TEMPBASE/" \
|
||||
"$TEMP_LATEST"/RPMS/*/ \
|
||||
"$TEMP_LATEST"/RPMS/*/*.rpm \
|
||||
|
|
Loading…
Reference in a new issue