On 05/20/14 01:49 PM, Stephen Kitt wrote:
Hi,
Peter Hutterer suggested I send this here; it's a patch to add gpg signing to
release.sh, both for the git tag and the generated tarballs.
This version tries to use gpg unconditionnally, it might be more useful with
a parameter to switch the behaviour...
Thanks for doing this - we keep talking about it, but never got the changes
made.
I'd modified my copy locally to add -m to the git tag flags a couple months ago,
and that seems to have worked fine for me for the few releases I've done since
then.
The only problem I see with this patch for me is that on the systems I use
(Solaris 12.0 & 11.x development branches) GnuPG 2.x is installed as gpg2,
not gpg, so would appreciate having some way to override the exact path.
So I dropped my patch, applied yours, and tweaked it to allow setting the GPG
path, and it seemed to work fine for the xcursorgen release I just pushed, so
there are now xcursorgen-1.0.6.tar.bz2.sig & xcursorgen-1.0.6.tar.gz.sig files
the script uploaded alongside the released tarballs.
The one issue I did see is that I made a mistake on the first run (forgot to
push the version changing commit first), so the script aborted and re-ran, and
after re-running make distcheck to create new tarballs, I was then prompted:
File `xcursorgen-1.0.6.tar.gz.sig' exists. Overwrite? (y/N) y
File `xcursorgen-1.0.6.tar.bz2.sig' exists. Overwrite? (y/N) y
Should those files be automatically deleted after rebuilding the tarballs?
I've attached my modified form of your patch for further review/discussion.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
From 361334a313e7fd2239480438e309433e26ca8a04 Mon Sep 17 00:00:00 2001
From: Stephen Kitt <[email protected]>
Date: Tue, 20 May 2014 22:49:06 +0200
Subject: [PATCH:modular] Add gpg signing to release.sh
gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs.
Signed-off-by: Stephen Kitt <[email protected]>
Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
Signed-off-by: Alan Coopersmith <[email protected]>
---
release.sh | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/release.sh b/release.sh
index a4a725d..852299e 100755
--- a/release.sh
+++ b/release.sh
@@ -299,6 +299,10 @@ process_module() {
return 1
fi
+ [ -n "$targz" ] && $GPG -b $targz && siggz=${targz}.sig || true
+ [ -n "$tarbz2" ] && $GPG -b $tarbz2 && sigbz2=${tarbz2}.sig || true
+ [ -n "$tarxz" ] && $GPG -b $tarxz && sigxz=${tarxz}.sig || true
+
# Obtain the top commit SHA which should be the version bump
# It should not have been tagged yet (the script will do it later)
local_top_commit_sha=`git rev-list --max-count=1 HEAD`
@@ -354,7 +358,7 @@ process_module() {
else
# Tag the top commit with the tar name
if [ x"$DRY_RUN" = x ]; then
- git tag -m $tar_name $tar_name
+ git tag -s -m $tar_name $tar_name
if [ $? -ne 0 ]; then
echo "Error: unable to tag module with \"$tar_name\"."
cd $top_src
@@ -501,7 +505,7 @@ process_module() {
# Upload to host using the 'scp' remote file copy program
if [ x"$DRY_RUN" = x ]; then
echo "Info: uploading tarballs to web server:"
- scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+ scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz
$USER_NAME$hostname:$srv_path
if [ $? -ne 0 ]; then
echo "Error: the tarballs uploading failed."
cd $top_src
@@ -627,6 +631,14 @@ if [ "x$GREP" = "x" ] ; then
fi
fi
+# Find path for GnuPG v2
+if [ "x$GPG" = "x" ] ; then
+ if [ -x /usr/bin/gpg2 ] ; then
+ GPG=/usr/bin/gpg2
+ else
+ GPG=gpg
+ fi
+fi
# Set the default make tarball creation command
MAKE_DIST_CMD=distcheck
--
1.7.9.2
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
