Hi, On Thu, 5 Jun 2014 10:05:15 +1000, Peter Hutterer <[email protected]> wrote: > shouldn't we fail here if creating the detached sig fails?
I'm attaching a new version which fails if gpg fails to sign for any reason. Regards, Stephen
From 283b89da292ad8a5743222baf33393d964cff54b Mon Sep 17 00:00:00 2001 From: Stephen Kitt <[email protected]> Date: Sun, 1 Jun 2014 14:46:01 +0200 Subject: [PATCH util/modular] Add gpg signing to release.sh gpg-sign the git tag and the generated tarballs, and upload the signatures along with the tarballs. Any existing tarball signatures are removed beforehand. Signed-off-by: Stephen Kitt <[email protected]> Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris. Signed-off-by: Alan Coopersmith <[email protected]> --- release.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/release.sh b/release.sh index a4a725d..6389bc6 100755 --- a/release.sh +++ b/release.sh @@ -193,6 +193,29 @@ process_modules() { } #------------------------------------------------------------------------------ +# Function: sign_or_fail +#------------------------------------------------------------------------------ +# +# Sign the given file, if any +# Output the name of the signature generated to stdout (all other output to +# stderr) +# Return 0 on success, 1 on fail +# +sign_or_fail() { + if [ -n "$1" ]; then + sig=$1.sig + rm -f $sig + $GPG -b $1 1>&2 + if [ $? -ne 0 ]; then + echo "Error: failed to sign $1." >&2 + return 1 + fi + echo $sig + fi + return 0 +} + +#------------------------------------------------------------------------------ # Function: process_module #------------------------------------------------------------------------------ # Code 'return 0' on success to process the next module @@ -299,6 +322,19 @@ process_module() { return 1 fi + gpgsignerr=0 + siggz="$(sign_or_fail ${targz})" + gpgsignerr=$((${gpgsignerr} + $?)) + sigbz2="$(sign_or_fail ${tarbz2})" + gpgsignerr=$((${gpgsignerr} + $?)) + sigxz="$(sign_or_fail ${tarxz})" + gpgsignerr=$((${gpgsignerr} + $?)) + if [ ${gpgsignerr} -ne 0 ]; then + echo "Error: unable to sign at least one of the tarballs." + cd $top_src + return 1 + fi + # Obtain the top commit SHA which should be the version bump # It should not have been tagged yet (the script will do it later) local_top_commit_sha=`git rev-list --max-count=1 HEAD` @@ -354,7 +390,7 @@ process_module() { else # Tag the top commit with the tar name if [ x"$DRY_RUN" = x ]; then - git tag -m $tar_name $tar_name + git tag -s -m $tar_name $tar_name if [ $? -ne 0 ]; then echo "Error: unable to tag module with \"$tar_name\"." cd $top_src @@ -501,7 +537,7 @@ process_module() { # Upload to host using the 'scp' remote file copy program if [ x"$DRY_RUN" = x ]; then echo "Info: uploading tarballs to web server:" - scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path + scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz $USER_NAME$hostname:$srv_path if [ $? -ne 0 ]; then echo "Error: the tarballs uploading failed." cd $top_src @@ -627,6 +663,14 @@ if [ "x$GREP" = "x" ] ; then fi fi +# Find path for GnuPG v2 +if [ "x$GPG" = "x" ] ; then + if [ -x /usr/bin/gpg2 ] ; then + GPG=/usr/bin/gpg2 + else + GPG=gpg + fi +fi # Set the default make tarball creation command MAKE_DIST_CMD=distcheck -- 2.0.0.rc2
signature.asc
Description: PGP signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
