On Sat, Jan 25, 2014 at 10:46:03 -0800, Alan Coopersmith wrote: > On 01/25/14 07:09 AM, Claus Assmann wrote: > >On Sat, Jan 25, 2014, Julien Cristau wrote: > > > >>gpg: BAD signature from "Alex Deucher <[email protected]>" > > > >Same here. > > > >>If this isn't just me, any chance to get the tarball checksums in a > >>properly signed mail? > > > >Hmm, maybe it would be a good idea to have signed tar files > >(on the server)? > > If someone can translate that into commands to add to our tarball > release script, then we can do that. There was discussion in the > past, but no one came up with a explanation of what they wanted to > see or what we needed to do for it. (I think there's even an open > bug in bugzilla still.) > Something like this (untested)?
diff --git a/release.sh b/release.sh
index a4a725d..603dd4c 100755
--- a/release.sh
+++ b/release.sh
@@ -298,6 +298,11 @@ process_module() {
cd $top_src
return 1
fi
+ signatures=""
+ for tarball in $targz $tarbz2 $tarxz; do
+ gpg --detach-sign --armor $tarball
+ signatures="$signatures ${tarball}.asc"
+ done
# Obtain the top commit SHA which should be the version bump
# It should not have been tagged yet (the script will do it later)
@@ -501,7 +506,7 @@ process_module() {
# Upload to host using the 'scp' remote file copy program
if [ x"$DRY_RUN" = x ]; then
echo "Info: uploading tarballs to web server:"
- scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+ scp $targz $tarbz2 $tarxz $signatures $USER_NAME$hostname:$srv_path
if [ $? -ne 0 ]; then
echo "Error: the tarballs uploading failed."
cd $top_src
Cheers,
Julien
signature.asc
Description: Digital signature
_______________________________________________ [email protected]: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.x.org/mailman/listinfo/xorg Your subscription address: %(user_address)s
