signed tar files
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jan 27 23:56:48 PST 2014
On 01/25/14 12:30 PM, Julien Cristau wrote:
> On Sat, Jan 25, 2014 at 10:46:03 -0800, Alan Coopersmith wrote:
>
>> On 01/25/14 07:09 AM, Claus Assmann wrote:
>>> On Sat, Jan 25, 2014, Julien Cristau wrote:
>>>
>>>> gpg: BAD signature from "Alex Deucher <alexdeucher at gmail.com>"
>>>
>>> Same here.
>>>
>>>> If this isn't just me, any chance to get the tarball checksums in a
>>>> properly signed mail?
>>>
>>> Hmm, maybe it would be a good idea to have signed tar files
>>> (on the server)?
>>
>> If someone can translate that into commands to add to our tarball
>> release script, then we can do that. There was discussion in the
>> past, but no one came up with a explanation of what they wanted to
>> see or what we needed to do for it. (I think there's even an open
>> bug in bugzilla still.)
>>
> Something like this (untested)?
>
> diff --git a/release.sh b/release.sh
> index a4a725d..603dd4c 100755
> --- a/release.sh
> +++ b/release.sh
> @@ -298,6 +298,11 @@ process_module() {
> cd $top_src
> return 1
> fi
> + signatures=""
> + for tarball in $targz $tarbz2 $tarxz; do
> + gpg --detach-sign --armor $tarball
> + signatures="$signatures ${tarball}.asc"
> + done
>
> # Obtain the top commit SHA which should be the version bump
> # It should not have been tagged yet (the script will do it later)
> @@ -501,7 +506,7 @@ process_module() {
> # Upload to host using the 'scp' remote file copy program
> if [ x"$DRY_RUN" = x ]; then
> echo "Info: uploading tarballs to web server:"
> - scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
> + scp $targz $tarbz2 $tarxz $signatures $USER_NAME$hostname:$srv_path
> if [ $? -ne 0 ]; then
> echo "Error: the tarballs uploading failed."
> cd $top_src
I guess, if that provides the output people expect/are looking for.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg
mailing list