[coreboot-gerrit] Patch set updated for coreboot: util/release: Add support for signed tags and releases
Philipp Deppenwiese (zaolin.daisuki@googlemail.com)
gerrit at coreboot.org
Thu Sep 8 22:39:21 CEST 2016
Philipp Deppenwiese (zaolin.daisuki at googlemail.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16553
-gerrit
commit 9a2362fb90921521d897a1644a55c1153ba8c036
Author: Philipp Deppenwiese <zaolin at das-labor.org>
Date: Thu Sep 8 22:35:48 2016 +0200
util/release: Add support for signed tags and releases
* Add gpg key command-line parameter for signing.
* Add username command-line parameter for secure ssh clone.
* Tag and releases are signed.
* Generates ascii amored signature files.
Change-Id: I41347a85145dd0389e3b69939497fb8543db4996
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
util/release/build-release | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/util/release/build-release b/util/release/build-release
index f09f5b2..5f68332 100755
--- a/util/release/build-release
+++ b/util/release/build-release
@@ -1,21 +1,29 @@
#!/bin/bash
# $1: new version name
-# $2: commit id (if not master)
+# $2: gpg key id
+# $3: username (if not default to $USER)
+# $4: commit id (if not master)
set -e
-if [ -z "$1" ]; then
- echo "usage: $0 version [commit id]"
+if [ -z "$2" ]; then
+ echo "usage: $0 version gpg-key-id [username] [commit id]"
echo "tags a new coreboot version and creates a tar archive"
exit 1
fi
-git clone --recurse-submodules http://review.coreboot.org/coreboot.git coreboot-$1
+if [ -n "$3" ]; then
+ git clone --recurse-submodules ssh://$USER@review.coreboot.org:29418/coreboot.git coreboot-$1
+else
+ git clone --recurse-submodules ssh://$3@review.coreboot.org:29418/coreboot.git coreboot-$1
+fi
cd coreboot-$1
-if [ -n "$2" ]; then
- git reset --hard $2
+if [ -n "$4" ]; then
+ git reset --hard $4
fi
git submodule update --init --checkout
-git tag -a --force $1 -m "coreboot version $1"
+git tag -a -s -u $2 --force $1 -m "coreboot version $1"
printf "$1-$(git log --pretty=%H|head -1)\n" > .coreboot-version
tstamp=$(git log --pretty=format:%ci -1)
cd ..
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${1}/3rdparty/blobs -cvf - coreboot-${1} |xz -9 > coreboot-${1}.tar.xz
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${1}/3rdparty/blobs |xz -9 > coreboot-blobs-${1}.tar.xz
+gpg2 --armor --local-user $2 --output coreboot-${1}.tar.xz.sig --detach-sig coreboot-${1}.tar.xz
+gpg2 --armor --local-user $2 --output coreboot-blobs-${1}.tar.xz.sig --detach-sig coreboot-blobs-${1}.tar.xz
More information about the coreboot-gerrit
mailing list