summaryrefslogtreecommitdiff
path: root/util/release/build-release
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin@das-labor.org>2016-09-08 22:35:48 +0200
committerMartin Roth <martinroth@google.com>2016-09-09 23:39:42 +0200
commit6e4204a0d196615ebb19d6f03f2eff2307bd6380 (patch)
tree4d7f301425e2dd3c32cd3dfe03c2f34eaad05dce /util/release/build-release
parent55a54f662e2e793306dc7003afbcb82b49db0a8c (diff)
util/release: Add support for signed tags and releases
* Add gpg key command-line parameter for signing. * Add username command-line parameter for secure ssh clone. * Tag and releases are signed. * Generates ascii amored signature files. Change-Id: I41347a85145dd0389e3b69939497fb8543db4996 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/16553 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
Diffstat (limited to 'util/release/build-release')
-rwxr-xr-xutil/release/build-release43
1 files changed, 31 insertions, 12 deletions
diff --git a/util/release/build-release b/util/release/build-release
index f09f5b284a..d13e0388f4 100755
--- a/util/release/build-release
+++ b/util/release/build-release
@@ -1,21 +1,40 @@
#!/bin/bash
-# $1: new version name
-# $2: commit id (if not master)
+# ${VERSION_NAME}: new version name
+# ${GPG_KEY_ID}: gpg key id (if not don't sign)
+# ${USERNAME}: username (if not default to https)
+# ${COMMIT_ID}: commit id (if not master)
+VERSION_NAME=${1}
+COMMIT_ID=${2}
+USERNAME=${3}
+GPG_KEY_ID=${4}
+
set -e
-if [ -z "$1" ]; then
- echo "usage: $0 version [commit id]"
+if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then
+ echo "usage: $0 <version> [commit id] [gpg key id] [username]"
echo "tags a new coreboot version and creates a tar archive"
exit 1
fi
-git clone --recurse-submodules http://review.coreboot.org/coreboot.git coreboot-$1
-cd coreboot-$1
-if [ -n "$2" ]; then
- git reset --hard $2
+if [ -n "${USERNAME}" ]; then
+ git clone --recurse-submodules ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git coreboot-${VERSION_NAME}
+else
+ git clone --recurse-submodules https://review.coreboot.org/coreboot.git coreboot-${VERSION_NAME}
+fi
+cd coreboot-${VERSION_NAME}
+if [ -n "${COMMIT_ID}" ]; then
+ git reset --hard ${COMMIT_ID}
fi
git submodule update --init --checkout
-git tag -a --force $1 -m "coreboot version $1"
-printf "$1-$(git log --pretty=%H|head -1)\n" > .coreboot-version
+if [ -n "${GPG_KEY_ID}" ]; then
+ git tag -a -s -u ${GPG_KEY_ID} --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}"
+else
+ git tag -a --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}"
+fi
+printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version
tstamp=$(git log --pretty=format:%ci -1)
cd ..
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${1}/3rdparty/blobs -cvf - coreboot-${1} |xz -9 > coreboot-${1}.tar.xz
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${1}/3rdparty/blobs |xz -9 > coreboot-blobs-${1}.tar.xz
+tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
+tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
+if [ -n "${GPG_KEY_ID}" ]; then
+ gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz
+ gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz
+fi