diff options
author | Philipp Deppenwiese <zaolin@das-labor.org> | 2016-09-08 22:35:48 +0200 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-09-09 23:39:42 +0200 |
commit | 6e4204a0d196615ebb19d6f03f2eff2307bd6380 (patch) | |
tree | 4d7f301425e2dd3c32cd3dfe03c2f34eaad05dce /util/release/build-release | |
parent | 55a54f662e2e793306dc7003afbcb82b49db0a8c (diff) |
util/release: Add support for signed tags and releases
* Add gpg key command-line parameter for signing.
* Add username command-line parameter for secure ssh clone.
* Tag and releases are signed.
* Generates ascii amored signature files.
Change-Id: I41347a85145dd0389e3b69939497fb8543db4996
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/16553
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Diffstat (limited to 'util/release/build-release')
-rwxr-xr-x | util/release/build-release | 43 |
1 files changed, 31 insertions, 12 deletions
diff --git a/util/release/build-release b/util/release/build-release index f09f5b284a..d13e0388f4 100755 --- a/util/release/build-release +++ b/util/release/build-release @@ -1,21 +1,40 @@ #!/bin/bash -# $1: new version name -# $2: commit id (if not master) +# ${VERSION_NAME}: new version name +# ${GPG_KEY_ID}: gpg key id (if not don't sign) +# ${USERNAME}: username (if not default to https) +# ${COMMIT_ID}: commit id (if not master) +VERSION_NAME=${1} +COMMIT_ID=${2} +USERNAME=${3} +GPG_KEY_ID=${4} + set -e -if [ -z "$1" ]; then - echo "usage: $0 version [commit id]" +if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then + echo "usage: $0 <version> [commit id] [gpg key id] [username]" echo "tags a new coreboot version and creates a tar archive" exit 1 fi -git clone --recurse-submodules http://review.coreboot.org/coreboot.git coreboot-$1 -cd coreboot-$1 -if [ -n "$2" ]; then - git reset --hard $2 +if [ -n "${USERNAME}" ]; then + git clone --recurse-submodules ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git coreboot-${VERSION_NAME} +else + git clone --recurse-submodules https://review.coreboot.org/coreboot.git coreboot-${VERSION_NAME} +fi +cd coreboot-${VERSION_NAME} +if [ -n "${COMMIT_ID}" ]; then + git reset --hard ${COMMIT_ID} fi git submodule update --init --checkout -git tag -a --force $1 -m "coreboot version $1" -printf "$1-$(git log --pretty=%H|head -1)\n" > .coreboot-version +if [ -n "${GPG_KEY_ID}" ]; then + git tag -a -s -u ${GPG_KEY_ID} --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}" +else + git tag -a --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}" +fi +printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version tstamp=$(git log --pretty=format:%ci -1) cd .. -tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${1}/3rdparty/blobs -cvf - coreboot-${1} |xz -9 > coreboot-${1}.tar.xz -tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${1}/3rdparty/blobs |xz -9 > coreboot-blobs-${1}.tar.xz +tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz +tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz +if [ -n "${GPG_KEY_ID}" ]; then + gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz + gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz +fi |