Philipp Deppenwiese (zaolin.daisuki@googlemail.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16553
-gerrit
commit 107a024f18644ab28a990e7d234424fcf6aaca04 Author: Philipp Deppenwiese zaolin@das-labor.org Date: Thu Sep 8 22:35:48 2016 +0200
util/release: Add support for signed tags and releases
* Add gpg key command-line parameter for signing. * Add username command-line parameter for secure ssh clone. * Tag and releases are signed. * Generates ascii amored signature files.
Change-Id: I41347a85145dd0389e3b69939497fb8543db4996 Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org --- util/release/build-release | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/util/release/build-release b/util/release/build-release index f09f5b2..5c72445 100755 --- a/util/release/build-release +++ b/util/release/build-release @@ -1,21 +1,35 @@ #!/bin/bash # $1: new version name -# $2: commit id (if not master) +# $2: gpg key id (if not don't sign) +# $3: username (if not default to $USER) +# $4: commit id (if not master) set -e -if [ -z "$1" ]; then - echo "usage: $0 version [commit id]" +if [ -z "$1" ] || [ "$1" = "--help" ]; then + echo "usage: $0 <version> [gpg key id] [username] [commit id]" echo "tags a new coreboot version and creates a tar archive" exit 1 fi -git clone --recurse-submodules http://review.coreboot.org/coreboot.git coreboot-$1 +if [ -n "$3" ]; then + git clone --recurse-submodules ssh://$3@review.coreboot.org:29418/coreboot.git coreboot-$1 +else + git clone --recurse-submodules ssh://$USER@review.coreboot.org:29418/coreboot.git coreboot-$1 +fi cd coreboot-$1 -if [ -n "$2" ]; then - git reset --hard $2 +if [ -n "$4" ]; then + git reset --hard $4 fi git submodule update --init --checkout -git tag -a --force $1 -m "coreboot version $1" +if [ -n "$2" ]; then + git tag -a -s -u $2 --force $1 -m "coreboot version $1" +else + git tag -a --force $1 -m "coreboot version $1" +fi printf "$1-$(git log --pretty=%H|head -1)\n" > .coreboot-version tstamp=$(git log --pretty=format:%ci -1) cd .. tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${1}/3rdparty/blobs -cvf - coreboot-${1} |xz -9 > coreboot-${1}.tar.xz tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${1}/3rdparty/blobs |xz -9 > coreboot-blobs-${1}.tar.xz +if [ -n "$2" ]; then + gpg2 --armor --local-user $2 --output coreboot-${1}.tar.xz.sig --detach-sig coreboot-${1}.tar.xz + gpg2 --armor --local-user $2 --output coreboot-blobs-${1}.tar.xz.sig --detach-sig coreboot-blobs-${1}.tar.xz +fi