[PATCH util/modular] Add gpg signing to release.sh

Alan Coopersmith alan.coopersmith at oracle.com
Sat May 31 16:49:56 PDT 2014

On 05/20/14 01:49 PM, Stephen Kitt wrote:
> Hi,
> Peter Hutterer suggested I send this here; it's a patch to add gpg signing to
> release.sh, both for the git tag and the generated tarballs.
> This version tries to use gpg unconditionnally, it might be more useful with
> a parameter to switch the behaviour...

Thanks for doing this - we keep talking about it, but never got the changes made.

I'd modified my copy locally to add -m to the git tag flags a couple months ago,
and that seems to have worked fine for me for the few releases I've done since

The only problem I see with this patch for me is that on the systems I use
(Solaris 12.0 & 11.x development branches) GnuPG 2.x is installed as gpg2,
not gpg, so would appreciate having some way to override the exact path.

So I dropped my patch, applied yours, and tweaked it to allow setting the GPG
path, and it seemed to work fine for the xcursorgen release I just pushed, so
there are now xcursorgen-1.0.6.tar.bz2.sig & xcursorgen-1.0.6.tar.gz.sig files
the script uploaded alongside the released tarballs.

The one issue I did see is that I made a mistake on the first run (forgot to
push the version changing commit first), so the script aborted and re-ran, and
after re-running make distcheck to create new tarballs, I was then prompted:

File `xcursorgen-1.0.6.tar.gz.sig' exists. Overwrite? (y/N) y
File `xcursorgen-1.0.6.tar.bz2.sig' exists. Overwrite? (y/N) y

Should those files be automatically deleted after rebuilding the tarballs?

I've attached my modified form of your patch for further review/discussion.

	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
From 361334a313e7fd2239480438e309433e26ca8a04 Mon Sep 17 00:00:00 2001
From: Stephen Kitt <lists at sk2.org>
Date: Tue, 20 May 2014 22:49:06 +0200
Subject: [PATCH:modular] Add gpg signing to release.sh

gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs.

Signed-off-by: Stephen Kitt <skitt at debian.org>

Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
 release.sh |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/release.sh b/release.sh
index a4a725d..852299e 100755
--- a/release.sh
+++ b/release.sh
@@ -299,6 +299,10 @@ process_module() {
 	return 1
+    [ -n "$targz" ] && $GPG -b $targz && siggz=${targz}.sig || true
+    [ -n "$tarbz2" ] && $GPG -b $tarbz2 && sigbz2=${tarbz2}.sig || true
+    [ -n "$tarxz" ] && $GPG -b $tarxz && sigxz=${tarxz}.sig || true
     # Obtain the top commit SHA which should be the version bump
     # It should not have been tagged yet (the script will do it later)
     local_top_commit_sha=`git  rev-list --max-count=1 HEAD`
@@ -354,7 +358,7 @@ process_module() {
 	# Tag the top commit with the tar name
 	if [ x"$DRY_RUN" = x ]; then
-	    git tag -m $tar_name $tar_name
+	    git tag -s -m $tar_name $tar_name
 	    if [ $? -ne 0 ]; then
 		echo "Error:  unable to tag module with \"$tar_name\"."
 		cd $top_src
@@ -501,7 +505,7 @@ process_module() {
     # Upload to host using the 'scp' remote file copy program
     if [ x"$DRY_RUN" = x ]; then
 	echo "Info: uploading tarballs to web server:"
-	scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+	scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz $USER_NAME$hostname:$srv_path
 	if [ $? -ne 0 ]; then
 	    echo "Error: the tarballs uploading failed."
 	    cd $top_src
@@ -627,6 +631,14 @@ if [ "x$GREP" = "x" ] ; then
+# Find path for GnuPG v2
+if [ "x$GPG" = "x" ] ; then
+    if [ -x /usr/bin/gpg2 ] ; then
+	GPG=/usr/bin/gpg2
+    else
+	GPG=gpg
+    fi
 # Set the default make tarball creation command

More information about the xorg-devel mailing list