signed tar files

Alan Coopersmith alan.coopersmith at oracle.com
Mon Jan 27 23:56:48 PST 2014


On 01/25/14 12:30 PM, Julien Cristau wrote:
> On Sat, Jan 25, 2014 at 10:46:03 -0800, Alan Coopersmith wrote:
>
>> On 01/25/14 07:09 AM, Claus Assmann wrote:
>>> On Sat, Jan 25, 2014, Julien Cristau wrote:
>>>
>>>> gpg: BAD signature from "Alex Deucher <alexdeucher at gmail.com>"
>>>
>>> Same here.
>>>
>>>> If this isn't just me, any chance to get the tarball checksums in a
>>>> properly signed mail?
>>>
>>> Hmm, maybe it would be a good idea to have signed tar files
>>> (on the server)?
>>
>> If someone can translate that into commands to add to our tarball
>> release script, then we can do that.  There was discussion in the
>> past, but no one came up with a explanation of what they wanted to
>> see or what we needed to do for it.  (I think there's even an open
>> bug in bugzilla still.)
>>
> Something like this (untested)?
>
> diff --git a/release.sh b/release.sh
> index a4a725d..603dd4c 100755
> --- a/release.sh
> +++ b/release.sh
> @@ -298,6 +298,11 @@ process_module() {
>          cd $top_src
>          return 1
>       fi
> +    signatures=""
> +    for tarball in $targz $tarbz2 $tarxz; do
> +        gpg --detach-sign --armor $tarball
> +        signatures="$signatures ${tarball}.asc"
> +    done
>
>       # Obtain the top commit SHA which should be the version bump
>       # It should not have been tagged yet (the script will do it later)
> @@ -501,7 +506,7 @@ process_module() {
>       # Upload to host using the 'scp' remote file copy program
>       if [ x"$DRY_RUN" = x ]; then
>          echo "Info: uploading tarballs to web server:"
> -       scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
> +       scp $targz $tarbz2 $tarxz $signatures $USER_NAME$hostname:$srv_path
>          if [ $? -ne 0 ]; then
>              echo "Error: the tarballs uploading failed."
>              cd $top_src

I guess, if that provides the output people expect/are looking for.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg mailing list