[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-xorg
Subject:    Re: signed tar files (was: [ANNOUNCE] xf86-video-ati 7.3.0)
From:       Julien Cristau <jcristau () debian ! org>
Date:       2014-01-25 20:30:19
Message-ID: 20140125203019.GQ4822 () betterave ! cristau ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Sat, Jan 25, 2014 at 10:46:03 -0800, Alan Coopersmith wrote:

> On 01/25/14 07:09 AM, Claus Assmann wrote:
> >On Sat, Jan 25, 2014, Julien Cristau wrote:
> >
> >>gpg: BAD signature from "Alex Deucher <alexdeucher@gmail.com>"
> >
> >Same here.
> >
> >>If this isn't just me, any chance to get the tarball checksums in a
> >>properly signed mail?
> >
> >Hmm, maybe it would be a good idea to have signed tar files
> >(on the server)?
> 
> If someone can translate that into commands to add to our tarball
> release script, then we can do that.  There was discussion in the
> past, but no one came up with a explanation of what they wanted to
> see or what we needed to do for it.  (I think there's even an open
> bug in bugzilla still.)
> 
Something like this (untested)?

diff --git a/release.sh b/release.sh
index a4a725d..603dd4c 100755
--- a/release.sh
+++ b/release.sh
@@ -298,6 +298,11 @@ process_module() {
        cd $top_src
        return 1
     fi
+    signatures=""
+    for tarball in $targz $tarbz2 $tarxz; do
+        gpg --detach-sign --armor $tarball
+        signatures="$signatures ${tarball}.asc"
+    done
 
     # Obtain the top commit SHA which should be the version bump
     # It should not have been tagged yet (the script will do it later)
@@ -501,7 +506,7 @@ process_module() {
     # Upload to host using the 'scp' remote file copy program
     if [ x"$DRY_RUN" = x ]; then
        echo "Info: uploading tarballs to web server:"
-       scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+       scp $targz $tarbz2 $tarxz $signatures $USER_NAME$hostname:$srv_path
        if [ $? -ne 0 ]; then
            echo "Error: the tarballs uploading failed."
            cd $top_src

Cheers,
Julien

["signature.asc" (application/pgp-signature)]

_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.x.org/mailman/listinfo/xorg
Your subscription address: %(user_address)s

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic