Merge pull request #426 from marineam/sdksign

bootstrap_sdk: add support for directly GPG signing SDK tarballs
2025-11-28 22:12:10 +01:00 · 2015-06-29 10:05:54 -07:00 · 2015-06-29 10:05:54 -07:00 · 31671c1444
commit 31671c1444
parent b38b214254 5789c6bbbf
2 changed files with 37 additions and 19 deletions
--- a/3
+++ b/3
@ -87,7 +87,8 @@ if [[ "$STAGES" =~ stage4 ]]; then
    info "SDK ready: $BUILDS/${release_name}"

    def_upload_path="${UPLOAD_ROOT}/sdk/${ARCH}/${FLAGS_version}"
-    upload_files "tarball" "${def_upload_path}" "" "$BUILDS/${release_name}" \
+    sign_and_upload_files "tarball" "${def_upload_path}" "" \
+        "$BUILDS/${release_name}" \
        "$BUILDS/${release_name}.CONTENTS" "$BUILDS/${release_name}.DIGESTS"
    upload_files "packages" "${def_upload_path}" "pkgs/" "${BINPKGS}"/*
 fi
--- a/build_library/release_util.sh
+++ b/build_library/release_util.sh
@ -98,6 +98,40 @@ upload_files() {
        "${local_upload_path}/${extra_upload_suffix}"
 }

+
+# Identical to upload_files but GPG signs every file if enabled.
+# Usage: sign_and_upload_files "file type" "${UPLOAD_ROOT}/default/path" "" files...
+#  arg1: file type reported via log
+#  arg2: default upload path, overridden by --upload_path
+#  arg3: upload path suffix that can't be overridden, must end in /
+#  argv: remaining args are files or directories to upload
+sign_and_upload_files() {
+    [[ ${FLAGS_upload} -eq ${FLAGS_TRUE} ]] || return 0
+
+    local msg="$1"
+    local path="$2"
+    local suffix="$3"
+    shift 3
+
+    # Create simple GPG detached signature for all uploads.
+    local sigs=()
+    if [[ -n "${FLAGS_sign}" ]]; then
+        local file
+        for file in "$@"; do
+            if [[ "${file}" =~ \.(asc|gpg|sig)$ ]]; then
+                continue
+            fi
+
+            rm -f "${file}.sig"
+            gpg --batch --local-user "${FLAGS_sign}" \
+                --detach-sign "${file}" || die "gpg failed"
+            sigs+=( "${file}.sig" )
+        done
+    fi
+
+    upload_files "${msg}" "${path}" "${suffix}" "$@" "${sigs[@]}"
+}
+
 upload_packages() {
    [[ ${FLAGS_upload} -eq ${FLAGS_TRUE} ]] || return 0
    [[ -n "${BOARD}" ]] || die "board_options.sh must be sourced first"
@ -160,26 +194,9 @@ upload_image() {
      uploads+=( "${digests}.asc" )
    fi

-    # Create simple GPG detached signature for all uploads.
-    local sigs=()
-    if [[ -n "${FLAGS_sign}" ]]; then
-        local file
-        for file in "${uploads[@]}"; do
-            if [[ "${file}" =~ \.(asc|gpg|sig)$ ]]; then
-                continue
-            fi
-
-            rm -f "${file}.sig"
-            gpg --batch --local-user "${FLAGS_sign}" \
-                --detach-sign "${file}" || die "gpg failed"
-            sigs+=( "${file}.sig" )
-        done
-    fi
-    uploads+=( "${sigs[@]}" )
-
    local log_msg=$(basename "$digests" .DIGESTS)
    local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION_STRING}"
-    upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}"
+    sign_and_upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}"
 }

 # Translate the configured upload URL to a download URL