mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-29 14:31:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #426 from marineam/sdksign

Browse Source 
bootstrap_sdk: add support for directly GPG signing SDK tarballs
This commit is contained in:
Michael Marineau 2015-06-29 10:05:54 -07:00
commit 31671c1444
2 changed files with 37 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bootstrap_sdk
View File

@ -87,7 +87,8 @@ if [[ "$STAGES" =~ stage4 ]]; then
info "SDK ready: $BUILDS/${release_name}" info "SDK ready: $BUILDS/${release_name}"
def_upload_path="${UPLOAD_ROOT}/sdk/${ARCH}/${FLAGS_version}" def_upload_path="${UPLOAD_ROOT}/sdk/${ARCH}/${FLAGS_version}"
upload_files "tarball" "${def_upload_path}" "" "$BUILDS/${release_name}" \ sign_and_upload_files "tarball" "${def_upload_path}" "" \
"$BUILDS/${release_name}" \
"$BUILDS/${release_name}.CONTENTS" "$BUILDS/${release_name}.DIGESTS" "$BUILDS/${release_name}.CONTENTS" "$BUILDS/${release_name}.DIGESTS"
upload_files "packages" "${def_upload_path}" "pkgs/" "${BINPKGS}"/* upload_files "packages" "${def_upload_path}" "pkgs/" "${BINPKGS}"/*
fi fi

53
build_library/release_util.sh
View File

@ -98,6 +98,40 @@ upload_files() {
"${local_upload_path}/${extra_upload_suffix}" "${local_upload_path}/${extra_upload_suffix}"
} }
# Identical to upload_files but GPG signs every file if enabled.
# Usage: sign_and_upload_files "file type" "${UPLOAD_ROOT}/default/path" "" files...
# arg1: file type reported via log
# arg2: default upload path, overridden by --upload_path
# arg3: upload path suffix that can't be overridden, must end in /
# argv: remaining args are files or directories to upload
sign_and_upload_files() {
[[ ${FLAGS_upload} -eq ${FLAGS_TRUE} ]] || return 0
local msg="$1"
local path="$2"
local suffix="$3"
shift 3
# Create simple GPG detached signature for all uploads.
local sigs=()
if [[ -n "${FLAGS_sign}" ]]; then
local file
for file in "$@"; do
if [[ "${file}" =~ \.(asc|gpg|sig)$ ]]; then
continue
fi
rm -f "${file}.sig"
gpg --batch --local-user "${FLAGS_sign}" \
--detach-sign "${file}" || die "gpg failed"
sigs+=( "${file}.sig" )
done
fi
upload_files "${msg}" "${path}" "${suffix}" "$@" "${sigs[@]}"
}
upload_packages() { upload_packages() {
[[ ${FLAGS_upload} -eq ${FLAGS_TRUE} ]] || return 0 [[ ${FLAGS_upload} -eq ${FLAGS_TRUE} ]] || return 0
[[ -n "${BOARD}" ]] || die "board_options.sh must be sourced first" [[ -n "${BOARD}" ]] || die "board_options.sh must be sourced first"
@ -160,26 +194,9 @@ upload_image() {
uploads+=( "${digests}.asc" ) uploads+=( "${digests}.asc" )
fi fi
# Create simple GPG detached signature for all uploads.
local sigs=()
if [[ -n "${FLAGS_sign}" ]]; then
local file
for file in "${uploads[@]}"; do
if [[ "${file}" =~ \.(asc|gpg|sig)$ ]]; then
continue
fi
rm -f "${file}.sig"
gpg --batch --local-user "${FLAGS_sign}" \
--detach-sign "${file}" || die "gpg failed"
sigs+=( "${file}.sig" )
done
fi
uploads+=( "${sigs[@]}" )
local log_msg=$(basename "$digests" .DIGESTS) local log_msg=$(basename "$digests" .DIGESTS)
local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION_STRING}" local def_upload_path="${UPLOAD_ROOT}/boards/${BOARD}/${COREOS_VERSION_STRING}"
upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}" sign_and_upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}"
} }
# Translate the configured upload URL to a download URL # Translate the configured upload URL to a download URL