Merge pull request #230 from marineam/gpg

feat(release_util): Add support for signing individual file uploads.
2025-08-19 05:21:23 +02:00 · 2014-04-18 20:27:35 -07:00 · 2014-04-18 20:27:35 -07:00 · a4f56f942c
commit a4f56f942c
parent e9896acc29 e02f49b410
1 changed files with 19 additions and 0 deletions
--- a/build_library/release_util.sh
+++ b/build_library/release_util.sh
@ -21,6 +21,8 @@ DEFINE_string upload_root "${COREOS_UPLOAD_ROOT}" \
  "Upload prefix, board/version/etc will be appended. Must be a gs:// URL."
 DEFINE_string upload_path "" \
  "Full upload path, overrides --upload_root. Must be a full gs:// URL."
 DEFINE_string sign "" \
  "Sign all files to be uploaded with the given GPG key."
 DEFINE_string sign_digests "" \
  "Sign image DIGESTS files with the given GPG key."
@ -151,6 +153,23 @@ upload_image() {
      uploads+=( "${digests}.asc" )
    fi
    # Create simple GPG detached signature for all uploads.
    local sigs=()
    if [[ -n "${FLAGS_sign}" ]]; then
        local file
        for file in "${uploads[@]}"; do
            if [[ "${file}" =~ \.(asc|gpg|sig)$ ]]; then
                continue
            fi
            rm -f "${file}.sig"
            gpg --batch --local-user "${FLAGS_sign}" \
                --detach-sign "${file}" || die "gpg failed"
            sigs+=( "${file}.sig" )
        done
    fi
    uploads+=( "${sigs[@]}" )
    local log_msg=$(basename "$digests" .DIGESTS)
    local def_upload_path="${UPLOAD_ROOT}/${BOARD}/${COREOS_VERSION_STRING}"
    upload_files "${log_msg}" "${def_upload_path}" "" "${uploads[@]}"