Commit90e69df

committed

chore: add comments and invoke the sign_with_gpg.sh script from publish.sh

1 parente80259c commit90e69dfCopy full SHA for 90e69df

File tree

-23

lines changed

-23

lines changed

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,9 @@`
`20`	`20`	`# binary will be signed using ./sign_darwin.sh. Read that file for more details`
`21`	`21`	`# on the requirements.`
`22`	`22`	`#`
	`23`	`+# If the --sign-gpg parameter is specified, the output binary will be signed using ./sign_with_gpg.sh.`
	`24`	`+# Read that file for more details on the requirements.`
	`25`	`+#`
`23`	`26`	`# If the --agpl parameter is specified, builds only the AGPL-licensed code (no`
`24`	`27`	`# Coder enterprise features).`
`25`	`28`	`#`

Lines changed: 2 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -129,26 +129,9 @@ if [[ "$dry_run" == 0 ]] && [[ "${CODER_GPG_RELEASE_KEY_BASE64:-}" != "" ]]; the`
`129`	`129`	`log"--- Signing checksums file"`
`130`	`130`	`log`
`131`	`131`
`132`		`-# Import the GPG key.`
`133`		`-old_gnupg_home="${GNUPGHOME:-}"`
`134`		`-gnupg_home_temp="$(mktemp -d)"`
`135`		`-export GNUPGHOME="$gnupg_home_temp"`
`136`		`-echo"$CODER_GPG_RELEASE_KEY_BASE64"\| base64 -d\| gpg --import1>&2`
`137`		`-`
`138`		`-# Sign the checksums file. This generates a file in the same directory and`
`139`		`-# with the same name as the checksums file but ending in ".asc".`
`140`		`-#`
`141`		-# We pipe `true` into `gpg` so that it never tries to be interactive (i.e.
`142`		`-# ask for a passphrase). The key we import above is not password protected.`
`143`		`-true\| gpg --detach-sign --armor"${temp_dir}/${checksum_file}"1>&2`
`144`		`-`
`145`		`-rm -rf"$gnupg_home_temp"`
`146`		`-unset GNUPGHOME`
`147`		`-if [["$old_gnupg_home"!="" ]];then`
`148`		`-export GNUPGHOME="$old_gnupg_home"`
`149`		`-fi`
`150`		`-`
	`132`	`+execrelative ../sign_with_gpg.sh"$checksum_file"`
`151`	`133`	`signed_checksum_path="${temp_dir}/${checksum_file}.asc"`
	`134`	`+`
`152`	`135`	`if [[!-e"$signed_checksum_path" ]];then`
`153`	`136`	`log"Signed checksum file not found:${signed_checksum_path}"`
`154`	`137`	`log`

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`#`
`6`	`6`	`# Usage: ./sign_with_gpg.sh path/to/binary`
`7`	`7`	`#`
`8`		`-# On success, the input file will be signed using the GPG key.`
	`8`	`+# On success, the input file will be signed using the GPG key and the signature output file will moved to /site/out/bin/ (happens in the Makefile)`
`9`	`9`	`#`
`10`	`10`	`# Depends on the GPG utility. Requires the following environment variables to be set:`
`11`	`11`	`# - $CODER_GPG_RELEASE_KEY_BASE64: The base64 encoded private key to use.`
`@@ -20,12 +20,10 @@ FILE_TO_SIGN="$1"`
`20`	`20`
`21`	`21`	`if [[-z"$FILE_TO_SIGN" ]];then`
`22`	`22`	`echo"Usage:$0 <file_to_sign>"`
`23`		`-exit 1`
`24`	`23`	`fi`
`25`	`24`
`26`	`25`	`if [[!-f"$FILE_TO_SIGN" ]];then`
`27`	`26`	`echo"File not found:$FILE_TO_SIGN"`
`28`		`-exit 1`
`29`	`27`	`fi`
`30`	`28`
`31`	`29`	`# Import the GPG key.`
`@@ -58,5 +56,4 @@ if [[ $verification_result -eq 0 ]]; then`
`58`	`56`	`echo"${FILE_TO_SIGN}.asc"`
`59`	`57`	`else`
`60`	`58`	`echo"Signature verification failed!">&2`
`61`		`-exit 1`
`62`	`59`	`fi`

Comments

(0)