util/release: Add support for signed tags and releases

* Add gpg key command-line parameter for signing.
* Add username command-line parameter for secure ssh clone.
* Tag and releases are signed.
* Generates ascii amored signature files.

Change-Id: I41347a85145dd0389e3b69939497fb8543db4996
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/16553
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This commit is contained in:
Philipp Deppenwiese 2016-09-08 22:35:48 +02:00 committed by Martin Roth
parent 55a54f662e
commit 6e4204a0d1
1 changed files with 31 additions and 12 deletions

View File

@ -1,21 +1,40 @@
#!/bin/bash #!/bin/bash
# $1: new version name # ${VERSION_NAME}: new version name
# $2: commit id (if not master) # ${GPG_KEY_ID}: gpg key id (if not don't sign)
# ${USERNAME}: username (if not default to https)
# ${COMMIT_ID}: commit id (if not master)
VERSION_NAME=${1}
COMMIT_ID=${2}
USERNAME=${3}
GPG_KEY_ID=${4}
set -e set -e
if [ -z "$1" ]; then if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then
echo "usage: $0 version [commit id]" echo "usage: $0 <version> [commit id] [gpg key id] [username]"
echo "tags a new coreboot version and creates a tar archive" echo "tags a new coreboot version and creates a tar archive"
exit 1 exit 1
fi fi
git clone --recurse-submodules http://review.coreboot.org/coreboot.git coreboot-$1 if [ -n "${USERNAME}" ]; then
cd coreboot-$1 git clone --recurse-submodules ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git coreboot-${VERSION_NAME}
if [ -n "$2" ]; then else
git reset --hard $2 git clone --recurse-submodules https://review.coreboot.org/coreboot.git coreboot-${VERSION_NAME}
fi
cd coreboot-${VERSION_NAME}
if [ -n "${COMMIT_ID}" ]; then
git reset --hard ${COMMIT_ID}
fi fi
git submodule update --init --checkout git submodule update --init --checkout
git tag -a --force $1 -m "coreboot version $1" if [ -n "${GPG_KEY_ID}" ]; then
printf "$1-$(git log --pretty=%H|head -1)\n" > .coreboot-version git tag -a -s -u ${GPG_KEY_ID} --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}"
else
git tag -a --force ${VERSION_NAME} -m "coreboot version ${VERSION_NAME}"
fi
printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version
tstamp=$(git log --pretty=format:%ci -1) tstamp=$(git log --pretty=format:%ci -1)
cd .. cd ..
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${1}/3rdparty/blobs -cvf - coreboot-${1} |xz -9 > coreboot-${1}.tar.xz tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${1}/3rdparty/blobs |xz -9 > coreboot-blobs-${1}.tar.xz tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
if [ -n "${GPG_KEY_ID}" ]; then
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz
fi