util/release: make release archives reproducible

tar doesn't sort by default and takes the order of the OS which is in
most cases the order of creation. Sort by name and set influencing
environment TZ and language to be reproducible.

Change-Id: I3d043952417000d12e81353677f1ea4aa2da4fc1
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Reviewed-on: https://review.coreboot.org/16556
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
This commit is contained in:
Alexander Couzens 2016-09-09 00:05:54 +02:00 committed by Martin Roth
parent c8ae5995bb
commit 871da8e580
1 changed files with 9 additions and 2 deletions

View File

@ -9,6 +9,13 @@ USERNAME=${3}
GPG_KEY_ID=${4}
set -e
# set local + tz to be reproducible
LC_ALL=C
LANG=C
TZ=UTC
export LC_ALL LANG TZ
if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then
echo "usage: $0 <version> [commit id] [gpg key id] [username]"
echo "tags a new coreboot version and creates a tar archive"
@ -32,8 +39,8 @@ fi
printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version
tstamp=$(git log --pretty=format:%ci -1)
cd ..
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
if [ -n "${GPG_KEY_ID}" ]; then
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz