From 55a977f2a4dcda32f01dab3bb673d808e9d3f3c6 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Mon, 15 Aug 2016 15:30:56 +0200 Subject: Optionally create GPG signature for generated tarball If the gpg tool is found in the PATH and a key exists for Swift's signing identity, package.sh will generated a GPG signature (.asc) file alongside the tarball. Test-Information: Created a new GPG key with Swift's signing identity, ran package.sh script and correctly verified the generated signature with GPG. Tested both with and without --nosign flag. Tested on Debian 8.5 with GPG 1.4.18. Change-Id: I7e6c8b6a7c900b68e53ece97a59eba33a2de565d diff --git a/Swift/Packaging/Source/package.sh b/Swift/Packaging/Source/package.sh index 16a9a1f..3872b35 100755 --- a/Swift/Packaging/Source/package.sh +++ b/Swift/Packaging/Source/package.sh @@ -3,9 +3,13 @@ ## For a Swiften-only tarball, try ## EXCLUDE_FOLDERS="Swift Sluift Limber Slimber" ./package.sh +## This script will require GPG and a suitable signing key by default. +## To disable tarball signature generation, pass the --nosign parameter to package.sh. + export PYTHONPATH=../../../BuildTools/SCons VERSION=`../../../BuildTools/GetBuildVersion.py swift` DIRNAME=swift-$VERSION +FIRST_ARGUMENT=$1 if [ -z "$VERSION" ]; then echo "Unable to determine version" @@ -40,3 +44,20 @@ done echo "Creating tarball ..." $TAR -czf $DIRNAME.tar.gz --owner=swift --group=swift $DIRNAME + +if [ "$FIRST_ARGUMENT" != "--nosign" ]; then + echo "Creating armored GPG signature ..." + which gpg + if [ $? -eq 0 ]; then + gpg --list-keys packages@swift.im + if [ $? -eq 0 ]; then + gpg --armor --default-key packages@swift.im --detach-sign $DIRNAME.tar.gz + else + echo "Key for packages@swift.im missing. Not signing tar archive." + exit 1 + fi + else + echo "GPG not found. Not signing tar archive." + exit 1 + fi +fi \ No newline at end of file -- cgit v0.10.2-6-g49f6