about summary refs log tree commit diff
path: root/build-release.sh
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@gmail.com>2017-08-22T16·37+0200
committerVincent Ambo <tazjin@gmail.com>2017-08-22T16·41+0200
commite8cfa9c1199a493c739408da8666c1b71a79f2e4 (patch)
tree23d1323c8cbadb6ce5f8f2b56c6e8725ee400efe /build-release.sh
parenta9c450c5a33a3e410377e1fde21c45e2db6bf51c (diff)
refactor build: Keep GPG-signatures outside of tarballs
Instead of signing the binary and adding the signature in the release
tarball, keep the GPG-signatures *outside* of the tarball.

This makes it easier to use the built-in GPG-signature verification
features of package managers such as pacman.
Diffstat (limited to 'build-release.sh')
-rwxr-xr-xbuild-release.sh14
1 files changed, 7 insertions, 7 deletions
diff --git a/build-release.sh b/build-release.sh
index 0109cace73f2..9fd11d961f8a 100755
--- a/build-release.sh
+++ b/build-release.sh
@@ -35,15 +35,15 @@ function sign-for() {
     local os="${1}"
     local arch="${2}"
     local target="release/${os}/${arch}"
-    local bin="${target}/kontemplate"
-    local hash="$(sha256sum ${bin})"
+    local bin=$(binary-name "${os}" "${target}")
     local tar="release/kontemplate-${VERSION}-${os}-${arch}.tar.gz"
 
-    echo "Signing kontemplate binary for ${os}-${arch} with SHA256 ${hash}"
-    gpg --sign "${bin}"
-
     echo "Packing release into ${tar}"
-    tar czvf "${tar}" -C "${target}" kontemplate kontemplate.gpg
+    tar czvf "${tar}" -C "${target}" $(basename "${bin}")
+
+    local hash=$(sha256sum "${tar}")
+    echo "Signing kontemplate release tarball for ${os}-${arch} with SHA256 ${hash}"
+    gpg --armor --detach-sig --sign "${tar}"
 }
 
 case "${1}" in
@@ -56,7 +56,7 @@ case "${1}" in
         exit 0
         ;;
     "sign")
-        # Sign releases:
+        # Bundle and sign releases:
         sign-for "linux" "amd64"
         sign-for "darwin" "amd64"
         sign-for "windows" "amd64"